Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties

Become a Basic Member for free. Click Here

Article : Preventing Dual-Tone Multi-Frequency (DTMF) Bleed for PCI DSS Compliance

#contactcenterworld, @Semafone

No matter what industry you operate in, if your call or contact center accepts payments over the phone, odds are that data security is one of your highest priorities. Protecting payment card data and other sensitive information is not only essential to maintaining customer trust and protecting the business from fraudsters; it is also required by a number of different legal regulations and industry standards – from the EU’s General Data Protection Regulation (GDPR) to the Payment Card Industry’s Data Security Standard (PCI DSS) and more. Contact center professionals may already be familiar with solutions like Dual-Tone Multi-Frequency (DTMF) masking to help protect telephone-based payments and meet compliance with these regulations, but what many do not realize is that not all DTMF masking implementations are fool-proof. In fact, some forms of DTMF masking can include technical risks that must be mitigated in order to ensure you’re adequately protecting card data and maintaining PCI DSS compliance.

Late last year, the Payment Card Industry Security Standards Council (PCI SSC) unveiled its newly-revised Guidance for Protecting Telephone-based Payment Card Data. In the updated guidance, the Council highlights DTMF masking as a viable method for descoping the contact center and its data from PCI DSS compliance. However, it also raised the issue of a potential risk associated with this technology: DTMF Bleed. Before we dive deeper into what DTMF Bleed is and how you can prevent it, let’s take a closer look at DTMF masking and how it works:

What is DTMF masking?

A DTMF masking solution enables contact centers to securely accept payments over the phone. Rather than reading their payment card details aloud to a customer service representative (CSR), the caller can simply input their card numbers themselves, by using their telephone’s touchtone keypad. DTMF masking replaces the keypad tones with a flat tone, which ensures that the card numbers are not heard by the CSR or captured on call recordings. Throughout the transaction, the CSR is able to remain in full voice communication with the customer in order to answer any questions that may arise.

Once the customer has input the numbers and the system has verified that the information is correct, it can then seamlessly pass the transaction data through to the payment service provider (PSP) for processing, bypassing the CSR and their desktop. This provides a way for companies to process sensitive information without it being handled directly by the contact center – thereby keeping the contact center and its IT and telephony infrastructure out of the scope of compliance for PCI DSS.

How Proper DTMF Masking Helps PCI DSS Compliance

One of the biggest benefits of DTMF masking is that it allows a contact center to record phone calls without worrying about capturing sensitive cardholder data on the recording. Organizations in highly regulated industries such as financial services are often mandated to record all telephone conversations that involve financial transactions with customers. Even organizations in other industries may record customer calls for a variety of reasons such as for training, quality control, legal purposes, or even to measure customer sentiment. These organization’s contact centers are then faced with the challenge of how to record calls while still complying with PCI DSS, which stipulates that sensitive authentication data such as three or four-digit security codes (CID, CVC2, CVV2 or CAV2) must never be recorded or stored.

Some organizations implement Pause-and-Resume (or Stop/Start) recording systems, as they appear to offer a quick fix by enabling the call recording to be either manually or automatically paused at the point of payment and resumed once payment is complete. But Pause-and-Resume only prevents the card data from being recorded and stored when used properly 100 percent of the time. In reality, this method can often be prone to errors and exposes organizations to considerable risk. CSRs may forget to pause the recording before the customer reads their payment card numbers or may forget to resume the call once the customer is done. Automated Pause-and-Resume solutions, as well, are far from perfect and can frequently make mistakes. Moreover, with Pause-and-Resume solutions, though the call recording is paused, the CSR can still hear the customer’s card details being relayed verbally and could choose to write them down, for fraudulent use later.

DTMF masking eliminates the need for Pause-and-Resume by ensuring that sensitive payment card data is kept out of the contact center in the first place and is never recorded or stored anywhere in its technology infrastructure. This means the entire contact center environment stays out of the scope of PCI DSS, allowing organizations to both maintain customer trust and reduce the risk of a brand-damaging data breach.

There are also substantial non-compliance related benefits to implementing a DTMF masking solution in a call center:

  • Better Customer Experience – The best DTMF masking solutions never require a call to be rerouted or transferred. CSRs remain in constant verbal communication with the customer while taking a payment, allowing easy assistance if any issues occur.

  • Reduction in Average Handling Time– The solution provides a single point of numerical entry, reducing opportunities for error during the collection of payment information. Because of this, information doesn’t need to be recaptured or corrected by the CSR, removing the need for a representative to read back or confirm the card details to the caller. In addition, while the customer enters their credit card information, the CSR is free to carry out wrap-up activities during this time.

  • Better CSR Experience – Not having the CSR exposed to sensitive payment data removes the need for restrictive PCI controls for employees. The CSR can be given access to the tools they need to do their job effectively without having to go through excessive security procedures.

  • Lower Risk of Data Being Hacked – Because payment card data is no longer being stored, transmitted, or processed within the contact center infrastructure, hackers are not able to steal payment card information. Hackers can’t hack what you don’t hold!

Yet, despite the many benefits of DTMF masking, the PCI SSC’s updated Guidance makes it clear that it does have one potential, and sometimes significant risk: DTMF Bleed.

What is DTMF Bleed and How Can It Be Stopped?

Some DTMF masking solutions rely on DTMF detection to understand when to begin masking the tones. This can introduce a delay and the initial portion of the DTMF tone may not be masked. This is an example of what’s known as DTMF Bleed; where DTMF tones have been identified but for whatever reason not completely obfuscated. The PCI SSC stresses that to be compliant, organizations must ensure that all DTMF tones – even the smallest, initial portions of the "DTMF Bleed" that may have been inadvertently missed by the masking process – are not present in the environment.

If DTMF bleed occurs, there is the potential for DTMF digits to be exposed, meaning card data is revealed, and the organization is brought back into scope for PCI DSS. Testing has found that even with a bleed duration as short as 2-3 milliseconds, a DTMF digit could be exposed, highlighting just how crucial it is to ensure all DTMF bleed is removed.

Noncompliance due to even the smallest DTMF bleed could be extremely detrimental to an organization – both financially and with regards to its reputation. Fines for non-compliance can range from $5,000 to $100,000 per month! There could also be additional fines for repeat violations, depending on the merchant’s acquiring bank. These fines can be reassessed monthly – rising over time – until the merchant is in full compliance. If the merchant still doesn’t comply, its ability to accept credit cards may eventually be revoked.

How to Prevent DTMF Bleed

Fortunately, there are actionable steps contact centers and payment processors can take to mitigate the risk of DTMF Bleed:

  • Work with a Qualified Security Assessor (QSA). These experts are well-versed in PCI DSS compliance and may be more vigilant in monitoring and responding to solutions that are allowing DTMF Bleed to occur in the first place.

  • Ensure proper testing and monitoring. The PCI SSC guidance recommends ‘regular review of the signal to validate the efficiency of the DTMF solution’. There are freely available engineering tools like Audacity or Wireshark that can be used to test for DTMF Bleed and easily identify telephony environments where card data is leaking.

  • Check that your DTMF masking solution has built-in bleed protection and bleed removal features to ensure DTMF digits cannot be recovered.

In order to protect their customers’ payment card data and ensure their organizations are fully PCI DSS compliant, contact center professionals must be well educated on the subject of DTMF masking technology and the potential for bleed. It only takes one mistake – in this case, a few milliseconds long – to expose an organization to the potential for fraud or a head-line grabbing data breach that damages the company’s reputation. But with the right technology solutions, proper testing and the help of data security experts, contact centers can ensure they are safeguarding not only their most sensitive data, but also their most valuable asset: their customers’ trust.

#contactcenterworld, @Semafone

About Semafone:
Company LogoSemafone provides secure voice transactions for contact centres and retailers taking Cardholder Not Present (CNP) payments. The solution allows a call - and the call recording - to continue as normal whilst the customer enters their credit card information using their telephone keypad. For complete security, Semafone's patented technology masks the Dual Tone Multi-Frequency (DTMF) tones from the cardholder's telephone and replaces them with a flat tone so they can't be recognised by the call centre agent or recorded on the call recording system. By ensuring all card data remains segregated and by removing Sensitive Authentication Data (SAD) before it hits the call recorder and the contact centre infrastructure, the contact centre is taken out of the scope of PCI DSS, protected against the risk of opportunistic agent fraud and the associated reputational risk.
Company RSS Feed   Company Facebook   Company Twitter   Company YouTube   Company LinkedIn   Company Profile Page

Today's Tip of the Day - Memorable Numbers?

Read today's tip or listen to it on podcast.

Published: Thursday, April 25, 2019

Printer Friendly Version Printer friendly version

2021 Buyers Guide Cloud Contact Center Solutions

Page: 123
Premium Listing
NobelBiz Corporation

NobelBiz OMNI+
NobelBiz’s latest product, the OMNI+, is a state-of-the-art contact center software that allows companies – regardless of the number of employees – to offer more efficient, standardized solutions to their clients. With OMNI+ you can manage your accounts on all popular platforms (from voice, to email, social media, and web chat) using a single browser. The software also offers effortless navigation between communication mediums and all customer interactions can be easily monitored by supervisors without interfering in their agent’s work. As far as integration goes, the product can be installed and ready to use in maximum 72 hours and can easily be overlaid in pre-existing infrastructures.
PH: 760.405.0105

Accordia Solution

Accordia Solution CIS
Accordia Solution is an innovative developer of seamlessly integrated cost-effective omnichannel Contact Center Solutions specifically targeted at the micro, small and medium operations.Our core business model involves the development and marketing of IP Telephony and IP Contact Center Solutions. We also strive to develop customer interaction solutions which include contact center and customer relationship management (CRM) that enhances Customer Experience Of The Future (CEOTF) and optimizes agent productivity.

Our flagship product, the Accordia Customer Interaction Suites (CIS), offers comprehensive functionality by helping your business meet and exceed the level of service in line with...
(read more)
PH: +603 5569 9816


Genesis Intelligent Series
Genesis is the latest advancement in Amtelco’s long line of call center solutions. This call center technology is entirely software-based and virtualized, with cloud-based capability. Genesis provides skills-based automatic call distribution (ACD), built-in speech recognition, text-to-speech (TTS), and voice services to improve call routing and management.

Arise Virtual Solutions

The Arise Platform
Arise is a pioneer of on-demand customer management business process outsourcing solutions, headquartered in Florida. Through the cloud-based Arise Platform, Fortune 50 and other companies connect to Service Partners who deliver authentic, loyalty-building interactions with their customers. Delivering radical flexibility to meet even extreme contact volume fluctuations, the award-winning Arise Platform is an innovative alternative to the traditional contact center.

Aspect Software

Aspect Via
Aspect Via is the premier large-enterprise cloud contact center platform and solution featuring best-of-breed contact management and workforce optimization applications. Cloud neutral technology enables businesses to choose the cloud, hosted or hybrid deployment environment they prefer.
PH: 1-888-547-2481

Astute Solutions

Astute Agent
Astute Agent gives your agents everything they need to work cases confidently and efficiently. This modern case management CRM is the preferred choice for Consumer Relations and Customer Care teams who support some of the world’s most prestigious brands.

Astute Agent balances agent efficiency with customer experience. Here’s how:

- Automated email responses
Using natural language processing, Astute Agent reads incoming customer emails and automatically supplies a response to agents to review and send.

- Auto-populated case fields
AI capabilities automatically suggest reason codes, product codes, and other case information, saving agents minutes per case.

- Time-saving case feat...
(read more)

Britannic Technologies

INBOX allows any digital interaction to be blended into single or multiple queues with zero service interruption with implementation. Organising them by business context with smart tagging and search filters, the events can be automatically prioritised and categorised. Automating the route to the correct agent or business orchestration rule. It also connects with all your social media channels, enabling you to respond and route accordingly in real-time. Customer sentiment is also indicated. Use it to measure trends across your business or by a single event so that your agents can easily prioritise responses.
PH: 01483 242526

Brook Trout Solutions

CCaaS, SIP Trunking, SD WAN, Interconnectivity
Brook Trout Solutions provides Technology Guide services to help Contact Centers to the best possible solution for their business. This includes:
CCaaS: Talk Desk, Five 9s, Nice, Genesys and more
SIP Trunks: Many Global Providers to lower cost and improve operational efficiency
SD WAN: Connect to customers rapidly with the latest network technology to scale with flexibility.
Our service are at no cost to our customers. We look forward to meeting you!
PH: 800-886-9199

Call Center Studio

Call Center Studio
Call Center Studio is the world’s first call center built on Google and is one of the most secure and stable systems with some of the industry’s best reporting. It is one of the most full-featured enterprise grade systems (with the most calling features, one of the best call distribution, outbound dialing features and integrations—including IVR, AI Speech Recognition, blended inbound/outbound calling and includes Google’s new Dialogflow and Speech API. Call Center Studio is the absolute easiest to use (with a 10 minute setup), and is the price performance leader with lower equipment cost and less setup time.
PH: +1 512-872-7565

Call Tracking Metrics

CallTrackingMetrics is the only contact center solution with marketing attribution software built in. Our powerful UCaaS platform lets you know upfront who is calling in, what campaigns they were referencing, and their previous history with your company. Partnering this data with tools to automate and streamline your team’s workflow frees you up to focus on truly delighting your customers.

Conditionally direct calls, texts, chats and forms based on:

• Actions the customer has taken on your website
• Whether they’ve previously contacted your business
• Which agent they last interacted with
• Custom criteria unique to your business needs
• The location nearest to your customer

(read more)
PH: 8005771872


Welcome to CallShaper – Harnessing the Power of the Cloud for Greater Sales Efficiency
For sales-based call centers, where margins are so tight, it’s all about closing. Thanks to CallShaper, inbound or outbound call center directors can have a dynamic, highly flexible platform that enables sales agents to focus on making the sale.

Thanks to CallShaper’s flexibility, call center directors who are managing multiple vendors from multiple locations can have everything they need on one platform that offers 99.999% reliability. And when it comes to reporting, CallShaper has no equal in providing real-time transparency.

With CallShaper, clients quickly find that they are better able to manage efficiencies at the sales rep level – and make more money!
PH: 888-276-1370

Cloud Call Center Search

From AI - WFO and everything in between!
Cloud Call Center Search has spent hundreds of hours evaluating and vetting leading cloud software applications (Omni-Channel, Artificial Intelligence, Business Intelligence, Workforce Management and many others) and their actual use in the trenches with real-world clients. As a result, we understand the strengths and weaknesses of cloud-based call center software solutions. At NO charge, Cloud Call Center Search will match your organization with the cloud software providers that are the best fit to drive positive ROI in your customer experience, sales, and back-office operations.
PH: 800-741-2998

Cloud IT Services GmbH

Dialfire offers you a complete call center solution that is simple and intuitive to use and adapts to your needs. It's completely cloud-based, saving you the hassle of setting up a phone system and installing software. In addition to predictive dialing and call blending of inbound calls, you can create personalized campaigns through an intuitive and easy-to-use interface. Features include automated workflows and full control over the agent screen.

You can see the full list of features here:

Connex One

Cloud contact centre technology with built in gamification tools, workforce optimiser, omni-channel, speech analytics, artificial intelligence, quality assurance, PCI-DSS payment platform, form builder and much more features. All seamlessly integrating with almost 100% of your inhouse applications & CRM systems - creating one powerful workflow platform. Increasing productivity, customer engagement, saving you cost. Available in opex model - pay per license per month. No binding contracts with NO cost for 24/7/365 support and full training with built in SLA.
PH: +27 73 485 8072 / +27 61 192 680

Consilium Software

Consilium AWS and Amazon Connect Offering
Imagine a cloud-based contact center that can make customer engagement easy, deliver answers, assistance, and resolutions in a very personal manner, and in the context of your customers’ actions. Amazon Connect is a self-service, cloud-based contact center that provides a seamless omnichannel experience through a single unified platform for voice and chat. Contact center agents and managers don’t have to learn multiple tools, because Amazon Connect has the same contact routing, queuing, analytics, and management tools in a single UI across voice, chat, and mobile interface. Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully...
(read more)
PH: (+61) 406 501 368


Cloud contact software that makes customer contact pain free, so your team aren’t worrying about complex technology and can focus on what they do best. Take control, and design the perfect agent interface with a drag-n-drop visual editor. Combined with AI, leverage data-driven contact strategies to ensure the right agent is contacting your customers at the right time & on the right channel.
PH: +61288803111

Content Guru

Content Guru makes engagement easy. A global leader in cloud communications solutions, we deliver off-the-shelf and bespoke customer engagement and cloud contact centre services, through the multi-award-winning 𝘀𝘁𝗼𝗿𝗺® platform.

Europe’s largest Customer Engagement and Experience platform, 𝘀𝘁𝗼𝗿𝗺, brings together intelligent automation, third-party systems integration, and on-demand scalability to enhance all customer communication functions. With true omni-channel engagement capabilities, 𝘀𝘁𝗼𝗿𝗺 gives organisations the power to create consistent and seamless experiences for customers, inspiring loyalty and powering success.

CSX Cloud

CSX Cloud
CSX Cloud provides a full omnichannel cloud-based turn-key customer communications solution as a service based on a monthly subscription with no long term commitments. Our easy to use solution and top-notch customer service makes it an easy choice to get started today.
PH: 18665474764


Edify Huddle
Edify connects businesses with customers and employees with each other. The company’s Business Communications as a Service (BCaaS) platform, Huddle, is the only one that unites unified communications (UC), contact center (CC) and communications platform (API) functionality in a single software solution that lets users move seamlessly among channels within one conversation. Edify removes all the risk of using its cloud-based platform with five free users forever, global availability, real-time redundancy, usage-based pricing and a 100% SLA uptime guarantee.


Empirix Hammer Cloud
Empirix is the recognized leader of end-to-end contact center test automation and script development solutions on the market. Our renowned product line, Hammer, offers functional, regression, systems integration, performance, and customer experience testing for on premises, hybrid, and cloud environments. We also offer work-from-home test solutions to ensure continuity of experience for your customers across any environment.

Hammer Cloud Platform (HCP) is Empirix’s new comprehensive, test automation offering that integrates functional, regression, systems integration, performance, and customer experience testing into an intuitive, software-as-a-service (SaaS) solution.

With HCP, it’s...
(read more)
PH: +1 978 313 7000
Page: 123

ABOUT US IN 60 seconds!

Sponsor Message

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total =
session page-view-total =
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =