Semafone achieves PA DSS, PCI Level 1 certification and becomes registered Visa merchant agent

PRESS RELEASE: Semafone® has further strengthened its position to become one of the few technology vendors to achieve the highest level of PCI (Payment Card Industry) certification, achieving the PCI DSS Level 1 accredited Service Provider status, confirming that its solutions are in line with the Payment Card Industry Data Security Standards (PCI DSS) for “Level 1” merchants who handle over 6 million card transactions a year.

The certification was awarded by Qualified Security Assessor Foregenix for the hosted version of Semafone’s secure payment technology, which is available through a partnership with voice and data communications specialist, Gamma. Semafone also holds PA-DSS certification for its solution, making it the only software vendor able to offer certified on-premise and hosted solutions for secure telephone payments. This new level of certification has been underscored by Semafone’s approval by Visa Europe as a Level 1 Visa merchant agent, providing further confirmation of the company’s high levels of data security and business processes.

Level 1 certification for technology vendors involves a lengthy audit process, ensuring that not only Semafone’s technology, but also the company’s internal processes, are up to the required PCI standard. These processes include the detection and appropriate reaction to security incidents as well as their prevention.

Semafone’s patented and PA-DSS accredited payment method is used by organisations of all sizes to help protect them from card fraud during telephone payments. Semafone allows customers to enter their own card details directly into the telephone handset when they pay over the phone, without losing voice contact with the service agent. The tones made by the individual keys are disguised so they cannot be identified by their sound and no card data is taken into the computer and telephony systems of the contact centre, making the transaction ultra-secure without compromising on customer service.

“With both a hosted and an on-premise version of our solution, Semafone’s customer base now ranges from smaller merchants to some of the largest brands in the world,” commented Tim Critchley, CEO of Semafone. “Our objective for every customer is to help them achieve the highest possible level of security, PCI compliance and customer service and we are committed to applying the same high standards to ourselves.”

“We have been working with Semafone for a number of years and have been consistently impressed by the company’s approach to security and compliance with both PA-DSS and PCI DSS,” said Benj Hosack, director of Foregenix. “We assess all of our clients rigorously and are delighted to be able to confirm that Semafone has achieved PCI Compliance as a level 1 service provider.”

About Semafone

Semafone provides software to contact centres so they can take secure credit and debit card payments over the phone. Using Semafone’s patented payment method, card data is transmitted directly from the customer’s telephone keypad to the bank. This takes the contact centre out of scope of PCI DSS regulations, removing the threat of fraud and its associated reputational damage.

Semafone serves a wide range of industry sectors including financial services, media, retail, utilities, travel and tourism and the public sector. Customers include the Foreign & Commonwealth Office, Aviva Canada, TalkTalk, Nemo Personal Finance, Sky and Yorkshire Water.

Founded in 2009, Semafone received a £1.9m investment from Octopus Ventures in 2010 and a further £1.5m, primarily from existing investors, in 2012.

Further information about Semafone is available at