How our telephony and SaaS experience helps support contact center payment security projects

Contact center management, PCI DSS, Telecoms

How our telephony and SaaS experience helps support contact center payment security projects

Syntec background

Syntec was founded as a hospital bedside telephony company in 1998.  Whilst this business was subsequently sold off, we’d grown into a UK network operator, switching vast quantities of call traffic internationally on behalf of a growing customer base of call centers belonging to major merchants.

We’d also diversified into providing proprietary, managed SaaS services for call centers in response to customer demand (such as call routing, IVR, call recording, agent management and web-to-call analytics) and organically developed the R&D, deployment and support skillsets to match.

The growth of payment security in contact centers

Payment fraud and security compliance were a growing problem for call and contact center management, as hackers and criminals increasingly switched their focus from ‘cardholder present’ fraud (retail), where Chip ‘n Pin/EMV  was increasing security, to  the softer target of ‘cardholder not present’ transactions, including the web and phone payments to call centers.  Consumer experience of payment card fraud and media reports of data breaches and large-scale compromises of payment card numbers became commonplace.

The Payment Card Industry Security Standards Council (PCI SSC) was set up in 2004 to address this growing problem and to oversee global standards on behalf of the card brands (including Visa, Mastercard and American Express).

Syntec became a participating member organization of the PCI SSC and took part in evolving its global guidelines for protecting telephone-based payment card data (latest guidance updated in 2018).  Compliance with the Payment Card Industry Data Security Standard (PCI DSS) became a key task for management teams to address, along with other more regional data protection legislation such as GDPR for European citizens and the new California Consumer Privacy Act.

The telephony and contact center environment

Naturally, given our telecoms background, we were early pioneers of payment security using DTMF (Dual Tone Multi Frequency, the touchtone technology behind dialling and IVR menus) , launching our patented CardEasy ‘keypad payment by phone’ system in 2011.

This gave consumers the ability to enter their own payment card numbers instead of reading them out, using the keypad of their own phone when asked by the call center agent, or using an IVR self-service menu system. Automatic speech recognition (ASR) technology can now be used for the capture of payment card numbers via CardEasy, but in all these use cases the card data itself is no longer handled in the merchant’s contact center environment, nor stored in their systems or call recordings.

The extra security benefits of this DTMF masking technology (so called because the tones are suppressed, so they cannot be deciphered) are provided by integrating CardEasy with the merchant’s Payment Services Provider (PSP) as well as their telephony, so CardEasy is agnostic to telephony provider, PBX and also back-office CRM systems used.

More recently, we’ve introduced CardEasy Digital secure links and QR codes to provide a PCI DSS-compliant payment solution for web chat, email, SMS and chatbots, so that contact centers offering their customers  digital channels can offer secure payment via these channels too, again without the card data entering their contact center environment.


At the beginning of any request for information about CardEasy and before commencing any deployment project, we usually start with a discovery meeting  or dialogue with the merchant, to understand fully the telephony environment and contact center involved as well as the scale and geographic reach, to determine the environment in which CardEasy will be used – for instance ISDN telephony, SIP or a  mixture/ in transition; make and model of PBX; number of agents; IVR in use; voice only or multi-channel and so on.

Consultancy approach

This is where our telephony expertise and contact center systems pedigree really come into their own, because we have so much experience in the field – we’ve been evolving proprietary products and services for contact centers for a long time, so this understanding is in our DNA.

Danny Cresswell, our Chief Sales Officer, explains:

“Syntec has been helping its customers with their contact center telephony services for over 20 years and have seen them evolving both technologically and in terms of the range of services offered.  We really enjoy the challenge of understanding and meeting our customers’ needs and are often thanked for helping our customers discover and resolve things about their own environment or needs in the process.”

Partners and Customer feedback

Our partners and customers really do say that they appreciate this expertise too:

“The CardEasy solution easily de-scopes us from PCI DSS compliance and mitigates the risk of any internal fraud. The platform is scalable and easy to use…along with the confidence we have in Syntec who have been instrumental in a smooth implementation, guiding us and offering insight”

Eoin Heneghan Head of Collections, Allied Irish Bank 

“I just found that you guys were just so amazing from sales to tech support; just great to work with. It was probably one of the best implementations that I’ve seen in my career”

Major US healthcare benefits management firm Chief Information Security Officer

“Syntec has helped us improve our call center service levels and make cost efficiencies – a real win-win, backed up by very responsive levels of customer service”

Mathis Wagner Head of Customer Service, Charles Tyrwhitt Shirts

“CardEasy ‘keypad payment by phone’ was the perfect fit to resolve the PCI compliance and data security needs in Staples’ major call centers in Europe. This was because of its ease of use mid-call, the breadth of PCI DSS issues it resolves in one go, the flexibility of integration with all our differing systems and the ability for them to meet our tokenization requirements”

Jurgen van Roon Senior Project Manager – Security, Staples

“DTMF touchtone card payment in call centers is the new industry standard for PCI DSS-compliant MOTO payments by phone & call recording. Our integration and strategic partnership with Syntec’s CardEasy system lets merchants satisfy all the key PCI controls in this environment with just one solution.  It is also better trusted by customers than having to read their card numbers out, whilst also improving the customer/agent experience and reducing call handling times.”

Richard Simon Commercial Director, First Data