Telephony

What is PCI compliance for phone payments?

If your team takes card details over the phone, the card-payment security rules (PCI DSS) apply to you. Here's what that means and the simplest way to stay on the right side of it.

Talk to us01392 662600

PCI DSS — the Payment Card Industry Data Security Standard — is the set of rules that govern how businesses handle card payments. It isn't UK law, but it's a requirement set by the card schemes and your payment provider, and falling short can mean fines, higher fees or losing the ability to take cards. If you take card details over the phone, it applies to you.

Why phone payments are a particular risk

Taking a card number verbally means it can end up spoken into a call recording, jotted on a notepad, or simply heard by staff — all of which create exactly the kind of stored card data the rules are designed to prevent. That's the trap most businesses don't realise they're in until something goes wrong.

The simplest way to comply

Keep card data off your systems entirely. With PCI-compliant phone payments, the customer keys their card details in securely, your staff never see or hear the full number, and the recording pauses automatically around the payment. There's nothing sensitive stored on your network, which removes a big chunk of the compliance burden rather than just managing it.

FAQs

Common questions

Do small businesses have to be PCI compliant?

Yes — PCI DSS applies to any business that takes card payments, regardless of size. The level of formal validation varies with how many transactions you process, but the obligation to protect card data applies to everyone.

How do I stop card numbers ending up in call recordings?

Use a phone payment setup that pauses recording around the payment and lets the customer key in their own card details, so the number never enters the recording or reaches your staff. We build this into your Cobalt phone system.

Is taking card details by phone still allowed?

Yes, as long as you handle the data properly. Keeping card details off your systems — so staff don't see them and recordings stay clean — is the cleanest way to keep doing it safely.

Take the next step

Where to next

#WEARECOBALT

Ready when you are.

Tell us what's slowing your business down. We'll tell you exactly how we'd fix it — plainly, with no obligation.

01392 662600Send us a message