Telephone Payments

PCI Compliant Telephone Payments

The safest way to take a card payment over the phone is to keep the card data out of your business altogether. Paytia captures the card on the customer's own phone keypad and routes it straight to your payment gateway, so your agents never hear the digits, your call recordings stay clean, and your PCI scope drops from SAQ D (329 controls) to SAQ A (22 controls). Two approaches — DTMF Suppression and Channel Separation — both PCI DSS Level 1 certified.

Request a DemoTalk to Sales

Two ways to take a secure phone payment

Both keep card data out of your business and drop you to SAQ A. The difference is what the agent does during card capture. Compare them side by side.

Single channel

DTMF Suppression

Agent stays on the line throughout. Tones are suppressed in the live audio so the agent doesn't hear the digits but can keep talking the customer through.

Pick this if your agents handle complex calls and need to stay engaged through the payment step.

Read about DTMF Suppression →
Two channels

Channel Separation

Agent's audio goes off-line during capture. Voice prompts run the flow on the customer leg and the call reconnects when the payment authorises.

Pick this ifyour compliance team wants a hard physical separation for audit, or if you'd rather agents had no involvement at all.

Read about Channel Separation →

Other phone-payment products

The two above are the core. These four cover the rest of the patterns we see.

IVR Payments

Automated 24/7 phone payments — no agent on the line, no card data on your systems.

Learn more

Mobile Payments

Take secure card payments from any smartphone or tablet. No card reader, no app to ship.

Learn more

Outbound Payments

You dial the customer for collections, renewals, or chase — and take the payment on the same call.

Learn more

Payment Chase

Automated payment reminders by email and SMS with smart scheduling and pay-now links.

Learn more

Why take phone payments through Paytia

Phone payments are still where most businesses leak PCI scope. If you take card payments over the phoneand your agents hear the numbers, your call recordings probably capture them, and once that happens PCI DSS starts applying to most of your contact centre — not just the payment step. Pause-and-resume recording is fragile, secure rooms don't work for hybrid teams, and sending customers to a separate link kills the call.

Paytia sits between your phone system and your payment gateway, and we've been running secure phone paymentsfor UK contact centres since 2016. When it's time to pay, the customer enters their card on their own keypad. We either suppress the tones in the live audio (DTMF Suppression) or split the call into two channels during capture (Channel Separation) — either way, your agent never hears the digits, your recording captures nothing sensitive, your systems never touch the card. The payment processes through your existing gateway (Stripe, Barclaycard, Worldpay, Adyen, Tyl by NatWest, Ryft, and others), so you don't switch merchant accounts.

Most customers are live within days. PCI scope drops from SAQ D (329 controls) to SAQ A (22 controls), and the call experience stays the same for your customers.

Frequently asked questions

How do I make telephone payments PCI compliant?

You make telephone payments PCI compliant by keeping card data out of the places PCI DSS cares about — your agents, your phone system, and your call recordings. The simplest route is to capture the digits on the customer's own keypad and route them straight to your payment gateway, so the card number, expiry and CVV never enter your environment. Paytia does this two ways: DTMF Suppression strips the keypad tones from the live audio on an agent call, and Channel Separation splits the call into two channels during capture. Either approach typically drops your assessment from SAQ D (329 controls) to SAQ A (22), and both run on PCI DSS Level 1 certified infrastructure.

What is the safest way to take card payments over the phone?

Capture the card on the customer's own phone keypad and route it straight to your payment gateway, so the digits never reach your agent, your call recording, or your systems. Paytia does this two ways: DTMF Suppression strips the keypad tones from the live audio, and Channel Separation splits the call into two channels during capture. Both drop PCI scope from SAQ D (329 controls) to SAQ A (22 controls) and are PCI DSS Level 1 certified.

What are MOTO payments and how does Paytia handle them?

MOTO — Mail Order / Telephone Order — is any card payment where the customer isn't physically present and the transaction is taken by an agent over the phone or from a posted or emailed order form. MOTO is card-not-present, exempt from Strong Customer Authentication under PSD2, and the merchant carries the full fraud liability if a chargeback comes in. Paytia keeps your MOTO setup simple: the customer enters their card on their own keypad during the call, DTMF Suppression or Channel Separation keeps it off your systems, and the payment runs through your existing gateway. Your PCI scope drops, your fraud exposure on each transaction stays no higher than any properly-captured MOTO payment, and your agents never handle the digits.

Is Paytia a virtual terminal?

Not in the old sense. A traditional virtual terminal is a web form the agent types the customer's card number into, which means the agent's keyboard, browser, workstation and network all sit inside your PCI cardholder data environment — and you're usually on SAQ C-VT (about 80 controls) as a result. Paytia flips that model. The customer enters the card on their own phone keypad, the tones are suppressed before they reach the agent or the recording, and the digits go straight to the payment gateway. You get the browser-based convenience of a virtual terminal without the agent ever seeing or typing card data, and most customers drop to SAQ A (22 controls) instead of SAQ C-VT or SAQ D.

What is DTMF masking?

DTMF masking replaces the keypad tones (dual-tone multi-frequency signals) in a live call with silence or a flat tone, so anyone listening — agent, call recording, or anyone nearby — can't identify the digits being pressed. The customer types normally on their handset; the tones just don't reach the audio stream. It's how Paytia's DTMF Suppression keeps card numbers out of your contact centre.

How does Paytia keep card data away from my agents?

Customers type their card details on their own phone keypad. Paytia either suppresses the keypad tones in the live audio (DTMF Suppression) or splits the call into two channels during capture (Channel Separation) — either way, the card number, expiry, and CVV go straight to your payment gateway, not through your agent, your call recording, or your systems.

Do I have to change my phone system?

No. Paytia works with any telephony — landline, VoIP, SIP, PBX, or full contact-centre platforms like Genesys, Five9, Amazon Connect, NICE, 8x8, Talkdesk. There's no hardware to install. Most customers are live in days.

Can I still record calls?

Yes. Card data is removed from the audio before it reaches the recording layer, so recordings stay clean — no pause-and-resume, no redaction, no compliance exposure if a recording is ever pulled from archive.

Does this work for outbound calls and payment chases?

Yes. Agents can dial the customer for collections, renewals, or chase and take the payment on the same call. See Outbound Payments and Payment Chase below.

How much does this reduce our PCI scope?

Most businesses drop from SAQ D (329 controls) to SAQ A (22 controls). Card data never enters your environment, so most PCI DSS controls stop applying.

“Paytia turned a security exposure and reputational risk into a value-enhancing opportunity. Fundraising has never been more important and Paytia has helped us achieve our goals.”

Trinity Hall College

Cambridge University

Read the case study →

Used by British American Tobacco · Howard Kennedy · CITB · Clinical Partners · Trinity Hall College

Since 2016

Building secure payments

PCI DSS Level 1

Highest certification

99.99%

Platform uptime

£40M+

Transactions processed

Ready to take phone payments the right way?

See Paytia on a call flow that looks like yours. Most businesses are live within days.

PCI DSS Level 1
Cyber Essentials Plus
Request a DemoContact Sales

Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia