Award winners

Blackfoot UK is an information risk, security and compliance specialist.  We help our customers to protect their information and data, but ultimately their brands, reputations and financial health.  Whilst our customers come from different industry sectors (retail, insurance, financial services), 80 per cent of our business is from personal referrals.  Why is this?
 We believe it’s because:   
  • We are specialists at what we do 
  • We provide honest, independent advice in plain English
  • We have a no-nonsense approach to consultancy
We are specialists at what we do - We’re experts in our field and we’re committed to keeping it that way.  Whether it’s data security, privacy or the latest on malware, hacking or cybercrime threats, we’ve got the specialists to help guide your business response.
We provide honest, independent advice in plain English - Blackfoot is a private company, which means we’re answerable to our customers and their interests, not external stock or stakeholders.  We’re here to do the best by your business. If you’d like our views on a particular product or solution, we’d be happy to help.  But because we’re independent, we don’t recommend, resell or receive commission on third party solutions. Data security and privacy is not always straight-forward.  Regulations evolve.  Standards overlap.  Cross-border cases are complex.  We’re well-versed with industry changes and can talk techie, but mostly we make things as simple as possible — and no simpler. 
We have a no-nonsense approach to consultancy - With us, what you see is what you get.  Our senior consultants work alongside customers throughout a project.  We help you learn from your mistakes, but as experienced consultants with proven methodologies we also help you learn from other people’s mistakes. 
Time, resource and budget are finite — and we understand this.  Our aim is to help you make the most intelligent use of your limited resources.  We certainly won’t recommend you spend £1,000 to protect £1.  In fact, we typically save our customers 70 per cent on average on their compliance budgets per year. 
This is all part of our no-nonsense approach, how we have earned our customers’ trust and built up long-term relationships over the years.  

De-scope your contact centres from PCI DSS whilst improving CX and GDPR compliance
Syntec's patented, award-winning CardEasy system is a one-stop compliance solution for customer 'keypad payment by phone'.  The DTMF masking technology de-scopes your contact centre environment from PCI DSS controls, whilst ensuring your MOTO card payments and call recordings are compliant.
CardEasy improves consumer trust and eliminates the payment card data from your contact centre environment, by removing the need for your customers to read out their card numbers over the phone.  By asking them to enter their card numbers using the keypad of their own phone instead (Mid-call in conversation with the agent or via customer self-service IVR), PCI monitoring and audit requirements for the contact centre are reduced to the bare minimum.  The sensitive card numbers no longer enter your systems or call recordings, cutting compliance costs and hassle whilst improving customer service and trust. The agent/customer experience is not interrupted as the agent remains on the call throughout – no handoff to an awkward IVR system – and the system reduces average call times and reduces the mis-keying of card data too.

CardEasy won the PCI Excellence Award for the third time in January 2019 and also won the Genesys 'Best Security Solution' award at Call & Contact Centre Expo in London in March 2018.   

Flexible CardEasy deployment 
CardEasy is supported by (and integrated with) the leading industry payment gateways and is designed to be universally quick and easy to implement.
Whether fully hosted; partially premise-based (CPE); or entirely cloud-based for larger enterprises and international use, CardEasy is a managed service and agnostic to your telephony and back office systems, so you can rely on our in-house telecoms and consultancy advice and expertise without the need to change your existing infrastructure.
Syntec – Integrated Contact Centre systems
Established as Syntec Telecom in 1998, Syntec is a PCI DSS level 1 Visa and Mastercard-listed service provider and a participating organization of the global PCI Security Standards council.
Syntec Limited. www.syntec.co.uk   t. 020 7741 2000   e. info@syntec.co.uk  
CardEasy videos and case studies:  http://www.syntec.co.uk/pci-dss-solutions/cardeasy/ 

Eckoh is a global provider of PCI DSS compliant Secure Payment and Customer Engagement solutions via its Eckoh Experience Portal. We also offer Third Party contact centre support and Unified Agent Desktop solutions. We’ve an international client base UK and US offices.

Secure Payment Solutions

Our solutions, which can be hosted in the cloud or deployed on the client’s site, removes sensitive personal and payment data from contact centres and IT environments. This offers merchants a simple and effective way to reduce the risk of fraud, secure sensitive data and become compliant with the Payment Card Industry Data Security Standards (“PCI DSS”) and can help towards GDPR.

Solutions include

  • CallGuard – Agent-Assisted payments
  • EckohPAY – Self-Service automated payments
  • Apple Pay, Google Pay, Paypal, Pay by Bank
  • ChatGuard – web chat payment.

Why Eckoh?

We're experts in our field, transforming contact centre operations by delivering a better customer experience across every channel, boosting agent productivity, reducing operations costs and maximising payment security. With over 20 years’ of award-winning experience in contact centre solutions, our team has seen every leap in technology — and always managed to stay ahead of the curve. Our approach focuses on our clients’ business goals so once we deploy a solution we work with you as a partner, not just a supplier.

Eckoh facts:

  • 2018 & 2017 Winner PCI Excellence Awards
  • World’s first secure payment solution via web chat
  • World’s first secure payment solution for Apple Pay over the telephone
  • Payment Innovation awards for Web Chat Pay and Apple Pay via Phone
  • Level One PCI DSS Service Provider since 2010
  • Patents for CallGuard in the UK and USA
  • We process over £1.5 billion in card payments annually

ECSC Group plc are a 'full service' cyber security provider, having been established for almost two decades. We were the first UK organisation to achieve PCI DSS Level-1 Service Provider Certification for a wide range of IT security managed services. We can also provide flexible solutions to help achieve rapid compliance to the PCI DSS standard.  Our PCI specialists are all Payment Card Industry Qualified Security Assessors (PCI QSA).

Gala Technology are an award winning company specialising in developing secure digital payment solutions predominately for the card not present (CNP) MOTO, Web Chat and Social Media channels. Their flagship product is SOTpay, winner of the 'Security Innovation Of The Year'​ at the National UK IT awards.

SOTpay is a unique piece of cloud based, PCI DSS certified software, which is quick and cost effective to deploy and is set to revolutionise the way businesses handle telephone and card not present transactions globally.

With card fraud at £566m in 2017 in the UK alone, pressure on business leaders from criminals has never been higher, hence the ongoing PCI DSS and GDPR requirements that organisations of any size must comply with or face hefty chargebacks, penalties and reputational damage.

SOTpay negates chargebacks associated with fraudulent card not present transactions and supports the business towards PCI DSS compliance by ensuring that no sensitive data enters the merchants environment and telephone agents do not handle or store any card data that may be exploited.

An extra layer of security on all telephone transactions, verifies the identity of the customer, whilst offering a familiar payment journey, thus increasing transaction acceptance, reducing processing costs, and even enables third party delivery solutions Being a cloud based solution and with the potential to work seamlessly with all payment service providers, SOTpay is simple to deploy into your organisation, without the costly expense of hardware, or the time consuming amendments to your existing telephony solution, regularly found with IVR or DTMF products.


Our mission is to help companies discover cardholder and sensitive personal data on their computer systems. Our software helps companies to prevent hacks and security breaches that result in the theft of employee and customer information.

Our software is being trusted by over 2,500 companies across 80 countries. By securing their data with our products it helps companies comply with important information security standards such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR).

At Ground Labs we are committed to continually maintaining high levels of customer satisfaction, we provide solution-oriented technical support 24 hours a day Monday – Friday.   

If you would like a free trial of our software please visit www.groundlabs.com

Our enterprise-ready software is the complete solution for the identification, remediation and monitoring of sensitive personal data across your entire network. We find more data types and support more platforms than anyone else. Using in-built scheduling and real-time alert features, keeping your data secure will become just another one of your company’s Business-As-Usual practices.

Search all the major locations personal data might be stored including, databases, documents, emails, deleted files, memory, disks, shadow files, cloud storage, servers and more.
Find over 200 personal identifiable data types including 95 relevant to The General Data Protection Regulation (GDPR). Identifies stored bank account numbers, SWIFT Codes, IBAN. Over 50 types of National ID supported across 28 EU countries.
7 different platforms - Windows, Mac, Linux, Solaris, FreeBSD, HPUX, and IBM AIX. In addition to this, we also support EBCDIC mainframe storage formats.
Remediate We help you take action to secure the information found. Our remediation process includes permanently deleting the data so it's unrecoverable, safely relocating the information to a secure location of your choice or modifying the data so that anything sensitive is removed without impacting the surrounding data.

Monitor through powerful reporting, quickly sees where the sensitive data is stored and what departments or teams have access to it.

Don’t let hackers turn your company into the next headline.

Discover your sensitive data today.

For further information please contact or visit us on:

W: www.groundlabs.com marketing@groundlabs.com

T: +44 203 137 9898

Make it easier and more secure for your customers to pay anytime, anywhere

We know that making it easy and safe for customers to pay is critical to your success.

That’s why we provide a flexible suite of modular payment solutions for a variety of sectors including retail, hospitality, gaming, financial services, local government, health and education, so you can offer customers a wide choice of secure payment methods to create a competitive advantage.

A 2018 PCI Awards for Excellence winner, Pay360 by Capita allows you to accept payments meeting your PCI responsibilities, whether in person, over the counter, online, on the move or using alternative payment methods (APMs).

We take on PCI DSS and GDPR compliance responsibility with agent attended and unattended solutions for the telephony environment to protect staff from hearing card details and keep customer data secure. We also pioneer digital channel shift to web-based payments for agent attended and unattended payments whereby callers are seamlessly guided to completing their transaction online.

Using the very latest artificial intelligence technology with smart automation, we can help reduce the operational costs of accounts receivables for more efficient payment collections.

To further optimize business success, our cutting-edge fraud and risk management platform streamlines decision-making to counter payment fraud, supporting anti-money laundering (AML) and Know Your Customer (KYC) to improve acceptance rates, revenue and customer experience.

Find out how Pay360 by Capita can help optimize the success of your business: 
t.     (0)333 313 7160 
e.     pay360digitalsales@capita.co.uk 
Follow us on Twitter and LinkedIn at @Pay360byCapita

PCI Pal’s mission is to safeguard reputations and build trust.

We do this by providing our channel partners with secure payment solutions for contact centres and businesses taking Cardholder Not Present (CNP) payments. Our globally accessible cloud platform empowers organisations to take payments securely without bringing their environments into scope of PCI DSS and other relevant security rules and regulations.

With the entire product portfolio served from the cloud, integrations with existing telephony, payment, and desktop environments are flexible and proven, ensuring no degradation of service while achieving security and compliance.

With extensive operations and technical experience of the contact centre sector, we’re uniquely qualified to deliver operationally efficient cloud-based security solutions to organisations operating on a global scale.

PCI Pal has offices in London, Ipswich (UK) and Charlotte N.C (USA).

For more information visit www.pcipal.com or follow the team on Twitter:  https://twitter.com/PCIPAL 


Semafone’s flagship Cardprotect solution makes it easy and cost effective to accept payments over the phone and strengthen data security, while meeting PCI DSS compliance.

Cardprotect allows callers to enter their payment card details directly into their telephone keypad, rather than reading them aloud – it does this using Semafone’s patented payment method that utilises DTMF masking technology.  Cardprotect replaces the telephone’s keypad tones with flat tones, ensuring that the payment card details are not captured on phone recordings and cannot be deciphered by either the contact centre agent on the line, or a cybercriminal who could hack into the network systems. The payment card data is encrypted and seamlessly sent straight to the payment service provider (PSP), meaning that it never enters your contact centre infrastructure. Through this entire process, the contact centre agent stays on the line, in full voice communication with your customers to ensure a positive customer experience.

By ensuring that sensitive payment card data does not touch the contact centre’s network infrastructure, Cardprotect dramatically reduces the scope for PCI DSS, reducing the cost, burden and complexity of compliance.

The world’s leading and iconic brands trust and depend on Semafone to safeguard their customers

Here’s why…

  • Semafone retains all four leading security and payment certifications - ISO 27001:2013, PA DSS for Cardprotect when deployed on-premises, PCI DSS Level 1 Service Provider and listed as a Visa Level 1 Merchant Agent
  • Only vendor with all four certifications
  • Highest number of customer deployments, clients, countries, agents and years in the contact centre business
  • 100,000+ contact centre CSR seats worldwide 
  • Delivers both carrier class cloud and on-premise solutions
  • Open and flexible architecture make it easy to deploy
  • Industry leading partners; including BT, Gamma, Genesys and Oracle
  • PCI Winner for Excellence 2017 & 2018, Best in Business Award 2018 and CNP Best Call Centre 2017.

Tel: +44 (0)845 543 0822

E-mail: emeasales@semafone.com

Visit: https://semafone.com/gb/


Silver Lining is a professional IT and telecoms provider offering the very best in business IT, telecommunications, data and mobile solutions. Whether it’s business broadband, telephone systems, IT infrastructure, mobiles, or just a memorable phone number – we’re here to help.
Through trusted long-term relationships with our clients, the team at Silver Lining realised that shopping around for suppliers is an unwelcome challenge. UK businesses would rather source their IT and telecommunication solutions through a single vendor who are able to present the bespoke solutions with a consultative approach – helping you maximise your full return of investment.

Our team are communications experts, skilled and experienced from handsets to hosting and everything in between. We provide tailored solutions through our team of Splicecom, Avaya, Cisco, Microsoft, HP, VMware, Citrix, and mobile app specialists. Our combined knowledge, innovation and expertise have led to contracts with a variety of household names.

The launch of our fourth-generation cloud platform ‘RevolutionCloud’ enables us to offer a unique solution to operate and manage your entire infrastructure – differentiating our offering from those ‘off-the-shelf’ solutions available. 

Our award-winning PCI compliance solution is based entirely within our private ‘RevolutionCloud’ infrastructure. This DTMF masking solution was designed to de-scope the contact centre and bring complete security to telephone card payment services - achieving the PCI award for ‘Innovation of the Year’.

At Silver Lining, we understand every business is different, our customers range from small, single site start-ups to complex multi-site enterprises and government organisations.

Applying a consultative approach, we work closely with you to identify your exact requirements. Our unified communications services can offer improved efficiency, reduced running costs and the flexibility to easily upgrade as your business grows. We pride ourselves on thinking ‘outside of the box’ – to find a solution that truly meets your needs.

For more information visit: www.silver-lining.com

Established in 1989, Sysnet Global Solutions provides payment card industry, cyber security and compliance solutions that help businesses to improve security and acquiring organisations to reduce risk.

We empower businesses to be secure and compliant through award winning cybersecurity solutions and extraordinary services and support.


TokenEx is a company founded on the principle of safeguarding our clients and their partners against the inherent risk of storing and sharing sensitive information. Focused on flexibility and custom solutions, the TokenEx Data Security Platform enables our clients to tokenise any data set across a range of environments and applications. Utilizing over twenty different token schemes, TokenEx secures the PCI and personal data of our clients to reduce their risk and meet their PCI DSS and General Data Protection Regulation (GDPR) compliance obligations, while still enabling their business processes.

Multi-channel Acceptance
Almost every organisation that sells products and services accepts payments through multiple acceptance channels—e-commerce sites, point-of-sale terminals, contact centers, and mobile apps. TokenEx has solutions to tokenise payment data for each of these acceptance channels, dramatically lowering your scope for PCI compliance and risk of sensitive data loss. 

Processor Agnostic
Utilizing TokenEx’s Transparent Gateway solution, you are free to maintain relationships with as many payment processors and gateways as you wish, while maintaining a single unified vault of payment card tokens. TokenEx enables you to exchange data with any third-party API without putting your internal systems in scope for PCI compliance.

Any Data Set
TokenEx can tokenise and secure any data set including PCI, ACH, and personal data. Most tokenisation solutions from payment processors or other tokenisation service providers only address payment information leaving you exposed to the risk associated with other data sets. TokenEx can secure all sensitive data, enabling you to address all of your compliance obligations and data security risk utilising a single platform.

Utilizing Tokenisation for Pseudonymisation
The GDPR is now in effect, with strong requirements to protect personal data  “by design and by default.“ Though the GDPR doesn’t contain detailed technical requirements for data security, it does call out the use of pseudonymisation as an appropriate mechanism for data protection. Pseudonymisation, replacing identifying or sensitive data with a pseudonym, is synonymous with tokenisation, replacing sensitive data with a token, a technology utilized by the Payment Card Industry for years to protect PCI.  

Learn more about how TokenEx can help your organisation reduce PCI scope and meet your data security obligations under the GDPR at https://tokenex.com. Follow us on Twitter and LinkedIn. Ph. +1.877.316.4544

As the first cloud contact centre services provider in Europe, and a supplier of PCI DSS level 1 certified cloud and scope reducing on-site PCI solutions, Ultracomms has been providing inbound, outbound and blended services for over a decade.  Our unique approach to development and support based on collaboration ensures the solutions we provide are tailored to fit individual client needs and are able to flex and adapt as requirements and technology demands change.

With customer-led feature development and proactive campaign monitoring and support we are able to help clients achieve maximum productivity while delivering best-in-class service to their end customers - enabling them to remain at the forefront of the rapidly evolving contact centre market.

Our open standards development philosophy ensures our cloud and on premise solutions are simple to integrate with any telephony infrastructure, software or CRM system, and our leading technology partners enable us to deliver advanced Omni-channel features to provide a complete contact centre solution.

  • Contact centre technology to improve performance
  • PCI DSS level 1 certified cloud and on-site solutions
  • Resilient, flexible and scalable to suit your ongoing needs
  • Simple integration with your existing infrastructure and any software or CRM system
  • Advanced speech analytics to enhance your customer experience
  • Data management and reporting made simple
  • Proactive campaign monitoring and support
  • In-house R&D delivering customer-led features and solutions