Secure Telephone Payments

Founded: 2009
HQ: Guildford / United Kingdom

Semafone provides software to contact centers so they can take personal data securely over the telephone. Our patented data capture solution collects sensitive information such as payment card details directly from the customer’s telephone keypad for processing. This approach mitigates the devastating financial and reputational risk caused by data breaches.

  • Financial Services
  • Ecommerce
Primary Functionality
  • Data Provider & Verification
Fraud Type

Reference Customer

Amica Mutual Insurance


Virgin Holidays





Chase Paymentech





Over 30 other Payment Service Providers


Fraud Solution Profile

Semafone secures personal data, helping contact centers become PCI DSS compliant while protecting against brand damage and reducing risk.

Semafone’s patented payment method, Cardprotect, enables contact centers to securely take payments over the telephone. Consumers enter their payment card data into their telephone keypad, giving them control over their own data, while remaining on the line with the agent. The Dual Tone Multi-Frequency (DTMF) tones are masked and replaced with flat tones so sensitive card data cannot be recognized by the contact center agent or a malicious eavesdropper, or be captured on a call recording system. Semafone’s technology automatically segregates the data and securely routes it directly to the payment processor, keeping it out of the contact center infrastructure completely.

The need for Semafone’s approach has never been greater, card-not-present (CNP) fraud is growing and criminals are increasingly targeting contact centers – the “weakest link” in a merchant’s security chain – as a preferred channel for stealing consumers’ payment card data and other sensitive information. By ensuring sensitive data is segregated and removed before it hits the call recorder or the contact center infrastructure, Cardprotect reduces the scope of the Cardholder Data Environment (CDE) immediately upon implementation. This helps mitigate the risk of fraud and data breaches, while dramatically reducing the cost and effort for contact centers to meet and maintain compliance with Payment Card Industry Data Security Standards (PCI DSS).

Semafone’s technology can replace the inadequate, yet legally accepted, practice of “Pause and Resume,” whereby contact centers record calls up until the point where a customer reads aloud their sensitive information, and then resume the recording afterward. While this practice may keep card numbers off call recordings, it opens up opportunity for fraudulent activity to occur while the recording is paused. Rogue agents may be copying down card data or even using social engineering tactics to persuade callers to disclose further personal information. Additionally, with manual Pause and Resume systems, the agent may forget to stop the recording, unintentionally logging sensitive information that is now vulnerable if recordings are breached.

Semafone integrates seamlessly with all existing contact center technology and payment gateways or tokenization solutions to ensure rapid deployment with minimal disruption to the business. Semafone’s patented payment method is used by more than 80 organizations in 22 countries on five continents. With the Semafone solution, protecting contact centers and their customers from both external and insider fraud is easy. Sensitive data is kept out of the contact center, reducing the reputational risk associated with a data breach while ensuring that customers’ personal data is safe and secure.

Share this page: