Featured Video Play Icon

Semafone- Card Not Present Payment Processing

Semafone with PBX Hosting SIP provides Security Standards compliance for all CNP (Cardholder Not Present) payments

Taking card payments over the phone? Semafone can ensure that you’re compliant with the Payment Card Data Security Standards (PCI DSS) when receiving  CNP payments.  PCI DSS stipulates that sensitive authentication data such as 3-4 digit security codes must be protected – and cannot be recorded or stored.

Our Semafone solution protects your customers’ sensitive data by ensuring PCI compliance for all CNP payments. Rest assured that your business will be protected from reputational or financial damage should a data breach occur.

Combine PBX Hosting’s Next Generation Telephony Solutions with Semafone’s Award Winning PCI Compliance for CNP Payments

With Semafone, the customer enters their card information using the telephone keypad which allows call recording to continue as usual. The DTMF tones (Dual Tone Multi-Frequency) are completely masked from the agent and replaced with a flat tone that sounds like the customer is just pressing the number 1. This ensures that the DTMF tones are unrecognisable to the agent and cannot be picked up in any call recordings.

Semafone’s complete solution from PBX Hosting absolves the agent and organisation from handling any sensitive data. In terms of PCI DSS compliance, it means you have effectively outsourced the CNP payment process. As a result, you will no longer have to apply many of the PCI DSS controls that are normally required to guarantee compliance.

Why Pause and Resume may not be sufficient for PCI compliance

Pause and resume is seen as a partial solution for PCI compliance that really only addresses a single aspect of PCI compliance, the storing of cardholder data. The sensitive information is still handled and accessed by agents which can lead to a threat of opportunistic agent fraud by an agent writing down the information, unauthorised access of the info via a CRM, overhearing a colleague etc. It also leaves many other aspects of PCI compliance in scope for which controls would need to be in place for.

This could include
  • Infrastructure
  • CRM/Applications
  • Telephony equipment
  • Physical environment
  • Agent

With Semafone SIP the controls are addressed and the vast majority fall out of scope for PCI DSS compliance. In fact the number of controls required falls from 327 to just 14, of which the remaining controls can be satisfied by evidencing to your QSA how you manage your service provider.

Agent fraud is on the rise, fortunately if you do not hold the data, it cannot be hacked.

Who Should Use Semafone with PBX Hosting SIP? Semafone is suitable for any size business or government organisation that currently store or process cardholder information. Semafone can be integrated as part of a new PBX solution from PBX Hosting to provide your business with a solution that is award winning and market leading.

PCI DSS security breaches do happen and the cost to businesses financially, through fines and legal fees, and reputationally, through loss of confidence and negative PR, means that fraud prevention technologies such as Semafone are an invaluable investment for business looking to protect themselves and their customers.

Contact Us for more information about Semafone- Card Not Present Payment Processing

Get in touch with us today

To discuss your requirements with one of our friendly sales team