PCiDSS-LogoPCI DSS compliant card payment by phone and call recording

Syntec’s proprietary CardEasy system enables you to fully de-scope your call centre environment and call recordings from PCI DSS, reducing the risk and cost associated with managing card payment transactions in your contact centre. Watch our demo to see how CardEasy works.

How does CardEasy Work?

  1. A caller wishes to pay by card over the phone
  2. The contact centre agent initiates a request for card authorisation
  3. The caller is prompted to enter their card number via their telephone keypad
  4. The audio from the caller to the agent is cut briefly while the middle six digits of the long card number (PAN) are entered to ensure that there is no way the agent can be exposed to the card number by hearing either the DTMF tones or the caller saying the number
  5. The audio from the agent to the caller remains open throughout
  6. The complete call can be recorded but the sensitive DTMF tones are masked on the recording as well
  7. The agent is alerted via their screen when payment has been authorised.

What’s special about CardEasy?

Some systems for call recording – called ‘pause and resume’ – cut the call recording at the point at which the agent asks for the card details. Although the card information is not stored on the recording the agent is still able to access it. This means that the contact centre environment and agents are still ‘in scope’ for PCI DSS regulations and audits and open to the risk of fraud, exacerbated because the critical part of the call is not recorded. Such systems do not therefore offer full PCI DSS de-scoping and can expose your contact centre to ongoing security risks.

CardEasy enables you to fully comply with both aspects of PCI DSS:

  • Your agents will not be exposed to callers’ card information.
  • Card information will not be stored in your call recordings.

 Hosted or premise-based?

Most clients opt for the hosted CardEasy service. The hosted solution is cloud-based and routes all your calls through the Syntec network. There are no hardware requirements and the system is quick and easy to set up.

For larger volume clients it may not be practical to route all calls via the Syntec network so we also offer a premise-based (CPE) solution which works with any telephony provider. An appliance is securely sited at your premises which enables you to take phone payments using CardEasy via the Syntec cloud service. In all other ways the premise-based solution is the same as the hosted solution and offers full PCI DSS descoping.

What our customers say

“What makes Syntec’s CardEasy payment service stand out is that to customers it is much more secure”

Janette Wynn, Operations Director, Freestart PLC

“Miele selected Syntec’s pioneering, hosted CardEasy system to enrich customer service whilst de-scoping us from large sections of PCI DSS regulations, which otherwise require significant cost and effort to satisfy.”

Paul Aram – IT Manager

Benefits of CardEasy

  • Customers simply enter their credit card number and security code mid-call using their phone keypad.
  • Your agents, whether in your contact centre, working from home or in an outsourcer, cannot see or hear the card information and it is not stored in the call recording.
  • Payment is taken and confirmed in real time and, unlike in ‘pause and resume’ systems, the entire call can be recorded whilst the agent stays in conversation with the customer throughout.
  • Tokenisation, card scheme surcharging and BIN look-up are all supported.
  • Works with your existing telephony and offers either hosted or premise-based versions, depending on how your call traffic is managed.
  • CardEasy also offers a customer self-service autopay facility so you can take secure payments out of hours or without the need for an agent.
  • Partnered with all major payment service providers and can also be integrated with your back office and CRM systems.
  • CardEasy reduces cost as well as risk. Because it is a PCI DSS level 1 service it should remove the need for your contact centre and other sites to have expensive and time-consuming PCI audits.
  •  Set up costs are minimal as no additional hardware is required, and ongoing costs are based on a ‘pay per agent’ or ‘pay per use’ basis depending on your business’s requirements so can also be kept low.

What our partners say

realex.payments.logo.aug.2015“Realex is delighted to be partnering with Syntec’s CardEasy ‘keypad payment by phone’ technology, which is fully integrated with the Realex payment gateway. This enables our customers to de-scope call centres, outsourcers and home-workers from PCI-DSS regulations and audits, whilst providing seamless and secure MOTO transactions.”

Head of Partnerships, Realex

worldpay.logo.2015“Worldpay is a recognised leader in security and risk. Our joint proposition with Syntec offers a secure transaction service while removing the need for call centres to have onerous annual PCI audits.”

Kevin Dallas, Chief Product and Marketing Officer, Worldpay eCommerce


syntec.logo.2014.1Additional Information