PCI Solution

For Healthcare Provider Organizations

Contact Centers processing financial transactions are subjected to PCI regulations where payment details need to be securely transmitted and stored. Self-service IVR, agent desktops and the contact center infrastructure are exposed to PCI sensitive data. Historically the industry has adapted to several measures such as creating a PCI network in isolation, outsourcing IVRs to the third party, hardening the devices for agent touchpoints. While these are great options, they are not easy to implement and are not always economically feasible.

SpinSci brings a solution set that addresses these needs. Our solution will reduce the scope of PCI exposure by circumventing the network path that PCI sensitive data traverses through. Combined this with automated voice/screen recording pause & resume operations and an integrated PCI compliant IVR system will not only reduce the scope of PCI exposure but also controls the fraudulent transactions.

SpinSci Solution

SpinSci brings a one-stop solution that keeps credit card transactions away from Cisco Contact Center network, Cisco IVR and Cisco Agent desktop while the transactions are processed in Epic EHR. A high level over of the solution is described.

Network Isolation

When a Credit Card transaction is performed in a Contact Center, there are several network elements that touch the PCI sensitive data. SpinSci solution will take the credit card digits and consume them so they don’t traverse through the network elements. The diagram below is a high-level representation of network isolation:

As illustrated above, the scope of PCI exposure is now isolated to the Cisco Gateway and SpinSci SIP server as opposed to the entire network. The customer will create a safe zone for the Cisco Gateway and SpinSci SIP Server.

Agent Desktop Isolation

In its current environment, agent workflow requires patients to speak the credit card information over the phone and agents will perform the financial transaction accordingly. This would mean the PCI sensitive data is presented at the agent desktop. To avoid any PCI data flows to agent desktop, SpinSci offers a solution where patients enter credit card details on the phone as opposed to speaking them out. With the SpinSci SIP server consuming the keypress, financial transactions are conducted within the safe zone thus keeping agent desktop clear from any PCI data. Workflow steps are detailed below:

  • Patient will key in Credit card details on their end device (mobile phone or desk phone)
  • Patient entered key presses passes thru Cisco Ingress gateway to SpinSci SIP Server
  • SpinSci SIP Server will match the digits with the patient and agent session and processes the payment via Payment Gateway
  • Once the payment is processed, payment is posted to Epic directly.
  • Agent desktop will get real time feedback of the backend process so the agent is aware of the activity
  • Agent voice and screen recording is auto-paused while inside Epic payment window
Bill Pay

Bill Pay IVR provides a secure PCI compliant IVR to process payments via payment gateway and post-payment to Epic in real time.

Payment IVR:
  • Pre-packed IVR supporting DTMF and Speech NLU via Google and Amazon
  • Integrated with tokenization and payment merchants
  • Secure and PCI compliant
Epic EHR Integration:
  • Epic AppOrchard listed for auto-detecting guarantor Id based on telephone number
  • Provide a list of accounts, balance due, insurance payments, self-pay details
  • Post payments to Epic
  • Provide end to end IVR reports

Why SpinSci

The following features are included:
  • One-stop solution for PCI compliance with Cisco and Epic
  • An enterprise solution that extends outside of Contact Center
  • Easy deployment with a robust middleware architecture that is scalable to growing business needs
  • Configuration-driven with an opportunity to customize for growing business needs
  • Expand the solution to Patient Access, Transfer center, and Clinical Workflows