For many organisations, taking card payments is a routine part of day-to-day operations. Yet the requirements behind those transactions are becoming increasingly complex.

As PCI DSS compliance requirements tighten, particularly under PCI DSS 4.0, businesses are being asked to reassess how cardholder data is handled across voice and digital channels.

Many organisations want to remain compliant but are navigating a landscape shaped by legacy processes, unclear responsibility, and approaches that were once acceptable but are now under greater scrutiny.

The growing challenges of PCI compliance

Often businesses still rely on long-established methods to manage PCI compliance, including Pause & Resume, IVR-based workflows, or manual processes. While familiar, these approaches often depend on agents and process rather than certainty.

As PCI standards evolve, there is increasing emphasis on:

• System-enforced controls
• Clear evidence of compliance to PCI DSS 4.0
• Reduced reliance on agent behaviour

For organisations handling card payments over the phone or across multiple channels, this shift raises an important question: are current payment processes still fit for purpose?

Simplifying PCI compliance for real payment environments

To support customers navigating these changes, Radius now delivers Voiceflex PCI, a PCI DSS–aligned payment solution designed to remove cardholder data from customer interactions altogether.

Voiceflex PCI intercepts payment data before it reaches the phone system, ensuring card details are never heard by agents, captured in call recordings, or processed within business systems. By keeping card data out of the environment entirely, PCI scope is reduced at source, rather than managed through workarounds.

This allows:

• Normal customer conversations to continue
• Full call recording to remain in place
• Existing phone systems and payment providers to be retained

Moving beyond Pause & Resume and legacy approaches

As PCI DSS requirements continue to tighten, Pause & Resume–based approaches are increasingly difficult to justify. These methods rely heavily on correct execution by agents and create ongoing audit and compliance challenges.

By delivering PCI compliance using Voiceflex technology, Radius provides customers with a clear alternative to legacy payment controls. The focus shifts from managing card data through process to removing it from the interaction entirely, reducing risk and ongoing effort.

Supporting customers with stronger PCI compliance

Voiceflex PCI strengthens Radius’ wider business communications, IT and compliance portfolio by introducing a purpose-built PCI capability designed for real payment environments.

Delivered and supported by Radius, it gives customers:

• A single, accountable partner
• A clearer understanding of PCI responsibility and scope
• A more sustainable approach to secure card payments

Rather than treating PCI as a standalone consultancy exercise, this approach reflects how payments are actually taken and managed day to day.

A clearer path to PCI compliance

PCI compliance remains a mandatory requirement for any organisation taking card payments, regardless of size or industry. Even when using third-party payment providers, responsibility cannot be outsourced.

To learn more about Voiceflex PCI and how it could support your organisation, speak to your Radius account manager or book a meeting with a PCI specialist today.