Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties


Here are some suggested Connections for you! - Log in to start networking.

How can I avoid storing card data when taking payments? - Eckoh - Blog

How can I avoid storing card data when taking payments?

Are you worried that storing customer card data will make you a target for criminals? If so, you're not alone. Most merchants feel the same way. But there is an answer.

Most of us would feel on-edge if we walked around with £50,000 in crisp banknotes stuffed into our pockets. So it's no surprise that the majority of merchants feel the same about the precious customer card data they're holding onto in their contact centres — especially as it places them within scope for PCI DSS compliance.

Recent research from American Express shows that 55% of merchants store customer profiles and card payment details for future purchases — and another 22% plan to do the same in the next 12 months*. However, 73% of merchants feel that storing customer credit cards on file is a security concern for their business. And 76% would prefer not to store customer credit card details at all. Some are bothered about the costs involved too.

But it seems that the need to offer simple payment options and deliver great customer experiences — to stay competitive — may have pushed merchants into this uncomfortable position. So what's the answer?

Where is card data hiding?
Before looking at solutions, it's worth exploring where customer card details are stored within a typical contact centre. It can be unnerving to discover where pockets of precious data end up:

  • PBX-telephony systems: If you take payments over the phone, then sensitive details could be found here.
  • Databases: These are an obvious location for sensitive data. But how good is your security around them?
  • Applications/CRM: Card details could be found alongside your customers' account profiles.
  • Call recordings: Calls are often recorded for training or legal purposes. But recordings can inadvertently contain card numbers spoken aloud by customers or entered using audible DTMF keypad tones that can be deciphered back into numbers.
  • Contact Centre Agents: It's not unknown for agents to scribble down people's numbers or cut-and-paste details from one screen to another because of system issues. It's an area of vulnerability even if agents don't have fraud in mind (though this can be a motive).

PCI DSS non compliance isn't an option

Any merchant that wants to process, store or transmit credit card data needs to be compliant with PCI DSS industry standards. Navigating PCI DSS involves checking PCI merchant levels, investigating the best way to provide PCI DSS compliant payments and completing a PCI assessment.

But attempting to handle each of these areas yourself using an array of PCI DSS compliant solutions can be complex, costly, time-consuming — and never totally secure. Think about new equipment, integration, patching, training and trying to enforce strict policies. Even then, you're still vulnerable to human error, mischief-making or insider fraud  

You'll still be a target too — for criminals that are getting increasingly sophisticated in their modes of attack. So what's the alternative to trying to sort your own contact centre compliance?

Lifting the burden from your business

Rolling back on customer convenience isn't the way to go. But it's possible to overcome the data security risks by using a solution that prevents data entering your systems in the first place – such as Eckoh CallGuard or ChatGuard.

For customers, the process is ultra smooth. They still speak or chat to your agents, use your familiar apps and your website as normal. What's more, with a PCI Level 1 partner such as Eckoh, you can add extra payment methods securely — such as Alternative Payments, Chat Payments or IVR payments.

Behind the scenes, CallGuard prevents any sensitive data from entering your contact centre systems. Instead, data passes through Eckoh’s secure platform to the Payment Service Provider (PSP) and transaction success is confirmed by return.

Inside your contact centre, the data is masked by Eckoh’s patented tokenisation technology which makes sure that the real card data is not exposed to your agents or systems.  

So your entire contact centre environment is shielded from any trace of sensitive data. This means that even if criminals managed to get around your security, infiltrate your workforce or obtain information from systems — there's nothing sensitive to steal.

Entirely de-scoping your contact centre means that customer service directors, contact centre managers, chief security officers and heads of compliance can breathe a sigh of relief. While they cannot pass on the whole burden of PCI DSS compliance, it can ease the load, risk and the worry.

Call centre compliance made easy

De-scoping your contact centre can be quick and relatively pain-free. It doesn't require the wholesale removal of your technology, expensive investment, painful integration and months of disruption impacting staff and customers.

With a cloud-based platform, such as the Eckoh Experience Portal, you can quickly access all the engagement channels and payment solutions you need to truly transform customer engagement and protect customer data as well as achieving, and maintaining, PCI DSS compliance.

Publish Date: June 2, 2020 4:16 PM

2021 Buyers Guide Surveys

Nuxiba Technologies

Provide an unparalleled, engaging user experience for the creation of dynamic voice broadcasting campaigns. Its block-based interface enables you to develop easy to complex call flows aligned with given strategic business targets by simple drag and drop operations.

Mass Automated Telephone Surveys are based on a key-pad answering system that enables you to poll large audiences with your own custom questions. They are great for:

- Building Customer Loyalty
- Lead Generation
- Enhancement of Current Service Portfolios

Manage the platform with great ease and assess your results. Schedule your demo or request a quote today!

View more from Eckoh

Recent Blog Posts:
Contact centre resilience – 5 lessons learned from COVID-19June 16, 2020 5:26 PM
How to make remote working secureJune 2, 2020 4:26 PM
Self-Service - what's in it for me?June 2, 2020 4:22 PM
How can I avoid storing card data when taking payments?June 2, 2020 4:16 PM
Your PCI DSS compliance – can you see the hidden threatsJune 2, 2020 4:13 PM
Are your callers trapped inside the IVR that time forgot?August 9, 2016 5:00 AM
Fine Tuning Your IVR Can Win You CustomersJuly 28, 2016 5:00 AM
What to do — if your IVR behaves badly?July 14, 2016 5:00 AM
Should we use Pause-and-resume call recording to meet PCI Compliance?May 4, 2016 5:00 AM
It’s true- IVR Systems don’t have to be frustratingMarch 30, 2016 5:00 AM

About us - in 60 seconds!

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total =
session page-view-total =
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =