Skip to Main Content

Is My Business PCI Compliant?

Business communication technologies are advancing at record speed and have paved the way for increased consumer interactions. While organizations are rushing to adopt omni channel communications, a recent Harvard Business Review report revealed that the phone remains the preferred customer service channel for Canadian consumers.

Communicating by voice is faster, easier, and more effective than typing messages back and forth. For businesses looking to increase agility, their phone system is a powerful and frequently leveraged tool. According to Harvard’s report, 61% of consumers prefer to call a business when they’re in the purchase phase of the buying cycle, and are more likely to opt into phone-based communications when making a high-value purchase in verticals such as auto, finance, and travel. Therefore, it is imperative that organizations continue to offer phone-based support for credit card transactions.

Protecting Data

Customer-facing organizations are responsible for providing secure payment card transactions, meaning you need to leverage standard security procedures and technologies to thwart theft of cardholder data. Merchant-based vulnerabilities can materialize at any time in the card-processing ecosystem including point-of-sale devices, personal servers, paper-based storage systems, and unsecured transmissions of cardholder data between client and service provide. Compliance with the Payment Card Industry (PCI) and Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect cardholder data.

Activities that put cardholder data at risk:

  • Storing payment card numbers

  • Storing payment card expiration dates

  • Storing payment card verification codes

  • Storing customer data from the payment card magnetic stripe

What is PCI compliance & how does it relate to my business phone system?

Any business that processes credit card payments needs to abide by PCI compliance requirements. PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. Whether data is printed, stored in the cloud or transmitted over a public network, organizations that accept credit or debit cards are expected to protect cardholder data and to prevent their unauthorized use. For institutions that take credit card information over the phone, your business phone service provider needs to offer both call redaction and encryption for your business to remain compliant.


Previously an expensive solution requiring complicated hardware, call recording has since trickled down to become a feature offered in most, if not all, Business VoIP solutions. Thanks to the simplicity of Hosted PBX technology, your business can gain access to robust features like call recording without the headache and cost previously associated with it. Organizations often opt for call recordings to assess agent performance and assist with ensuring quality service, risk management, and professional development. While call recordings offer valuable business insights, supervisors simply don’t have the bandwidth to listen to the hundreds of call recordings made through their network.

Intelligent transcription automatically converts the audio recordings of conversations made through your network into text. The transcriptions enable supervisors to quickly read through conversations between caller and user and categorize calls by user, call type, duration, and date. If call recordings are being stored in your network, you may be required to use call redaction technology. Call redaction technology identifies credit card numbers and automatically removes them within the transcription text and audio recording. If an internal or external actor gains access to your files, the audio playback will be silenced during the recording and the digits in the transcription will be blacked-out from visibility.


If credit card data is being transmitted over open, public networks, it is critical to prevent the ability for someone to intercept the transmissions and view the data. Encryption is a technology used to render transmitted data unreadable by any unauthorized person. net2phone Canada enables encryption to ensure data cannot be intercepted for malicious intent. To illustrate which devices are encrypted, a lock symbol will appear on screen.

How do I know if my phone system is PCI Compliant?

If you’re unsure if your phone system supports PCI compliance, contact your provider and ask if your solution includes redaction and encryption. VoIP providers that offer these features do so for an additional cost. If your stem offers encryption, your physical device may display a lock icon on the screen during calls. If your VoIP provider does not offer these services, your business could face fines or be restricted from processing credit cards if found non-compliant during an audit.

You may be asking, ‘What company offers these specific features?’ Luckily for you, net2phone Canada takes cloud based business communications to new heights while simultaneously future proofing your venture, offering essential business phone features like a browser-based administrative portal, voicemail to email and call recordings. Explore our very own Call Recordings feature today to learn more about keeping your business up to speed and inline with corporate regulations, customer and organizational management.