PCI DSS compliant Call Centre Solution


PCI-DSS stands for Payment Card Industry Data Security Standard

The Payment Card Industry Security Standards Council was incorporated 16th Sept 2006. It was established by the global payment card schemes, as a unified standard, to baseline the minimum data security requirements necessary to protect payment card data within any part of the merchant environment.

The changes outlined in 2018 mean that simply protecting stored call recordings from capturing card data is no longer sufficient for compliance. It is only achieved by the removal of all card data from your infrastructure through one of the three approved solutions outlined below.


Pause & Resume

Most Contact Centers use this technique as part of their compliance process. While common in the UK, this is no longer regarded as compliant by the PCI Council. We have the option to make Pause & Resume far more robust by adding speech analytics software, scanning all call recordings and highlighting all sensitive card data for removal.

With a range of technologies designed to support telephone based card payments, we can ensure that you choose the right solution to match both your own business requirements and your customers’ preferences to ensure you are compliant with the latest PCI guidelines.

Compliance via Voice Suppression

This is the easiest and simplest way of achieving compliance without changing the customer experience. By collecting card information directly through the customers’ own phone using its Dual Tone Multi-Frequency tones (DTMF) capability, we take your agent out of scope for compliance as they are no longer presented with sensitive card data. The agent remains connected with the customer during the process, advising the customer at all times. The card data is automatically sent to your payment gateway and the agent is advised on the success or failure of the transaction.

Compliance via Telephone Based IVR

If you or your customer do not wish to remain on the call while the payment is being made, you can use this method. IVR (Interactive Voice Response) technology allows your customers to make payments using their telephone keypad at a time (24/7) which best suits them. It is not necessary to have an agent present on these calls.

Compliance via Digital Links

This technology easily converts a telephone based payment into a secure e-commerce transaction. It takes your agents completely out of scope for compliance, all while your agents remain on the call with the customer.

When a payment is required, the customer is sent a digital link directly to their smartphone, PC or tablet via email. Once this link is opened, it automatically connects them to your payment gateway, enabling them to complete the transaction electronically while online. As with the IVR application, this can be done when connected to the agent or at any time that suits the customer, 24/7.

Grow your business with our solution

See how Daktela can help you. For free.