CardEasy and Call Record

Cost-effective network solutions for PCI DSS compliant card payment by phone & call recording

Customer service, liability and security issues now require full – time call recording, with the ability to retrieve calls ‘on demand’. But as legislative and regulatory requirements become more onerous, organisations with call centres and home workers (and the telecoms professionals who support them) also face pressure to demonstrate compliance on a real time and historic basis.

Call Record offers a comprehensive, network- based recording facility, meeting operational demands and budgetary constraints.

CardEasy telephone payment system lets you handle customers’ card details by phone even when calls are recorded.

CardEasy is level 1 PCI DSS-compliant to protect against fraud, whilst removing your call centre and home/remote working environment from the scope of annual PCI DSS audits.


Call Record Network level call recording solutions are extremely cost effective and increasingly popular, due to the flexibility on offer. Syntec provides a reliable and scalable solution requiring no capital expenditure, yet delivering improved customer dispute resolution, effective sales training (via play backs) and fully auditable and traceable audio records. Full time call recording has traditionally been expensive, but Syntec removes the need for expensive hardware (or poorer quality recordings) by utilising a resilient telecommunications network with a web interface. Call Record monitors and records your inbound and outbound calls and can easily include home users, branch offices and temporary locations.

A cost-effective network solution

You can choose which inbound and outbound telephone calls are recorded based on the dialled number, destination of call or even the agent making or receiving the call. All data is stored on the Syntec network, removing the need for additional archiving capability. Charges are calculated on a per minute basis, so charges fluctuate with the levels of recordings. Secure access to audio files Calls can be listened to in the call centre or remotely via a secure web connection. Call Record incorporates granular level listening permissions, so that individuals only have access to audio files relevant to their job function. Access to voice files is centrally logged for audit purposes. Easy to use Call Record is simple to use and update. A drag and drop interface ensures that recordings and permissions settings are easily managed. Records can be searched by criteria including time, date, dialled number, destination of call, calling line identity (CLI) and the agent/group that handled the call.

Free storage of recordings

Customers benefit from free audio archiving of recordings for up to 12 months with additional storage based on a ‘dual archive system’ which eradicates the risk of audio data loss.

PCI DSS background
The Payment Card Industry (PCI) Data Security Standard (DSS) aims to keep contact centres and mail order/telephone order payment by credit/debit/charge cards secure, by protecting information that could fall into the wrong hands and be used to make a counterfeit card or a fraudulent transaction. This includes the long card number, expiry date, CVV/CV2 numbers (the shorter ones on the back or front of the card) plus other details such as password, email address and name.Merchants and service providers are now required to certify to their acquiring banks that they are compliant.

Syntec’s level 1- compliant system for card payment by phone enables customers to enter their card numbers using the telephone keypad, both mid-call and in autopay (IVR) mode. Your agents no longer see or hear the sensitive card information (also excluded from call recordings), so they can remain on hand throughout the call for customer service.

Payment Authorisation

The CardEasy system processes the necessary payment authorisation and can pass the completed transaction data by http/https – and tokenised card data as appropriate – to your customer records/billing system.

How it works mid call

With the caller on the phone paying by card (1) the agent initiates the request for card authorisation through their web browser or CRM system (2). The caller is prompted to enter their card number on their telephone keypad by a series of rapid beeps, audio towards the agent is cut and the sensitive DTMF tones are masked from the call recording (3) & (4).

The agent is given visual feedback (on screen) of progress. When the card number has been received the process is repeated for the CV2 number. After the CV2 has been captured the transaction is submitted electronically to the PSP (Payment Services Provider) for processing (5). The authorisation result is given visually to the agent and (optionally) sent to your back office system (6). Because the caller’s card details are therefore not seen or heard by the agent, the call centre environment is removed entirely from PCI DSS scope – and the system even works for home/remote workers, an important design benefit.

Because the caller’s card details are therefore not seen or heard by the agent, the call centre environment is removed entirely from PCI DSS scope – and the system even works for home/remote workers, an important design benefit.

Key benefits of Syntec CardEasy

1 Available in Mid-call and Autopay (IVR) versions

2 Integrates with Syntec’s suite of network level & hosted call management solutions

3 Level 1 PCI DSS compliance for fraud protection

4 Captures customers’ credit card and authorisation numbers via the DTMF functionality of their telephone keypad, so your agents no longer have access to this information

5 Sensitive card data is also excluded from call recordings

6 Integrates with Payment Service Providers (PSP) and your back-office & CRM systems if required

7 Increases business flexibility by extending to home workers and remote locations

8 Saves time and costs by taking call centre operations out of scope of annual PCI audits

9 Low initial set-up cost, with low monthly per agent costs, or ‘pay per use’ charges fluctuating with business levels

PCI DSS stipulations and recommendations:
1 It is a violation to store sensitive card data after authentication without proper protection, including in call recordings – and in particular it is prohibited to store/record the CVV/CV2 number at all.2 Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of these elements.

3 Personal Account Numbers (PAN, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).

4 Encryption should be used when storing or transmitting sensitive data, including the need to avoid using unencrypted VoIP telephone systems.

5 Home workers should be tightly supervised to ensure that they are not receiving or storing sensitive client data in a manner which breaches the requirements – including being able to write client card details and authentication numbers down, or store them on unencrypted or removable media such as USB sticks.


For more information on how we can help your business why not call our friendly staff on 0344 472 0777