PCI-DSS compliance
DialPhone is PCI-DSS Level 1 audited annually. Collect payments by phone through IVR or agent-assisted capture without exposing agents to card data or polluting call recordings.
Capabilities
- PCI-DSS Level 1 audited annually by QSA
- Payment IVR: customer enters card via DTMF, agent never hears or sees card data
- Agent-assisted payment: pause/resume call recording automatically during card entry
- Tokenization of stored card data — raw PAN never persisted
- Integration with Stripe, Authorize.net, Adyen, Shopify Payments, and most major processors
- Network segmentation — payment processing isolated from voice infrastructure
- TLS 1.3 for all card data in transit
- Attestation of Compliance (AOC) available to customers under NDA
PCI-DSS FAQ
What PCI-DSS level is DialPhone?
Level 1 — the highest compliance tier, required for organizations handling over 6 million card transactions annually. Audit conducted annually by a Qualified Security Assessor (QSA).
Can agents see credit card numbers?
No. Payment IVR uses DTMF tones captured inside a compliant PCI boundary; the audio containing card digits is automatically muted from agent headsets and never recorded. Agents hear "pay now" confirmation, not the card data.
Do you support tokenization?
Yes. Card data is tokenized on capture; only tokens are stored in DialPhone or returned to the customer's payment processor. Raw PAN data is never persisted.
Which DialPhone plans include PCI payment features?
Contact Center Professional ($95/agent/mo) and Elite ($145/agent/mo) include payment IVR and agent-assisted capture. Business Phone plans handle inbound/outbound calls but do not include payment capture features.
Can I get the Attestation of Compliance (AOC)?
Yes. Customers handling card data receive the DialPhone AOC under NDA via the admin portal or on request to compliance@dialphone.com.