Cloud mashup offloads PCI compliance
A cloud-based voice recognition mashup enables companies to take credit card payments securely over the phone.

Contact centre provider NewVoiceMedia has introduced a cloud-based interactive voice recognition (IVR) service which it claimed can offload the need for companies to comply with the Payment Card Industry Data Security Standard, PCI DSS. The agent dealing with the call transfers it to the IVR in mid-call to take the customer's card data; the call is then returned to the agent for completion.
The new service merges NewVoiceMedia's existing automated card payment IVR with the ability to deal with a real human for the rest of the call. As NVM CEO Jonathan Gale put it, "It is just like handing the customer the in-store chip and pin device and looking away as they put in their PIN number."
He added: "Our customers are really excited about this approach as it allows the agents to deal with callers throughout the transaction, providing a personal touch, but not having to take their sensitive card data."
Complying with PCI has been mandatory since last year for companies taking credit cards over the phone, with penalties of up to £200,000 per breach for non-compliance. Gale said that the new service offers companies an alternative to handling PCI compliance themselves, either by training and bringing in processes to enable their own agents to take payments, or by taking the "disjointed" route of using a separate IVR system for credit cards.
"“We’re now able to take payments in 25 different countries working with diverse currencies, safe in the knowledge that we are fully compliant with PCI regulations," said Jag Tucker, global front office operations manager at SHL, a NVM customer which is now using the mid-call IVR.
He said that enabling contact centre agents to process smaller payments seamlessly and compliantly has improved SHL's cash flow and freed up its credit control department to chase the larger invoices. "What’s more, we’ve made sure our customers still get the best service possible by enabling our agents to make use of the mid-call technology, meaning they can take payment as part and parcel of giving customers the support they want,” he added.
Gale noted that because the service "is completely cloud based, it can be deployed quickly, scaled up immediately and just requires an agent to have a phone line and Internet connection." He added: "Service can be more personal and agents can be turned into real ambassadors rather than be shackled by cumbersome technology."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
-
Data sovereignty a growing priority for UK enterprises
News Many firms view data sovereignty as simply a compliance issue
By Emma Woollacott
-
Elevating compliance standards for MSPs in 2025
Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
By Ross Brewer
-
How ready is your company for NIS2?
Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
By Ross Kelly
-
Top data security trends
Whitepaper Must-have tools for your data security toolkit
By ITPro
-
Conquering technology risk in banking
Whitepaper Five ways leaders can transform technology risk into advantage
By ITPro
-
Advancing your risk management maturity
Whitepaper A roadmap to effective governance and increase resilience
By ITPro
-
When banking works, the world works
Whitepaper Five ways automated processes can drive revenue and growth across your bank
By ITPro
-
Automating digital resiliency in banking
Whitepaper Prioritize investment in solutions that mitigate a lack of digital resiliency when disruptions strike
By ITPro