Featured Video Play Icon


Taking card payments over the phone means you need to comply with the Payment Card Data Security Standards (PCI DSS), which stipulate sensitive authentication data such as the three or four digit security codes (CID, CVC2, CVV2 or CAV2) must be protected – and cannot be recorded or stored.

Semafone with PBX Hosting SIP provides secure and professional card transaction for all CNP (Cardholder Not Present) payments. Protect your customers sensitive data with a secure solution that ensures PCI compliance whilst also providing you the reassurance that that your business is protected from reputational and finance damage should a data breach occur.

Combine PBX Hosting’s Next Generation Telephony Solutions with Semafone’s Award Winning PCI Compliance

Semafone allows a call recording to continue as normal as the customer enters their card information using the telephones keypad. The DTMF tones (Dual Tone Multi-Frequency) are completely masked from the agent and replaced with a flat tone that sounds like the customer is just pressing the number 1. This ensures that the DTMF tones cannot be recognised by the agent, nor picked up in any call recordings should they fall into the wrong hands.

By implementing Semafone’s complete solution from PBX Hosting you will not have handled any sensitive cardholder information, which in terms of PCI DSS compliance means you will be deemed to have completely outsourced the payment process. This will take you out of scope for many of the PCI DSS controls that you would normally have to put in place to remain compliant.

Why Pause and Resume may not be sufficient for PCI compliance

Pause and resume is seen as a partial solution for PCI compliance that really only addresses a single aspect of PCI compliance, the storing of cardholder data. The sensitive information is still handled and accessed by agents which can lead to a threat of opportunistic agent fraud by an agent writing down the information, unauthorised access of the info via a CRM, overhearing a colleague etc. It also leaves many other aspects of PCI compliance in scope for which controls would need to be in place for.

This could include
  • Infrastructure
  • CRM/Applications
  • Telephony equipment
  • Physical environment
  • Agent

With Semafone SIP the controls are addressed and the vast majority fall out of scope for PCI DSS compliance. In fact the number of controls required falls from 327 to just 14, of which the remaining controls can be satisfied by evidencing to your QSA how you manage your service provider.

Agent fraud is on the rise, fortunately if you do not hold the data, it cannot be hacked.

Who Should Use Semafone with PBX Hosting SIP? Semafone is suitable for any size business or government organisation that currently store or process cardholder information. Semafone can be integrated as part of a new PBX solution from PBX Hosting to provide your business with a solution that is award winning and market leading.

PCI DSS security breaches do happen and the cost to businesses financially, through fines and legal fees, and reputationally, through loss of confidence and negative PR, means that fraud prevention technologies such as Semafone are an invaluable investment for business looking to protect themselves and their customers.

Contact Us for more information about Semafone

Get in touch with us today

To discuss your requirements with one of our friendly sales team