SecureCall: The Best-in-Class Way to Take PCI-Compliant Phone Payments

When customers call to make a payment, the last thing they should worry about is whether their card details are safe. Yet, for most contact centres, that risk is very real. Any time an agent hears or stores payment information, your organisation becomes responsible for protecting it — and, as I always say, anything stored can be stolen.

With over two decades of experience in the telecoms industry, I’ve seen how voice payments have become a significant security risk. For years, businesses have tried to reduce that risk by manually pausing recordings, muting lines, or relying on trust-based processes. But with today’s compliance regulations, those methods don’t hold water. PCI DSS requirements have evolved, customer expectations have shifted, and the truth is that manual workarounds just don’t provide the required evidence of protection.

That’s exactly why SecureCall was developed: it’s a simple, secure, and proven way to take card payments over the phone without ever bringing that data into your environment. In this article, I’ll walk you through how it works, what makes it different, and why it’s quickly become the best-in-class choice for businesses that need to stay compliant without compromising on customer experience.

–

What This Blog Covers:

• The Hidden Risk in Voice Payments
• Why Pausing Recordings Isn’t Protection
• How SecureCall Works
• Everyday Impact: For Agents, Customers, and Compliance Teams
• Why SecureCall Is Best-in-Class
• The Bigger Picture: SecureCall and the Evolve IP Platform
• Looking Ahead: The Future of Secure Voice Payments
• Securing Every Conversation
  

The Hidden Risk in Voice Payments

From the moment a customer starts reading their card number aloud to when an agent keys it in or the call is recorded, accepting card payments over the phone increases your exposure to cyber risks if they aren’t handled correctly. I’m not saying that your agents are purposefully mishandling data, but human error happens.

Small mistakes like numbers getting written down to verify details or typed incorrectly into a system can lead to non-compliance, or worse, put your business at risk. The bigger issue is that once card data passes through your phone or recording infrastructure, it technically falls under the Payment Card Industry Data Security Standard (PCI DSS). That means your business is responsible for how it’s handled, stored, and protected.

And here’s where things get a little scary: if something is stored, it can be stolen. It’s that simple. Whether that’s on a notepad, a local drive, or within a recording file, every piece of data you retain becomes a potential liability.

Check out this article to learn how to secure your calls today and remain PCI compliant.

Why Pausing Recordings Isn’t Protection

Before the PCI regulations were updated in March 2024, many organisations relied on what we call “pause-and-resume”: stopping the call recording when a customer reads out their card number, then resuming once payment is complete. It’s simple enough on paper, but it depends entirely on human behaviour. Once again, this is how human error becomes a security threat: if an agent forgets to pause or resumes too early, sensitive data could end up being captured.

Even if the recording was paused correctly, there is no evidence that it was. Today, in the world of PCI, good intentions don’t count: the regulations require you to actually prove that you’re compliant. You might think you’re compliant, but when an auditor asks for proof, a manual process offers nothing to show that the card data was genuinely protected.

Customers also feel uneasy reading out their card details to a person they don’t know. I know I certainly did when I was paying for a pizza over the phone 10 years ago. Even if your team is trustworthy, perception matters. You wouldn’t want your customer experience to be riddled with anxiety. Instead, making payments should be quick, easy and most importantly, secure.

That’s where SecureCall comes in: it removes that uncertainty by removing the need for anyone — agent or otherwise — to ever hear or handle payment data in the first place.

How SecureCall Works

Put simply, SecureCall routes the sensitive part of the payment process off your phone network while keeping the conversation seamless.

When an agent triggers a payment, the customer is prompted to enter their card details using their telephone keypad. Those tones — the DTMF signals — are masked so they can’t be interpreted or recorded. The customer stays on the same call, along with the agent, and the entire process continues in real time.

From the customer’s perspective, nothing changes. They don’t get transferred, and they don’t lose connection. From your organisation’s perspective, it’s transformative: no card data ever enters your systems. That means you dramatically reduce PCI scope, eliminate recording risks, and remove the need for complicated compliance controls.

If the customer makes a mistake, the system flags it automatically. The agent can guide them through the correction, but without ever seeing or hearing the card number. Everything is logged, time-stamped, and reportable — giving you the evidence you need to confidently demonstrate compliance.

Watch the video, courtesy of our partner, Evolve, below to see how this all works in action.

Everyday Impact: For Agents, Customers, and Compliance Teams

For agents, SecureCall couldn’t be simpler. When a customer is ready to pay, the agent clicks a single button to launch the SecureCall window. The system won’t allow payment to proceed until SecureCall is active – eliminating the human error risk of “forgot to pause.”

Customers appreciate the peace of mind that comes with not having to say their details out loud. It’s faster, safer, and feels more professional. That builds trust, which is exactly what every customer interaction should do.

For compliance teams, the biggest win is scope reduction. Because cardholder data never enters your infrastructure, your PCI compliance burden drops significantly. That’s not just about ticking boxes, it’s about reducing real-world risk and simplifying audits.

Why SecureCall Is Best-in-Class

There are plenty of voice payment tools out there, but most come with trade-offs like clunky integrations, poor customer experience, or restrictive hardware requirements. SecureCall was built to avoid all of that.

1. Integrates with your existing payment gateway:

It connects directly to the same gateway you already use for web or in-store transactions, so you don’t have to replace your payment provider. That means less disruption, faster deployment, and fewer vendor relationships to manage.

2. No new infrastructure required:

SecureCall runs over your existing telephony environment. If you’re already using Evolve IP voice services, it’s a native fit, so there’s no need for complex SIP setups or external hardware.

3. Simple, intuitive interface:

It’s a web-based platform that works wherever your agents work, whether they’re in the office, at home, or on the road. The interface is clean, straightforward, and built for efficiency. Your team could be trained in minutes.

4. Designed for scalability and simplicity:

SecureCall works just as well for five agents as it does for five hundred. It’s secure by design but intentionally friction-free. You don’t need to be a “techie” to use it, just consistent.

At its core, SecureCall embodies what best-in-class should mean: secure, simple, and user-focused.

The Bigger Picture: SecureCall and the Evolve IP Platform

SecureCall doesn’t have to be a standalone bolt-on. It’s part of the Evolve IP platform, which brings together communications, connectivity, and compliance under one umbrella. By using SecureCall within Evolve, you’re getting a unified environment where your phone systems, contact centre tools, and payment security all work together seamlessly.

This is important because the more fragmented your tech stack becomes, the harder it is to stay compliant. With Evolve, everything is integrated — reducing vendor complexity while improving visibility and control. It’s one ecosystem built for trust.

Looking Ahead: The Future of Secure Voice Payments

The next evolution of secure phone payments is about making security invisible. Customers don’t want to think about compliance: they want smooth, trustworthy experiences. Our goal with SecureCall is to deliver that balance between high assurance with zero friction.

We’re already seeing businesses of all sizes using SecureCall to close compliance gaps, reduce overhead, and give their customers and agents more confidence in every interaction. As PCI standards continue to evolve, SecureCall’s off-net, data-free architecture means you’re already future-ready.

Securing Every Conversation

You don’t need to put your business at risk by documenting cardholder data every time a customer pays over the phone. SecureCall eliminates those security and compliance threats by keeping sensitive information out of your environment entirely.

Manual processes and “pause-the-recording” shortcuts are no longer viable strategies, and they don’t meet compliance or customer expectations either.

At Babble, we help organisations simplify PCI compliance through SecureCall: a secure, connected platform built for modern business.

If you’d like to see how SecureCall fits into your current setup, book a short demo to learn more about the SecureCall platform and experience secure, compliant phone payments in action.