What is a Session Border Controller (SBC)?
A Session Border Controller (SBC) is a network device or software at the edge of a VoIP network that controls SIP signalling and the audio (RTP) streams crossing it. In contact-centre payments, the SBC is usually where DTMF tones from the customer's keypad are intercepted and replaced before they reach the agent or the call recording.
A Session Border Controller, or SBC, is the network device that sits at the edge of a contact centre's VoIP network and polices every SIP call going in or out. It handles the boring-but-critical jobs — signalling normalisation, topology hiding, NAT traversal, codec interworking, TLS and SRTP termination — and it does one thing that matters enormously for phone payments: it can see and modify the audio stream in real time. That's why SBC-based DTMF masking is one of the cleanest ways to keep card numbers out of agent earshot and out of call recordings.
The Session Border Controller sits between two SIP networks — typically a contact centre's internal telephony and an external SIP trunk provider — and acts as the policy enforcement point for everything crossing that boundary. Because the SBC already sees every call leg, it's the natural place to plug in payment-data masking: when a customer keys their card number, the SBC detects the DTMF tones in the RTP stream, strips them out, and forwards the digits to the payment processor over a separate secure channel. The big SBC vendors in UK contact centres are AudioCodes, Ribbon, Oracle, Avaya SBCE and Cisco CUBE; we integrate with all of them.
What is a Session Border Controller?
A Session Border Controller — SBC — is a network device or software that sits at the edge of a Voice over IP network and controls SIP signalling and media streams. SBCs handle topology hiding, codec interworking, security policy, NAT traversal, and, in payment contexts, DTMF tone interception.
Why SBCs matter for contact-centre payments
For contact centres taking card payments over the phone, the SBC is often the point in the call leg where DTMF masking is implemented. Customer-keyed digits are intercepted at the SBC before they reach the agent's media stream, replaced with silence or a placeholder tone in the recorded path, and forwarded to the payment processor over a separate secure channel.
The SBC's position at the network edge gives it a clean view of every call leg in and out of the contact centre. That makes it the natural insertion point for any technology that has to act on the audio stream before it reaches the agent — payment-data masking, transcription redaction, fraud-pattern detection.
Common SBC vendors in the contact-centre market
Different SBC vendors implement DTMF masking differently. Some support inline masking natively; others require a partner integration. The SBCs we see most often in the UK contact-centre market:
- Avaya SBCE
- AudioCodes
- Ribbon (formerly Sonus)
- Oracle Communications SBC
- Cisco CUBE
Paytia integrates with all major SBC vendors via SIP and supports several different integration patterns depending on where in the call leg the masking happens.
SBC versus other masking insertion points
The SBC is not the only place DTMF masking can occur. Masking can also happen in the IVR, in a downstream media gateway, or in a dedicated payment-gateway hop. For contact centres with on-prem or cloud-PBX telephony, the SBC is usually the cleanest insertion point because it sees every call regardless of which agent or queue answers.
For fully cloud-based contact-centre platforms (CCaaS) where the SBC is operated by the platform vendor, masking often happens further downstream — in the platform's own media-handling layer or via API integration with a payment gateway.
Paytia DTMF masking sits at the SBC layer for contact centres running on-prem or hybrid telephony. The integration is non-disruptive — the SBC continues to handle all its existing routing, codec, and security responsibilities, with DTMF interception added as a small policy hook on the call legs that involve a payment.
For cloud-only contact centres where the customer doesn't operate their own SBC, Paytia integrates further downstream via SIP trunk, API, or via partnership with the CCaaS vendor's own media platform. The end result is the same — card data never reaches the agent's audio leg or the call recording.
Frequently Asked Questions
Is an SBC the same as a PBX?
No. A PBX (Private Branch Exchange) is the call-handling system that routes calls between agents and external lines inside the contact centre. An SBC sits at the network edge between the PBX and the public VoIP/SIP network, controlling signalling, security, and media as calls cross that boundary. They work together but do different jobs.
Do all contact centres need an SBC?
On-prem and hybrid contact centres almost always need an SBC — it's the standard secure border between internal telephony and the public SIP network. Fully cloud-based CCaaS platforms (Genesys Cloud, Five9, Talkdesk, Amazon Connect) handle the SBC function inside the platform, so the contact centre doesn't operate one directly. The SBC is still there; it's just managed by the vendor.
Can DTMF masking work without an SBC?
Yes. DTMF masking can be implemented in the IVR, in a downstream media gateway, on a payment-gateway-side proxy, or inside a CCaaS platform's media handling. The SBC is the cleanest insertion point for on-prem and hybrid telephony because it sees every call leg, but it's not the only option. For cloud-only setups, masking happens further along the call path.
See how Paytia handles session border controller (sbc)
Book a personalised demo and we'll show you how our platform works with your setup.
Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia