PCI contact centre solution – BT Cloud Contact PCI

PCI contact centre solution

BT Cloud Contact PCI

Contact us


Make card payments made over the phone simple, secure, and PCI DSS compliant.

Payment Card Industry Data Security Standards (PCI DSS) protect customer card information and prevent agent fraud. These standards must be met by any merchant dealing with card details, and it’s crucial that all agents and systems that routinely use card data are fully compliant.

PCI DSS compliance is a complex on-going process that can be time consuming, expensive, and can sometimes limit business agility. However non-compliance with these standards could damage your reputation, credibility, and customer loyalty, and expose you to legal issues.

BT Cloud Contact PCI offers a simple and scalable solution to PCI compliance. It’s a cloud-based solution that makes paying over the phone secure, and keeps your contact centre compliant.
BT Cloud Contact PCI goes beyond the minimum requirements of PCI DSS compliance, ensuring that no sensitive card details are ever shared between the customer and the contact centre agent, or recorded by the call. Desktops, agents, and all telephony infrastructure is secured from handling any card data, greatly reducing the risk of fraud.

What’s more, the agent and caller stay connected and able to talk freely throughout the card transaction while the customer enters their card information using the phone keypad. So card payments over the phone are secured, you’ll be PCI compliant, and your customers’ experience will be great.

The benefits

Simple, fast, and cost-effective PCI compliance for your contact centre.

Choosing a cloud-based solution reduces cost and makes serving multiple sites simple and straightforward. Because it’s hosted in the cloud, BT Cloud Contact PCI is an agile and scaleable solution. And because BT fully manages the compliance programme and renews it annually, you can concentrate on your core business in the confidence that all regulatory requirements are being taken care of on your behalf.

Compliant, secure and agile.
BT Cloud Contact PCI creates the opportunity to de-scope your contact centres from PCI DSS using DTMF Tone Masking, leaving BT to take care of compliance.

Delivers significant savings.
BT Cloud Contact PCI can help reduce your contact centre costs by avoiding any capital investment in PCI compliance and subsequent updating.

Protects and enforces your brand.
Customers need to know they can trust you with their personal information. BT Cloud Contact PCI increases real and perceived security, leaving no reputational risk from agent fraud.

Enhances the customer experience.
The method of inputting payment details via a keypad is easier than speaking it over the phone. There’s no impact on average handling time and, because there’s no break in the call, the agent is on hand throughout the process.

Makes operations more efficient.
All agents can take payments (even those off-shore) and outsource without security concerns. No agents will ever see, hear or speak any card data, reducing internal risk. Furthermore it can be fully integrated with all BT Cloud Contact solutions, as well as into your PSP or BT SafePay facility.

Technical specs

Isolating card data from the contact centre to meet PCI DSS.

When a customer calling the contact centre chooses to pay by card, SecureMode is activated and all details are sent to the payment system, bypassing the contact centre.

Up until the point of taking the payment, Dial Tone Multi Frequency (DTMF) tones and Interactive Voice Responses (IVR) are enabled and may be navigated. But at the point of payment, SecureMode is activated, and agents (and call recordings) only hear a flat tone. Payment details are then captured, and either passed directly to the payment gateway (or BT SafePay), or to the CRM for secure onward processing. BT ensures that card details are never captured in recordings, but the rest of the conversation is, achieving compliance without compromising on efficiency.

The agent and caller remain connected throughout, which is great for continuity and the customer experience.

  • Sensitive authentication data (i.e. CAV2/CID/CVC2/CVV2 post authorisation) cannot be stored, encrypted or non-encrypted, in systems or on call recordings.
  • Cardholder data, such as the Primary Account Number (PAN), can only be stored encrypted, in systems or on call recordings.
  • All entities that transmit, process or store payment card data must be compliant with PCI DSS.



BT Cloud Contact PCI

PDF-290 KB

New EU Data Protection Regulation.

Better Security and Improved Service Levels

PDF-136 KB

Right First Time with BT Cloud Contact PCI.