Case Study
Secure agent-assisted customer payments
Reducing PCI compliance risk during phone payments
Businesses that accepted payments over the phone faced a significant compliance challenge. During a typical support call, customers verbally shared their credit card details with an agent, placing the business within PCI DSS scope and increasing the cost and complexity of maintaining compliance.
To address this, the business set out to create a payment experience that allowed customers to complete transactions securely without exposing sensitive payment information to customer service agents.

Defining a secure payment experience
As the sole UX Designer on the project, I helped define Secure Service, a new payment flow that enabled businesses to accept phone payments while keeping cardholder data separate from the agent interaction.
Working closely with Product Management, I translated business and compliance requirements into an end-to-end experience that supported both the business administrator configuring the service and the customer completing the payment.
My responsibilities included defining user flows, mapping use cases, designing the provisioning experience for businesses, and creating the customer-facing payment interface.

Translating complex business requirements into a simple experience
Before exploring interface concepts, I worked with Product Management to understand the business problem, regulatory constraints, and the architecture of the existing provisioning platform.
This helped me develop a holistic understanding of the underlying data model, customer configuration options, and the different payment scenarios the product needed to support.
These insights informed both the agent workflow for initiating secure payments and the customer journey for completing them.

Designing a fast, mobile-first payment flow
Because customers were typically completing payments from their mobile device while speaking with an agent, reducing friction throughout the experience became a key design objective.
The final experience incorporated several usability improvements to minimise input effort and increase confidence during payment:
- Input masks automatically formatted card numbers and dates, reducing data entry errors.
- A single-page checkout eliminated unnecessary navigation and allowed customers to review and update information without moving between screens.
- Support for trusted digital wallets such as Apple Pay, Google Pay, and PayPal reduced the need to manually enter card details.
- Mobile-optimised interactions, including context-sensitive keyboards and credit card scanning, made completing payments faster and easier.
These decisions helped create a payment experience that balanced security, compliance, and usability while supporting customers in a high-pressure, real-time context.

This solution became the standard payment experience for over 1,300 billers
The final solution was successfully released and adopted as the default payment experience for businesses accepting payments over the phone.
I helped translate complex compliance requirements into an experience that balanced business needs, security constraints, and usability. The resulting solution enabled businesses to accept payments without exposing agents to customers’ payment details, reducing PCI scope while delivering a streamlined mobile payment experience. 👍