PCI DSS Level 1 Certified

DTMF masking — silence card tones, stay PCI compliant

The customer types their card on their phone keypad while the agent stays on the line. We mask the DTMF tones in real time, so the agent hears nothing identifiable, the recording stays clean, and the card data goes straight to Paytia. You'll also hear it called DTMF suppression — it's the same thing. We've been doing it since 2016. PCI scope drops from SAQ D to SAQ A.
Book a demoTalk to us

How a call actually flows

1

Customer

Keys the card on their own phone

2

Paytia platform

Captures the real tones, suppresses them, sends the card to your gateway

3

Agent

Stays on the line, hears flat tones, picks up afterwards

DTMF Masking or Channel Separation?

Two ways to do the same job. Both keep card data out of your business and drop you to SAQ A. The difference is what the agent does during card capture. See the full side-by-side.

DTMF Masking

You're here

Single channel. Agent stays on the line. Tones are masked in the live audio so the agent doesn't hear the digits.

Pick this if your agents handle complex calls and need to stay engaged through the payment step. Conversational throughout.

Channel Separation

Two channels. Agent's audio goes off-line during capture. Voice prompts run the flow on the customer leg.

Pick this ifyour compliance team wants a hard physical separation for audit, or if you'd rather agents had no involvement in the capture step at all.

Read about Channel Separation →
“Paytia turned a security exposure and reputational risk into a value-enhancing opportunity. Fundraising has never been more important and Paytia has helped us achieve our goals.”

Trinity Hall College

Cambridge University

Trusted by British American Tobacco · Howard Kennedy · CITB · Clinical Partners · Trinity Hall College

What you get

Agent stays on the line

The conversation doesn't break. Your agent can talk the customer through the capture, answer questions, and pick up the call as soon as the payment authorises.

Recording stays clean

We mask the tones before they hit the recording layer, so there's no card data in the audio. No pause-and-resume, no redaction, no compliance exposure when a recording is pulled from archive.

Works with what you have

Any modern telephony — Genesys, Five9, Amazon Connect, NICE, 8x8, Talkdesk, RingCentral, 3CX, or a plain SIP trunk. , no per-seat hardware.

Live in days

Agents press one key to start a capture and watch a progress indicator. There's no script and no procedure to learn. Roll-out is days.

PCI DSS scope, before and after

PCI DSS Level 1 Service Provider certification badge

PCI DSS Level 1

Paytia carries the highest level of PCI certification, so your scope drops the moment you connect. For the full breakdown of what changed and what counts as compliant in 2026, read the PCI DSS v4.0.1 buyer's guide.

AreaWithout PaytiaWith Paytia
Self-assessmentSAQ D (329 controls)SAQ A (22 controls)
Network in scopeMost of your stackNone
Call recordingsPause-and-resume or redactNo restrictions
Staff trainingMandatory and recurringNone required

Who uses it

If you take card payments on a phone call and want the agent engaged through the payment step, this fits.

Contact centres

Agents stay engaged through the payment step — useful for upsell, retention, or any conversation where the call doesn't naturally pause.

  • Conversational throughout the capture
  • Works with any CCaaS
  • No secure-room build-out

See contact centre PCI compliance →

Financial services

Premiums, excesses, repayments, top-ups — taken on the phone with the agent still able to talk the customer through.

  • FCA-aligned data handling
  • Card data never on your network
  • Drops you to SAQ A

Utilities

High-volume bill payments and recurring set-ups where the agent needs to confirm the account, the amount, and the schedule on the same call.

  • Bill payments and arrears
  • Recurring payment set-up
  • Same flow at scale

Charities

Donations and recurring gifts captured live during fundraising calls without the donor reading their card aloud.

  • Live one-off donations
  • Recurring gift set-up
  • Donor card data never stored

Frequently asked questions

What is DTMF masking?

When a customer types card details on their phone keypad, every keypress generates a DTMF tone in the audio. DTMF masking replaces those tones with a flat sound in real time, before they reach your agent or your call recording. The card data goes straight from the customer's handset to Paytia and on to your payment gateway. You'll also hear it called DTMF suppression — it's the same thing.

What's the difference between DTMF masking and DTMF suppression?

Nothing — they're two names for the same technology. Vendors differ on which one they use in their marketing. We used to call it DTMF suppression ourselves; most of our customers search for DTMF masking, so that's what we lead with now. Both describe the same thing: intercepting the keypad tones in real time so they never reach your agent's audio or your call recording.

How is it different from Channel Separation?

Both keep card data out of your business and drop you to SAQ A. The difference is what the agent does. With DTMF masking the agent stays on the live audio throughout — they can talk the customer through the capture and pick up the conversation immediately afterwards. With Channel Separation the agent's audio path goes off-line during capture and voice prompts run the flow. Pick DTMF masking if you want the agent engaged through the payment step.

Does it work with my phone system?

Yes — modern CCaaS platforms (Genesys, Five9, Amazon Connect, NICE CXone, 8x8, RingCentral, Talkdesk), traditional PBX, and plain SIP/VoIP trunks. Integration is via API or SIP. Most setups are live within a week.

How does it reduce PCI DSS scope?

Card data never enters your network, your agents, or your call recording. Most businesses move from SAQ D (329 controls) to SAQ A (22 controls). The recording system stops being in scope because there's no card data in it to begin with.

Is agent training required?

A little — there's a one-click action per call. The agent enters the amount, presses one key to start the capture, then watches a progress indicator on screen until the payment authorises. That's the whole behaviour change; most teams pick it up inside a single shift. If you want zero agent training, Channel Separation is the variant to look at — the platform drives the capture automatically, and the agent does nothing during the payment step.

Can DTMF masking be used for MOTO payments?

Yes. It's built for card-not-present transactions over the phone — agent-assisted sales, mail-order, telephone-order, anywhere a customer would otherwise read card details over a call.

Want to see it on your telephony?

We'll set up a demo against the same phone system and gateway you already run. Most businesses are taking live payments within a week.

PCI DSS Level 1
Cyber Essentials Plus
Book a demoTalk to us

Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia

Related solutions

Other ways to take payments in this channel.

MOTO Payments

Take Mail Order / Telephone Order payments without the card number reaching your agents, your recording, or your systems.

Learn more

Agent-Assisted Payments

Your agent stays on the live call while the customer keys their card. We mask the tones so no card data reaches the recording or the agent's audio.

Learn more

Taking Card Payments Over the Phone

How to take card payments on a call legally, securely, and without landing in SAQ D. Covers agent-assisted, IVR, and outbound options.

Learn more