developing an ivr payment system with asterisk (astricon 2014 las vegas nevada)

Developing an IVR PaymentSystem with Asterisk

AstriCon 2014, Las Vegas, Nevada, USA.

Kayode Akintunde

Developing an IVR Payment System with Asterisk – AstriCon 2014.

Agenda

• Who am I & Who is CODEC?• IVR Technology Overview in Africa?• Why use IVR for Payment?• Architectural Overview of an IVR Payment

System.• Develop & Deploy your IVR Payment System.• Example of an IVR Payment System in

Production. • Securing your IVR Payment System.• Questions?


Who am I?

• Kayode Akintunde• Founder & CEO TheCodec Systems Ltd.• Resident in Lagos, Nigeria.• University Degree in Computer Science with

Mathematics.• Chief Architect of QuickTeller IVR System

(www.thecodecsystems.com/quickteller-ivr)• Skype: kayodea1, Twitter: @kayodea1,

Email: [email protected]


• TheCodec Systems is our Company name, basedin Lagos, Nigeria.• An Information & Communications Technology

company that specializes in Voice Solutions.• 7 years experience in Telephony. IP-PBX

Systems, Contact Centre Solutions, CustomisedWeb Services/Database Driven IVR Systems.• [email protected] or

facebook.com/TheCodecSystemsLtd• Visit www.thecodecsystems.com for more info

Who is CODEC?


IVR Technology Overview in Africa

Africa is still an evolving market when it comes totechnology, especially with telephony systems. Why?

Statistics shows that aside from level of education &poverty, the cost of utilising technology (e.g the internet) isstill quite expensive in Africa.

Most elite in Africa Skype, facebook, tweet, use whatsapp& other mobile social media apps, just to either say hello orshare messages & pictures with friends and family.

The Internet most of the time is either very slow to beaffordable, or you pay through your nose to get somebandwidth that may still not meet your internet needs.


IVR Technology Overview in Africa

We are based in a country where over 160 millionpeople are under utilising technology.

Nigeria is a country in Africa with more than 250indigenous languages, with over 120 million mobile phoneusers, and with over 1 billion payment transactions permonth. Just 10% of these 120 million mobile phone users aremaking payments with their mobile phones. Meaning, 90%of the 120 million mobile phone users are not makingpayments due to either lack of adequate education, poverty,not being tech-savvy, language limitation, inability to affordreliable internet, etc


So what we have done (working with payment gatewaycompanies) is to effectively utilise Asterisk to allowanybody in Nigeria (educated or not) to use their mobilephone from anywhere, to make payments of any type, intheir own language.

IVR Technology Overview in Africa ...


Why use IVR for Payment? – payment channels chart


Why use IVR for Payment? – the market advantages for Africa

• No more expensive or inefficient Internet to makepayments.

• No more language barrier. Payment Instructions nowpossible in any language.

• IVR systems don't sleep, don't take lunch breaks, don't goon vacations. An IVR system can be available 24 hoursevery day.

• Mobility - Customers can call in at anytime and anywhereto make payments.

• By replacing manual tasks/services with specificautomated instructions, errors are reduced.

• Ease of use - Users don’t have to be tech-savvy to use anIVR system.


Why use IVR for Payment? – the market answers for Africa

1. Requires little or no assistance to make payment with IVR.

2. It helps the physically challenged to pay comfortably (theblind, the dumb, etc) – involves just the ears & fingers.

3. You can make payments while doing other stuff (e.g eating)

4. Short, Direct & Precise Instructions to make payment.

5. The Cheapest Mobile Phones can make payments.

6. Its nearer than near-field payment technology (You don'thave to be at the store to make payments).


Architectural Overview of an IVR Payment System

On-Premise Design


Architectural Overview of an IVR Payment System ...

In Cloud Design


Developing & Deploying your IVR Payment System

the steps...1. Design the user experience IVR flow on paper. Don't belazy about that.

2. Determine the number of concurrent calls expected whenthe IVR System goes live.

3. Get the hardwares required to meet the target number ofconcurrent users/customers. (Also plan the expansion)

4. Begin your dial plan as quickly as possible. It will run intoseveral lines of code.


Developing & Deploying your IVR Payment System ...

5. Don't do all the coding in your AGI. Let the AGI run andreturn channel variables, so the dial plan can continue.

6. Don’t border about the voice prompts yet, use a good TTSengine. Pay for the licenses. Its worth it. (we use CepstralTTS engine, with Allison's voice).

7. Conduct UAT with the TTS voice prompts, so the clientcan make corrections/additions as the case may be. Thenrecord the voice prompts appropriately.



8. Carry out soft lunch, (among your staff, or friends to besure everything works perfectly as expected) before goinglive in production.



User experience Flow – Toll Free Airtime Recharge


Developing & Deploying your IVR Payment System - requirements

a. HP Servers – DL380 G8 Server with 16GB RAM, 2Raid 1 & 2 Raid 10 HDD of 300GB each.

b. 2 x Sangoma A104DE Card, configured for E1 settingswith the latest wanpipe drivers.

c. 2 x GSM telcos occupying 4E1 ports each – a total of 120E1 channels per telco (2 telcos for redundancy).

d. OS is Linux CentOS 5.5 running in virtualised mode withXEN Hypervisor – very stable version of XEN as of whendeployed.


Developing & Deploying your IVR Payment System – requirements...

e. Asterisk 1.8.15 LTS. Presently in production, very stable andworks perfectly.

f. PHP-5.3 and above with PHP-CURL, MariaDB, Apacheweb server for serving web based reporting dashboard.

g. OpenSIPS Proxy Server as SIP firewall, redundancy and loadbalancing management of multiple IVR servers.

h. API & secured connectivity to/from the payment gatewayservers on the intranet – RESTful API with response in eitherjson or XML.


Example of an IVR Payment System in production

Tax Payment via IVR – Dial +2348139851080


Example of an IVR Payment System in production ...


Example of an IVR System in production – tax payment via IVR


Live Example of an IVR System in production

Limitations & Challenges

Major Limitation with Asterisk Diaplan that posses a greatchallenge is ability to call an Asterisk Application within anAsterisk Application – You can only call a function in an App.

e.g If you want to do something like;same => n,Set(some_var = ${Read(kepad,what_to_say,10,,3,10)})

This will be dialplan error, and very useful if possible. Why?

No way to pre-determine the number of payment instrument of auser/customer from API response.


Securing your IVR Payment System

1. Follow the best practices guidelines to secure IVR servercredentials – e.g change default passwords, apply firewall rules,double down with fail2ban, use hardware firewall if possible, etc

2. DO NOT keep log file on IVR Server (Disable Asterisk LoggingCompletely, its not allowed by PCI-DSS)

3. If IVR System is in the cloud connected to a SIP trunk, and doingAPI calls over the internet, make sure DTMF digits with sensitiveinformations (Card PAN, CVV2, PIN) is completely encrypted beforepassing to your payment gateway.

4. Make sure your gateway does the same when returning APIresponse (Most of them always do) – Man in the middle attack is real.



5. For an all cloud IVR System, make sure you hide the IVR servertopology as much as you can. This keeps you free from DoS attack.

6. DO NOT directly connect SIP Clients or Servers to the IVRserver. Do that through a SIP proxy.

7. Don't start by checking MSISDN or CallerID with API withoutmaking sure the user/customer really wants to pay.

8. Consistent voice prompt while keeping the IVR menu short andpurposeful is very important habit to cultivate. Also keep this in mindwith multi-lingual recordings. (Recording accent matters a lot tousers/customers using IVR to get familiar with payment instructions)



9. Understand that you are the first enemy of the IVR PaymentSystem in terms of security. You've signed an MOU/SLA with thepayment gateway companies, and you are responsible to keep theterms of those agreements.

You MUST get the security right, and get it right the first time.


The Future with IVR Payments – for the African Market

1. Develop New SIP app, New POS devices, Integrate with existingdevices (e.g SwitchVox, etc) that will allow customers/users pay viaIVR still using their credit/debit cards. (other POS features inclusive)

2. These devices will allow merchants immediately check theiraccount balance via IVR, in their language once payment is made.

3. Of course these devices can be configured any language to do IVRpayments/balance enquiry & others possible features in anylanguage in Africa.

4. CODEC have already taken steps in adding these SIP apps & IVRpayment devices to the arrays of payment means & should be inoperation by first quarter of 2015.


Similar on-going Project with IVR Systems in Nigeria.


Questions?

Thank You


www.thecodecsystems.com

developing an ivr payment system with asterisk (astricon 2014 las vegas nevada)

Technology

use ivr

ivr paymentsystem

whenthe ivr system

ivr payment systemthe

ivr technology overview

payment gatewaycompanies

comquicktellerivr skype

field payment technology