De-scoping from PCI DSS in contact centers: DTMF becomes the new standard

The third edition of our FREE research report presents the findings of our ongoing investigation (conducted biennially since 2012) into how contact center leaders and payment service providers (PSPs) are meeting the challenges of Payment Card Industry Data Security Standard (PCI DSS) and card payment security in enterprises across the UK, US and Australia. We have also looked into concerns among consumers about card payments over the phone.


This report represents a major update to our research last conducted in 2016, and it couldn’t be more timely. Payment card data security has never been more of an issue and call centers are increasingly seen as the weakest link for organizations, vulnerable to fraud on multiple fronts both from outside and within.

New PCI DSS guidelines for contact centers have just been published by the global PCI Security Standards Council (PCI SSC), updated for the first time since 2011 and bringing them up to date with the numerous technological developments there have been since they were first published. The implementation of GDPR in May 2018 has also led organizations to think more about the security of the personal data that they store, as well as leading to wider consumer awareness of issues surrounding data security.

Our research shows that consumers are growing ever more concerned about payment card security when paying over the telephone and that expert advice is moving away from recommending the use of mitigating controls such as pause and resume and white rooming, towards the emerging new standard of DTMF masking or ‘keypad payment by phone’.

  • Download your free copy now

    To download your free copy of these materials simply fill in the form below and click ‘download now’.

    Fields marked * are compulsory

  • This field is for validation purposes and should be left unchanged.