If you take card payments by phone and you're choosing how to keep the recordings clean, you've probably narrowed it down to two options: pause-and-resume call recording, or DTMF masking. They both promise the same outcome — no card number sitting in your call recording archive — but they get there in completely different ways, with completely different failure modes.
Pause-and-resume is the older, cheaper approach: the agent presses a button before asking for card details, the recorder stops, the customer reads out the digits, the agent presses resume. DTMF masking takes a different route: the customer types the digits on their own phone keypad, the audio channel carrying those tones is separated from the agent's audio, and neither the agent nor the recording ever picks up the card data in the first place.
This piece is for someone who's already accepted that card numbers shouldn't sit in call recordings and is now weighing up which technique to deploy. We're going to be honest about where pause-and-resume still makes sense, but our position is clear: for anything beyond a handful of agents, DTMF masking wins on reliability, audit confidence, and total cost of ownership.
How pause-and-resume works#
Pause-and-resume is a workflow feature on the call recording system, not a separate piece of telephony. The recorder exposes a pause control to the agent — usually a button in the agent UI, sometimes a keyboard shortcut, sometimes a DTMF code the agent dials. When the agent presses pause, the recorder either stops writing the audio file or starts writing silence to it. When the agent presses resume, the recording continues from there.
The conversation itself doesn't change. The customer is still on the phone with a human agent, the agent still hears the card details, and the audio is still passing through every system that normally handles a recorded call. What changes is what ends up on disk. The agent reads back the last four digits to confirm, presses resume, takes the rest of the transaction, and the recording is missing the card-entry portion entirely.
Some recorders go a step further with automatic pause-and-resume — pattern-matching on agent screen events, CRM page transitions, or call leg metadata to trigger the pause. That's better than manual, but it's still a control layered on top of an agent flow where the audio carrying card data exists. The selling point is simplicity: no integration, no telephony changes, no extra vendor. The recorder you've already got grows a new feature.
How DTMF masking works#
DTMF masking sits in the call path itself, between the customer and your contact centre. When the agent is ready to take the card, they trigger the masking service — a click in the agent app, a transfer to a SIP URI, or an API call. From that moment, the audio channel splits. The customer's voice still reaches the agent, so they can keep talking, but the keypad tones travelling down the line are intercepted before they hit your network. The masking service decodes the tones, sends them straight to the payment processor, and replaces them in the audio path with flat tones, silence, or hold music.
The agent never hears the digits. The recorder never sees them. The audio file that gets written to your archive contains the conversation around the payment, but not the payment itself. The customer types their card into their own phone keypad, gets an approval or decline back through the agent, and the call carries on.
The architecture matters. The card data lives inside the masking provider's PCI DSS Level 1 environment for the few seconds it takes to authorise the transaction, then it's gone. Your contact centre never holds it. We covered the deeper mechanics in our channel separation pillar guide — that's the full picture of how the audio path gets split and what it does to PCI scope. The cost is real (integration work, recurring SaaS spend, dependency on a service provider), but there's no card data to mishandle.
The PCI DSS view#
In principle, both techniques can support PCI compliance. PCI DSS doesn't mandate either approach — it sets outcomes. Requirement 3.4 says PAN must be rendered unreadable wherever it's stored, which includes call recordings. If your recording doesn't contain a PAN, you've met that requirement for the recording. How you got there is up to you.
That's the principle. The practice is messier. Pause-and-resume relies on a control — usually a human agent — operating correctly on every single call. Auditors know this. They'll want evidence that pauses happened on every relevant call, your reconciliation between transaction logs and recording timestamps, and your remediation procedure for when a pause was missed. They'll also expect a documented incident response plan under Requirement 12.10 specifically for the case where a recording contains a PAN that shouldn't have been captured. None of that is impossible, but it's a real ongoing operational load.
DTMF masking removes the dependency on operational reliability. The audio never carried the data, so the recording can't possibly contain it. That's a much easier story to tell a QSA, and it's why a well-designed masking setup tends to land in SAQ A or SAQ A-EP territory while pause-and-resume contact centres typically still complete SAQ D. The full v4.0.1 picture is in our PCI DSS 4.0 call centre guide.
Where pause-and-resume falls down in real call centres#
This is where the gap between policy and reality opens up. Pause-and-resume is fine in a training video. It's harder in a contact centre running 800 calls a day across a flexed roster of agents on three shifts, half of them remote.
The most common failure is straightforward: the agent forgets to press pause. They're new, or tired, or the customer started reading the card before they'd finished pulling the screen up. The result is a recording with a full PAN in it — an in-scope call recording, an in-scope storage system, an in-scope backup, and a PCI incident to document.
A second failure catches more agents than people realise: the customer starts reading the digits early. The pleasantries are over, the agent is reaching for the pause button, and the customer — being helpful — says "right, it's 4929 1234..." while the recorder is still rolling. Even a one-second lag captures the first block, which is enough to compromise PCI scope on that recording.
A third failure is double-press. Some recorders implement pause as a toggle. Press once, recording stops. Press again, recording starts. An agent who's not sure whether they paused yet presses the button to check, and the recording restarts mid-card-entry — the customer has read the first eight digits before anyone notices.
Then there's 3DS. When the issuer kicks back a one-time passcode, the agent reads it out — and if your pause-and-resume is keyed off "is the customer giving card details now?", it may have already resumed by the time the OTP arrives. Same problem on retries: a declined card means a second attempt, and the agent has to remember the whole pause-resume dance again under time pressure.
Finally, training overhead. Every new starter has to be drilled on when to pause, when not to pause, how to recover if they forgot, and how to report a recording that should be quarantined. New agents drag your error rate up for the first three months. On a 200-agent contact centre with 25% annual attrition, that's a permanent training burden.
Where DTMF masking falls down#
No technique is free, and DTMF masking has real downsides we're not going to pretend away. The upfront cost is higher. Integration with your CRM, your agent desktop, your telephony platform, and your payment processor isn't trivial — even a clean deployment is a few weeks of work for a mid-sized contact centre. Legacy on-premise PBX systems, custom-built agent desktops, or call flows that hand off between multiple platforms can stretch the timeline further.
The recurring cost is real too. DTMF masking is a SaaS service, billed per agent or per transaction depending on the provider. For a contact centre with very low payment volume, the per-month cost can outweigh the audit savings. And platform compatibility matters: the architectural pattern varies (SIP trunk insertion, WebRTC overlay, platform API, transfer-to-IVR), and not all of them fit all stacks. We covered the variants in our channel separation vs DTMF suppression comparison.
When pause-and-resume is the right call#
There are genuine cases where pause-and-resume is the better choice. A small professional services firm with three agents taking five card payments a week from existing clients doesn't need a SaaS masking subscription. A solicitor's office, a small accountancy practice, a one-clinic dental surgery — the audit pressure is low, the call volume is tiny, and the cost of a SaaS service outweighs the risk reduction.
Under roughly five agents, with low payment volume and no annual PCI audit, pause-and-resume is a reasonable answer. Past that point, the maths flips.
When DTMF masking wins#
Most contact centres taking phone payments fall into the masking-wins category. Ten or more agents, regulated industries (utilities, financial services, healthcare, gambling, telecoms), an annual PCI DSS audit, recordings retained for dispute or QA, agents working from home, or an integration with a CRM that stores payment metadata — any one of these tips the analysis toward DTMF masking.
The reasoning is structural. Pause-and-resume scales linearly with the number of agents because every agent is a potential failure point. DTMF masking is constant overhead — the service does the work whether you have 5 agents or 500. Cost per call drops as volume rises. Audit confidence stays the same regardless of headcount. Remote agents are no harder to support than in-office ones, because the masking happens on the call leg, not at the agent's desk. There's also a quieter benefit: agents stop carrying the cognitive load of remembering when to pause, which shows up in handle times and CSAT before it shows up in PCI scope.
Frequently asked questions#
Can I run pause-and-resume and DTMF masking together?
Yes, and some contact centres do during a transition. The masking handles new card-entry calls; the pause-and-resume control stays in place as a belt-and-braces measure on legacy call paths until they're decommissioned. Once masking is fully rolled out, the pause-and-resume layer adds no compliance value, and you can simplify by removing it.
Is pause-and-resume PCI DSS 4.0 compliant?
It can be, if you can demonstrate the control operated correctly on every relevant call. PCI DSS 4.0.1 doesn't ban pause-and-resume, but it tightens up on continuous risk assessment (Requirement 12.3.1) and demands evidence that compensating controls work in practice, not just on paper. Auditors are getting stricter about pause-and-resume implementations because the failure rate in the wild is well documented.
Does DTMF masking work with all call recording platforms?
Most modern ones, yes. The integration pattern depends on whether your recorder is in the cloud, on-premise, or hybrid, and whether the masking provider supports SIP trunk insertion, platform APIs, or a transfer-to-IVR model for your specific stack. We'd rather check compatibility upfront than promise it blindly — if you tell us what you're running, we'll tell you what fits.
What does it cost to switch from pause-resume to DTMF masking?
It varies. The masking subscription is typically per-agent or per-transaction. Integration work — agent UI changes, payment-status webhooks, audit logging — is a one-off cost that depends on how much custom integration you've already got. For most mid-sized contact centres, the project pays for itself within 12 to 18 months on PCI audit and remediation savings alone.
How long does DTMF masking implementation take?
Three to eight weeks is typical for a clean deployment. Smaller setups with a single cloud contact centre platform and a standard payment processor are quicker. Legacy PBX environments, custom agent desktops, or multi-region routing rules can stretch the timeline. We always scope this honestly upfront so you can plan the audit and budget cycles around it.
Will my agents notice a difference in workflow?
They'll notice that they don't have to think about pausing. The card-entry step becomes a button click that hands off to the masking service, and they keep talking to the customer through it. Most agents describe the new flow as easier than the old one. The first week of any rollout is the awkward part — after that, agents stop wanting the old workflow back.
Where we'd point you#
If you're running fewer than five agents, with low card-payment volume and no annual PCI audit, pause-and-resume might be enough. Document the control, train it well, run a quarterly check that pauses are happening, and accept the residual risk. Most readers of this piece aren't in that bucket, though.
If you're past that scale — and especially if you're approaching a PCI DSS 4.0.1 audit cycle — DTMF masking is the lower-risk, lower-effort answer over any meaningful time horizon. The upfront integration cost is real but recoverable; the ongoing simplification of your PCI scope is permanent. The channel separation guide covers the technical detail, and our DTMF masking solutions page walks through how we'd plug it into an existing contact centre. We're a PCI DSS Level 1 service provider with ten years of contact centre integrations behind us — happy to talk through what the move would look like for your specific setup.
Ready to leave pause-and-resume behind?
Most setups that move from pause-and-resume to DTMF masking with Paytia are live within days. Same call flow, fewer manual steps for your agents, smaller PCI scope at your next audit. PCI DSS Level 1 certified, Cyber Essentials Plus.
