Twilio, Stripe tackle security of phone call payments

Register now

With a rise in identity theft making consumers more reluctant to give payment card information over the phone, Kris Gutta of cloud communications provider Twilio was confident his company could help thwart potential problems for businesses accepting these types of payments.

That inspiration has resulted in the San Francisco-based company launching the coding for Twilio Pay to be part of a menu that developers can incorporate when building onto Twilio's Programmable Voice application platform. Twilio has secured the services of Stripe as a launch partner to enable businesses to accept payments over the phone through their existing Stripe account. The companies hope to complete testing this year, and make Twilio Pay public in early 2019.

"Pay has huge potential as a PCI compliant offering through the cloud that developers can use in less than a minute through just one line of code," said Gutta, senior product manager of programmable voice at Twilio.

Branded as Twilio <Pay> — with the application coding brackets in place — Gutta says the introduction of the code allows developers to add payment acceptance to contact centers that handle customer service tasks, or for businesses to integrate with other payment workflows or platforms through single clicks.

Programmable Voice applications operate within any type of phone system in which the caller can carry out tasks through verbal commands or keypad entries. For those businesses wanting to add payments, code developers can add Pay to securely include acceptance of payment card credentials as one of those tasks.

In testing Pay as an added "Twilio verb" on the company's markup language to go along with verbs like Say, Play, Dial, Record, Gather, Hangup and other phone-based tasks, a company can now accept product orders or bill payments securely and follow Payment Card Industry security standards compliance.

In doing so, a business can avoid the operational complexities of becoming PCI compliant on their own, including undergoing annual audits.

"When a customer calls a restaurant and orders food or a business to pay a previous bill and then provides information for that payment, that information is eventually forwarded from the phone to the payment processor," Gutta said. "You have to ensure that the information is transmitted and processed securely with PCI compliance."

Part of doing that calls for Twilio to capture the payment information even before it is transmitted back to customers and transfer it to the "connectors" it has for integrations to payment platforms. It also does not record the portion of a phone call in which payment information is being spoken or input through a phone keypad.

"Stripe is one of the first payment processors we are integrated with for Pay, so we pass on the payment information to Stripe on behalf of our customers," Gutta added. "Stripe processes the payment and returns that information to our customers."

When Pay is added to a Programmable Voice menu, businesses that either didn't accept payments previously or did so without full security measures in place can now have a safer option.

Twilio is not the only provider seeking more security on phone-based payments, but its partnership with Stripe can help it stand out among developers writing code for businesses using Programmable Voice, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.

"This partnership seems to be an important one to make this technology available to a wide footprint of merchants," Conroy said. "Twilio's solution appears to be developer-friendly, which in this open-API age is an important attribute to gain wider adoption."

The advancement of Twilio Pay also opens the door to better security for small businesses that may currently just be taking orders over a phone and jotting down payment credentials or inputting them into terminals not completely secure, Conroy added.

"And most of these types of businesses have no idea that they're out of compliance," she added.

In addition to securely capturing payment credentials, Pay allows a business to support a card on file for faster future payments as Twilio will tokenize that information for storage.

Twilio will charge 10 cents per successful Pay transaction at launch, and it will work through the Twilio Flex contact center platform and within the Twilio Studio application builder.

The company also announced this week it had agreed to an all-stock transaction of $2 billion to acquire SendGrid, an e-mail API platform provider. In agreeing to this deal, Twilio says it can combine the API services of SendGrid with its own cloud-based platform to better serve developers building apps for all communications channels.

For reprint and licensing requests for this article, click here.
PCI DSS Data security Payment cards