Should I require suppliers to have PCI DSS compliance for phone payments?

Updated

When your business takes payments over the phone, it's important to consider how securely those card details are handled. PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to protect cardholder data and reduce fraud. If you use a supplier to manage your phone payments—such as a VoIP or phone system provider—it's sensible to check whether they comply with PCI DSS standards. This helps ensure that sensitive payment information is processed and stored securely, reducing your risk of data breaches and financial penalties.

Why PCI DSS compliance matters for UK SMEs

Non-compliance with PCI DSS can lead to serious consequences beyond fines. A data breach involving payment information can damage your customers' trust and harm your business reputation. It can also cause downtime if systems need to be taken offline to investigate or fix vulnerabilities, impacting staff productivity and sales. For many UK small businesses, meeting PCI DSS requirements is part of broader data protection efforts that align with UK GDPR and the Data Protection Act 2018, especially when handling payment data.

A common scenario: phone payments in a growing SME

Imagine a UK business with around 50 employees that regularly takes card payments by phone. Initially, they used a basic phone system without much security oversight. After a minor data incident, they engaged a managed IT provider who recommended switching to a VoIP system with built-in PCI DSS compliance features, such as encrypted call recording and secure payment processing. The provider also helped implement multi-factor authentication (MFA) for staff accessing payment systems and regular security audits. This approach reduced the risk of card data exposure, improved compliance readiness, and gave the business peace of mind.

Practical checklist: what to do when choosing or reviewing suppliers

  • Ask your supplier: Are you PCI DSS compliant? Can you provide evidence such as an Attestation of Compliance (AoC)?
  • Review how card data is handled: Does the supplier use secure, encrypted channels for phone payments? Are call recordings of payment details stored securely or avoided altogether?
  • Check access controls: Who has access to payment data? Is access restricted and logged?
  • Confirm security measures: Do they enforce multi-factor authentication for systems handling payments? What are their patching and vulnerability management practices?
  • Understand incident response: What is their process if a data breach occurs involving payment information?
  • Evaluate contract terms: Are PCI DSS compliance and data protection responsibilities clearly defined in the service level agreement (SLA)?
  • Internal checks: Ensure your own staff follow secure payment handling policies, such as not writing down card details and using approved payment terminals.

While PCI DSS compliance is primarily the responsibility of the payment processor or phone system supplier, your business also shares responsibility for ensuring that any third-party providers meet these standards. This is especially important if you are subject to audits or need to demonstrate compliance to your bank or the ICO.

Discussing your phone payment processes with a trusted managed IT provider or IT advisor can help clarify your obligations and identify any gaps. They can assist you in selecting suppliers who meet PCI DSS requirements and help implement complementary security controls within your business. Taking these steps supports smoother audits, reduces cyber risks, and protects your customers' payment information.

Tools & software for this topic

Not ready to change IT providers yet? These buying guides walk through tools your team can use to improve things on your own.

We may earn a small commission if you sign up with any of these tools and services, at no extra cost to you. We only feature tools that are appropriate for British businesses like yours.

Tools you can try right away

These tools line up with the topics in this guide and are commonly used by small and mid-sized businesses.

8x8 X Series

Best for: Best for UK SMEs needing integrated voice, video, and chat in one platform

Reliable cloud-based phone system for flexible business communication

8x8 X Series is a cloud-hosted VoIP solution commonly used by SMEs to unify calls, video meetings, and messaging. It offers global connectivity with features that support hybrid working and outsourced IT management.

View 8x8 X Series plans

Aircall

Best for: Best for UK SMEs needing easy-to-manage, app-based call handling

Cloud-based phone system for flexible team communication

Aircall is a cloud VoIP service commonly used by small businesses to manage calls across devices. It offers straightforward setup and integrates with popular CRM and helpdesk tools, helping teams stay connected whether in the office or remote.

View Aircall plans

CloudTalk

Best for: Best for UK SMEs needing scalable VoIP with straightforward call management

Reliable cloud-based phone system for flexible business communication

CloudTalk is a cloud-hosted VoIP system commonly used by SMEs to manage calls efficiently. It offers features like call routing and analytics, helping teams stay connected whether in the office or remote.

View CloudTalk plans

Dialpad

Best for: Best for UK SMEs needing easy-to-manage VoIP with strong mobile integration

Reliable cloud-based phone system for flexible business communication

Dialpad is a cloud VoIP service commonly used by SMEs to streamline calls and messaging across devices. It offers clear call quality and integrates well with mobile and desktop apps, helping teams stay connected whether in the office or remote.

View Dialpad plans

GoTo Connect

Best for: Best for UK SMEs needing a unified phone and video platform with easy setup

Reliable cloud phone system for clear calls and flexible working

GoTo Connect is a cloud-based VoIP system commonly used by SMEs for voice calls, video meetings, and messaging. It offers straightforward setup and integrates well with common business tools, helping teams stay connected whether in the office or remote.

View GoTo Connect plans

Grasshopper

Best for: Best for small UK businesses needing straightforward virtual phone systems

Simplifies business phone management with flexible VoIP features

Grasshopper is a VoIP phone system commonly used by small businesses to manage calls without traditional hardware. It offers easy call forwarding, voicemail transcription, and multiple extensions, helping teams stay connected whether in the office or working remotely.

View Grasshopper plans

Need hands-on help?

If you’d rather have a provider handle this for you, here are firms that work on VoIP & Phone Systems in United Kingdom.

Top firms for VoIP & Phone Systems
Cloud10 IT & Cloud Services
Manchester, England

Overview

Cloud10 IT & Cloud Services is a managed IT services provider based in Manchester, England. They specialise in delivering reliable IT support tailored for small and medium-sized enterprises (SMEs), charities, and professional services. With a focus on fostering secure communication and efficient issue resolution, this IT support company plays a vital role in enhancing the operational integrity of their clients.

This MSP is dedicated to providing consistent and effective support that simplifies the IT experience for its clients. They ensure that technical issues are resolved swiftly and that there is ongoing communication throughout the process. By offering a range of services, Cloud10 helps organisations streamline their operations while maintaining compliance with regulations such as the UK GDPR and Cyber Essentials.

What clients say about this company

Feedback from clients highlights the exceptional level of support they receive from Cloud10. Many appreciate the ease of raising issues and the prompt response times that facilitate smooth resolutions. Clients often remark on how well the team communicates during troubleshooting, which builds trust and reassurance.

5.0★
Optima Computers
London, England

Overview

Optima Computers is a managed IT services provider based in London, England. This IT support company focuses on offering reliable IT solutions to a variety of clients, including small and medium-sized enterprises, charities, and professional services. Their aim is to ensure technology functions smoothly, helping organisations maintain productivity and efficiency.

This MSP provides a range of services, including IT support, data recovery, and WiFi solutions. They are known for their commitment to customer satisfaction, providing clear communication and timely assistance. With a strong emphasis on reliability and transparency, this company tailors its services to meet the specific needs of their clients while adhering to relevant standards such as UK GDPR and Cyber Essentials.

What clients say about this company

Clients often appreciate the personal and attentive service provided by Optima Computers. Many highlight the reliability and speed of their IT support, mentioning prompt responses to issues and effective resolutions. Positive experiences include efficient repairs and transparency regarding costs and procedures.

The commitment to customer care is frequently noted, with clients expressing gratitude for the patience and professionalism of the staff. This managed IT services provider has built a reputation for being friendly and approachable, making the technology-related challenges easier to face for their clients.

4.9★
Com Cubed Computers
Londonderry, Northern Ireland

Overview

Com Cubed Computers is a managed IT services provider based in Londonderry, Northern Ireland. They offer a range of IT support services, helping small to medium enterprises (SMEs), charities, and professional services to manage their technology needs effectively. This IT support company focuses on delivering reliable solutions, ensuring clients have the right tools and support for their operations.

This MSP assists clients with various services, including computer repairs, technical support, and system management. They are committed to transparency and organisation, providing clear communication throughout the service process. By aligning with standards such as UK GDPR and Cyber Essentials, they prioritise security and data protection for all their clients.

What clients say about this company

Clients appreciate the consistent communication and reliability offered by this managed IT services provider. They often highlight the efficiency of the repairs and services, such as replacing screens or removing batteries, praising the company's timely follow-up and dedication to making sure everything works well after a service.

Feedback reflects a strong appreciation for the honesty and transparency displayed by Com Cubed Computers. Customers frequently commend their fair pricing and the quality of documentation provided during the service process, reinforcing trust in their expertise and commitment to client satisfaction.

4.7★
Andromeda Solutions
Middlesbrough, England

Overview

Andromeda Solutions is a managed IT services provider based in Middlesbrough, England. They focus on delivering comprehensive IT support and solutions tailored for small and medium-sized enterprises (SMEs), charities, and education sectors across the UK. Their services include IT support, PC repairs, phone systems, and assistance with various technology needs.

This IT support company is dedicated to ensuring reliability and security for their clients. They take pride in their thorough approach and clear communication, helping clients navigate IT challenges while reducing downtime. With a commitment to customer satisfaction, they ensure that clients are updated on the progress of their requests and repairs.

Andromeda Solutions places importance on professionalism and attention to detail. Their knowledgeable team is characterised by a respectful and polite service manner. Clients appreciate their willingness to go the extra mile, often providing on-site support and tailored solutions that end-users can trust.

What clients say about this company

Clients speak highly of the consistent service provided by this managed IT services provider. They appreciate the effort made to travel distances for quick and urgent repairs, noting the helpful communication throughout the process. Such dedication has fostered strong relationships with clients who often rely on their support.

Feedback highlights the professionalism and thoroughness of Andromeda Solutions staff. Many customers have shared positive experiences with team members who demonstrate extensive knowledge and clear respect for their clients' premises during service visits. This level of care has led to long-lasting loyalty among their clientele.

Clients also commend Andromeda Solutions for their swift response times and effective problem-solving abilities. Their proactive approach to IT issues has helped prevent potential disruptions for businesses and personal users alike. This commitment to delivering quality services ensures that customers can depend on them for their technology needs.

4.9★
ITC Service
Hebburn, England

Overview

ITC Service is a managed IT services provider located in Hebburn, England. This IT support company operates primarily in the United Kingdom, focusing on delivering reliable IT solutions to small and medium enterprises, charities, and professional service firms. They assist clients by managing their IT needs, ensuring systems run smoothly and securely.

This MSP offers a range of services, including IT support, network security, and VOIP solutions. They are known for their commitment to excellent communication and responsiveness. Clients appreciate how the team at ITC Service goes the extra mile, providing a calm and professional approach to IT issues.

What clients say about this company

Feedback from clients highlights the honesty and reliability of ITC Service. Many have described their experience as positive, noting the approachable nature of the team. The professional service received over the years has led to numerous recommendations to others seeking IT support.

Clients also value the security focus of this IT support company, stating that projects are completed on time and to a high standard. The team's patient and responsive attitude helps reduce stress during technical difficulties, allowing businesses to maintain their operations smoothly and confidently.

5.0★
User2 Computers
Edinburgh, Scotland

Overview

User2 Computers is a managed IT services provider based in Edinburgh, Scotland. This IT support company offers a range of services, focusing primarily on PC repair and network solutions, catering mainly to small and medium-sized enterprises, charities, and individual clients. They assist these customers by providing quick and effective IT support, ensuring smooth operations and minimal downtime.

This MSP is known for its reliability and responsiveness, often addressing urgent issues promptly. With a commitment to professionalism, they ensure that clients receive clear explanations of problems and solutions, making the technical aspects easy to understand. Additionally, they align their practices with industry standards to enhance security and data protection.

What clients say about this company

Clients appreciate the high level of responsiveness demonstrated by this IT support company. Users have commended their ability to address urgent issues swiftly, often leading to quick fixes without unnecessary delays. This reliability has built strong trust among their clientele.

The knowledge and expertise of the team at User2 Computers are frequently highlighted in feedback. Clients have shared positive experiences regarding the efficiency and professionalism of the staff, especially when handling complex problems. Overall, the feedback reflects a strong customer satisfaction with the services received.

4.6★
See all VoIP & Phone Systems service companies
By city
London, England
View all
Nottingham, England
View all
Hull, England
View all
Stoke-On-Trent, England
View all
Birmingham, England
View all
Bristol, England
View all
Fareham, England
View all
Glasgow, Scotland
View all

Related reading