
Stripe Integration for Twilio Pay - dsr12
https://stripe.com/blog/phone-payments-with-twilio-pay
======
Sreyanth
I don't completely understand how they do this without exposing the DTMF tones
/ digits pressed to the carriers.

For example, when I key in my card number, my phone carrier will know it, the
routing carriers know it before it reaches Twilio. How is my card information
safe? I guess I'm missing something here.

~~~
tyingq
PCI doesn't currently consider telephones to be public networks. That's why
they are okay with fax machines sending CC details, provided they are in a
secure area and a few other non tech requirements. Not sure I agree with the
practice, but it is what it is.

~~~
Sreyanth
Never knew that. I assumed VoIP based telephony comes under PCI view.

------
zaroth
It’s not 100% clear from the documentation but it appears the card details
have to be keyed in and there’s no voice recognition mode.

It would be great to hear a demo of what <Pay> sounds like, particularly the
error handling.

I absolutely get the benefit of insulating your agents from the billing data.
Not so keen on an abrupt switch to touch-tone inputs during a call though.

~~~
usaphp
From the linked post: "when it’s time to collect the payment, the agent
activates Twilio <Pay> to let the customer enter payment info using their
keypad—agents can follow the customer’s progress, but won’t see or hear the
card details."

~~~
ElBarto
Yes, this is pretty standard.

I recently pay my home insurance's renewal that way (Europe).

However, these days many systems use voice recognition rather than having to
key in numbers. I'm guessing that this is on Twilio's roadmap.

------
klaudius
Does Stripe have payment links like Razorpay [1] ?

[1] [https://razorpay.com/payment-links/](https://razorpay.com/payment-links/)

~~~
fishsander
They don't, although you can create invoices in the dashboard if you know who
your customer is.

Alternatively, I built [https://checkoutpage.co](https://checkoutpage.co) to
create hosted payment pages for Stripe that are accessible by url, similar to
Razorpay's payment links.

------
ImJasonH
This looks pretty cool. I keep coming up with Twilio-based side projects I
want to build, but the abuse potential keeps me from actually releasing
anything useful. With this, maybe I can charge users $.0X per call minute, or
$X/month to recoup my Twilio costs.

~~~
WrtCdEvrydy
> the abuse potential

It's kinda hard to abuse recently. You can do heavy geo locking in order to
not get fucked over by abuse to other countries.

~~~
mi_lk
Do you have to do it yourself or Twilio takes care of that?

~~~
WrtCdEvrydy
Geo-locks are enabled for everything minus US and UK.

If you don't buy UK numbers, I think UK is locked down as well.

------
goguy
I worked on a very similar product a few years ago. There were a few companies
battling over patent rights for similar implementations of DTMF tone
suppression in the payment space.

Not sure what happened with that but looks like essentially the same idea
here. Always thought it was pretty niche now everyone has a browser in their
pocket.

~~~
WrtCdEvrydy
Interestingly, this might be in response to the new PCI requirements.

In the past, if you iframe'd a payment processor site, you didn't need to be
PCI compliant while the new spec requires everyone who is involved in the
process to be compliant.

I wonder if this will be the future of payment processing, just outsourcing to
Twilio and Stripe.

~~~
twunde
I've heard rumors about new PCI requirements for service providers mandating
end to end encryption of phone calls with credit card data. This would
certainly be an off the shelf solution

~~~
tyingq
There's still a lot of places doing faxes with CC details, especially in B2B.
Guess they'll have to finally ditch that.

------
paxy
This is very cool. One problem I see though is that most phone payment
transactions happen over a regular phone call vs a dedicated session started
over some IVR system. It would be very cool for businesses to be able to, say,
have a payment bot join the call and then leave once the transaction is done.

~~~
tyingq
Sounds like they addressed this.

 _" For a more personalized experience, employees can also walk customers
through an order over the phone: when it’s time to collect the payment, the
agent activates Twilio <Pay>"_

Of course, larger places have their own non-Twilio Voice PBX and lines, so I'm
not sure if this approach only works if the call originally came in via
Twilio.

------
orliesaurus
I understand the part where an agent/operator won't be able to see my details
but when I digit my credit card details into my phone, who's handling them?
Are they going to Stripe directly or is Twilio forwarding the "tones" to
Stripe? Kinda confused?!

~~~
midnightmonster
The card information is passing through Twilio to Stripe, and they've built a
version of/path through their systems that's PCI compliant for this purpose.
Tutorial shows that you have to turn on PCI Mode in your account in order to
use this.

[https://www.twilio.com/docs/voice/tutorials/how-capture-
your...](https://www.twilio.com/docs/voice/tutorials/how-capture-your-first-
payment-using-pay)

