Award winners

Make it easier and more secure for your customers to pay anytime, anywhere

We know that making it easy and safe for customers to pay is critical to your success.

That’s why we provide a flexible suite of modular payment solutions for a variety of sectors including retail, hospitality, gaming, financial services, local government, health and education, so you can offer customers a wide choice of secure payment methods to create a competitive advantage.

A 2018 PCI Awards for Excellence winner, Pay360 by Capita allows you to accept payments meeting your PCI responsibilities, whether in person, over the counter, online, on the move or using alternative payment methods (APMs).

We take on PCI DSS and GDPR compliance responsibility with agent attended and unattended solutions for the telephony environment to protect staff from hearing card details and keep customer data secure. We also pioneer digital channel shift to web-based payments for agent attended and unattended payments whereby callers are seamlessly guided to completing their transaction online.

Using the very latest artificial intelligence technology with smart automation, we can help reduce the operational costs of accounts receivables for more efficient payment collections.

To further optimize business success, our cutting-edge fraud and risk management platform streamlines decision-making to counter payment fraud, supporting anti-money laundering (AML) and Know Your Customer (KYC) to improve acceptance rates, revenue and customer experience.

Find out how Pay360 by Capita can help optimize the success of your business: 
t.     (0)333 313 7160 
e.     pay360digitalsales@capita.co.uk 
Follow us on Twitter and LinkedIn at @Pay360byCapita

Armor is the first Totally Secure cloud company that protects customers’ vital assets and helps prevent data breaches through managed multi-layer security for public and private clouds. The Armor team also applies extensive military cyber security experience for proactive threat detection, response and remediation. Forward-thinking organizations trust Armor for data security and compliance to stay ahead of cyber threats in the cloud. To learn more, visit www.armor.com or follow @armor.

De-scope your contact centres from PCI DSS whilst enhancing customer/agent experience & GDPR compliance
CardEasy is Syntec's patented, award-winning DTMF masking solution for customer 'keypad payment by phone' and de-scoping your contact centre environment from PCI DSS controls, whilst ensuring your MOTO card payments and call recordings are PCI DSS compliant.
CardEasy is trusted by consumers, as it removes the need for them to read out their card numbers over the phone.  By asking them to enter their card numbers using the keypad of their own phone instead (Mid-call in conversation with the agent or via self-service IVR Autopay), PCI monitoring and audit requirements for the contact centre are reduced to the bare minimum.  The sensitive card numbers no longer enter your call centre environment or call recordings at all, cutting out compliance costs and hassle whilst improving customer service and trust. The agent/customer experience is not interrupted as the agent remains on the call throughout – no handoff to an awkward IVR system – and the system reduces average call times and reduces the mis-keying of card data too.

CardEasy was the winner of the PCI Excellence Award for the second time in January 2018 and won the Genesys 'Best Security Solution' award at Call & Contact Centre Expo in London in March 2018.   

Flexible CardEasy deployment 
CardEasy is supported by (and integrated with) the leading industry payment gateways and is designed to be universally quick and easy to implement.
Working either as a fully hosted managed service; partially premise-based (CPE); or entirely cloud-based for larger enterprises and international use, it is designed to be CRM and telephony agnostic – you can rely on our in-house advice and expertise, but CardEasy works with your existing telephony and back-office systems, there’s no requirement to use ours.  
Syntec – Integrated Contact Centre systems
Established as Syntec Telecom in 1998, Syntec is a PCI DSS level 1 Visa and Mastercard-listed service provider and a participating organization of the global PCI Security Standards council.
Syntec Limited. www.syntec.co.uk   t. 020 7741 2000   e. info@syntec.co.uk  
CardEasy videos and case studies:  http://www.syntec.co.uk/pci-dss-solutions/cardeasy/

PCI Pal is a suite of solutions designed to help run your customer contact operations in adherence with the Payment Card Industry Data Security Standard (PCI DSS).  PCI Pal solutions have been developed for the contact centre market by a team of contact centre specialists.  When it comes to PCI compliance, PCI Pal are pioneers in the customer contact space.
We have a long history of agent assisted and fully automated contact centre payment solutions.  From our own experience we know how difficult and costly adhering to PCI compliance can be.  Our aim is to make it as easy as possible for you to become compliant for all of your payment needs.
PCI compliance for any contact centre is a challenge, whether you have 20 staff or 2,000.  We have developed a pragmatic approach to compliance which marries risk reduction with operational efficiency.  As contact centre people, we believe strongly that the operational running of the contact centre must, above all else, be the priority.  PCI compliance should be achieved to benefit operations using a risk reduction and cost model quantifiable to payments, which are ultimately what PCI compliance is there to protect.
We are able to integrate our truly cloud based offerings through a variety of methods making the transition to compliant payments simple and low risk.  We cover a broad range of PCI environments with solutions across agent-assisted payments, automated payments, live agent outsourcing, call recording, and legacy data cleansing and protection.


Website: www.pcipal.com Call: +44 207 030 3770 (UK) +1 866 645 2903 (US)

App: https://www.pcipal.com/en/solutions/agent-assist/

Eckoh is a global provider of PCI DSS compliant Secure Payment and Customer Engagement solutions via its Eckoh Experience Portal. We also offer Third Party contact centre support and Unified Agent Desktop solutions. We’ve an international client base UK and US offices.

Secure Payment Solutions

Our solutions, which can be hosted in the cloud or deployed on the client’s site, removes sensitive personal and payment data from contact centres and IT environments. This offers merchants a simple and effective way to reduce the risk of fraud, secure sensitive data and become compliant with the Payment Card Industry Data Security Standards (“PCI DSS”) and can help towards GDPR.

Solutions include

  • CallGuard – Agent-Assisted payments
  • EckohPAY – Self-Service automated payments
  • Apple Pay, Google Pay, Paypal, Pay by Bank
  • ChatGuard – web chat payment.

Why Eckoh?

We're experts in our field, transforming contact centre operations by delivering a better customer experience across every channel, boosting agent productivity, reducing operations costs and maximising payment security. With over 20 years’ of award-winning experience in contact centre solutions, our team has seen every leap in technology — and always managed to stay ahead of the curve. Our approach focuses on our clients’ business goals so once we deploy a solution we work with you as a partner, not just a supplier.

Eckoh facts:

  • 2018 & 2017 Winner PCI Excellence Awards
  • World’s first secure payment solution via web chat
  • World’s first secure payment solution for Apple Pay over the telephone
  • Payment Innovation awards for Web Chat Pay and Apple Pay via Phone
  • Level One PCI DSS Service Provider since 2010
  • Patents for CallGuard in the UK and USA
  • We process over £1.5 billion in card payments annually

SecurityMetrics delivers innovative solutions for payment data security with an exceptional value to customers worldwide. SecurityMetrics is one of the few companies certified by the major card brands and PCI Security Council to perform PCI scans (ASV), PCI DSS Assessments (QSA), Payment Application Data Security Standard Audits (PA-QSA), PCI Compliant Point-to-Point Encryption Audits (PCI P2PE QSA), and PCI Forensic Investigations (PFI).
Since its founding date, SecurityMetrics has tested over 1 million payment systems for data security and compliance. Among other products and services, SecurityMetrics offers PCI audits, PA-DSS audits, consulting, mobile device vulnerability scanning, penetration testing, data discovery tools, and forensic analysis. The company has received many awards for company growth, customer service, and product innovation, including the Inc. 500, Stevie Awards for Sales and Customer Service, and Ernst and Young Awards.
Founded in October 2000, SecurityMetrics is a privately held corporation headquartered in Orem, Utah. For more information visit www.securitymetrics.com.

ECSC Group plc is a fully accredited PCI DSS Level-1 certified Service Provider – the first in the UK to offer managed IT services.  ECSC Group plc is listed with Visa Europe as a Level-1 Merchant Agent and a Level-1 Member Agent.
All ECSC solutions are designed by Qualified Security Assessors to ensure full compliance with the standard, and appropriate integration with internal processes.  Specific PCI DSS managed services include: web application firewalling, daily log review, intrusion detection systems, and file integrity monitoring.
ECSC can assess your PCI DSS compliance, or work with your own QSA.

ECSC have recently been awarded a 2017 PCI Award for Excellence, for demonstrating "outstanding examples of best practice in payment security and PCI DSS projects and implementations".

For further information please visit: www.ecsc.co.uk.

Eliminate costly PCI programs with Cardprotect from Semafone, a proven secure voice solution which enables contact centres to take payments over the phone without agents ever having to hear or see credit card details.
The award winning software allows a call - and the call recording - to continue as normal whilst the customer enters their credit card information into their telephone keypad. For complete security, Semafone's patented technology masks the Dual Tone Multi-Frequency (DTMF) tones from the cardholder's telephone and replaces them with a flat tone so they can't be recognised by the call centre agent or recorded on the call recording system. By shielding callers' payment card information and keeping sensitive data out of the call centre's infrastructure, Cardprotect helps to minimize the risks associated with potentially brand-damaging data breaches and fraud.
Semafone has achieved the four leading security and payment accreditations: ISO 27001:2013, PA DSS certification for its Cardprotect software, PCI DSS Level 1 Service Provider and is a Visa Level 1 Merchant Agent.
Follow us on Twitter @Semafone, google+, LinkedIn or www.semafone.com

Silver Lining is a professional IT and telecoms provider offering the very best in business IT, telecommunications, data and mobile solutions. Whether it’s business broadband, telephone systems, IT infrastructure, mobiles, or just a memorable phone number – we’re here to help.
After years of listening to customers’ communication challenges and having worked for a variety of tier-one industry partners, the founding team here at Silver Lining realised that shopping around for suppliers is a hassle. UK businesses would rather source their IT and telecommunication solutions through a single vendor that tracks down the best deals so they don’t have to. Fortunately, that’s exactly what we do. We call it “convergence”!
We’ve assembled a team of experts from across the entire communications spectrum, from handsets to hosting and everything in between. We provide show-stopping solutions through our team of Splicecom, Avaya, Cisco, Microsoft, HP, VMware, Citrix, and mobile app specialists. Our combined knowledge, innovation and expertise have led to contracts with household names.
Recently, we have been recognised for our achievement in the PCI compliance field with a prestigious Innovation of the Year award. We have worked to build a DTMF masking solution to de-scope the contact centre and bring complete security to telephone card payment services. The launch of our fourth-generation cloud platform RevolutionCloud has granted us the opportunity to build a PCI compliance solution based entirely within the cloud.
We understand every business is different ­ one size definitely doesn’t fit all. That’s why we’ll work with you to understand exactly what you need, then build and implement the solution that’s right for your business. Our unified communications services can offer you improved efficiency, reduced running costs and the flexibility to easily upgrade as your business grows. There’s no off-the-shelf solutions here ­ we think outside the box!

SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. 

SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.   

SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture. 


Our gateway offers industry leading, global payment processing services and advanced fraud management solutions - for merchants, industry partners and acquiring banks. We recognise that the digital commerce market represents a key area of growth for our customers. As such, it's a key focus for us at Mastercard. We have aggressively invested in payment gateway assets, by both acquisition and development of proprietary technology, to provide a superior gateway offering that can assist our customers meet their business objectives.
As a global partner to some of the world's most recognisable brands, Mastercard Payment Gateway combines smart thinking and an end-to-end solution to help its customers transcend the complexities and expense associated with payment processing.

For further information, please visit www.mastercard.com/gateway/index.html

TokenEx is a company founded on the principle of safeguarding our clients and their partners against the inherent risk of storing and sharing sensitive information. Focused on flexibility and custom solutions, the TokenEx Data Security Platform enables our clients to tokenise any data set across a range of environments and applications. Utilizing over twenty different token schemes, TokenEx secures the PCI and personal data of our clients to reduce their risk and meet their PCI DSS and General Data Protection Regulation (GDPR) compliance obligations, while still enabling their business processes.

Multi-channel Acceptance
Almost every organisation that sells products and services accepts payments through multiple acceptance channels—e-commerce sites, point-of-sale terminals, contact centers, and mobile apps. TokenEx has solutions to tokenise payment data for each of these acceptance channels, dramatically lowering your scope for PCI compliance and risk of sensitive data loss. 

Processor Agnostic
Utilizing TokenEx’s Transparent Gateway solution, you are free to maintain relationships with as many payment processors and gateways as you wish, while maintaining a single unified vault of payment card tokens. TokenEx enables you to exchange data with any third-party API without putting your internal systems in scope for PCI compliance.

Any Data Set
TokenEx can tokenise and secure any data set including PCI, ACH, and personal data. Most tokenisation solutions from payment processors or other tokenisation service providers only address payment information leaving you exposed to the risk associated with other data sets. TokenEx can secure all sensitive data, enabling you to address all of your compliance obligations and data security risk utilising a single platform.

Utilizing Tokenisation for Pseudonymisation
The GDPR is now in effect, with strong requirements to protect personal data  “by design and by default.“ Though the GDPR doesn’t contain detailed technical requirements for data security, it does call out the use of pseudonymisation as an appropriate mechanism for data protection. Pseudonymisation, replacing identifying or sensitive data with a pseudonym, is synonymous with tokenisation, replacing sensitive data with a token, a technology utilized by the Payment Card Industry for years to protect PCI.  

Learn more about how TokenEx can help your organisation reduce PCI scope and meet your data security obligations under the GDPR at https://tokenex.com. Follow us on Twitter and LinkedIn. Ph. +1.877.316.4544