Featuring powerful and flexible tools for every channel you choose to transact in, Sycurio’s solutions give you a rich choice of highly configurable features. These include:
Sycurio.Voice is a globally trusted solution for automatically securing your customers’ payment card, banking, and personal data during telephone and automated IVR transactions.
As well as making payments over the phone more streamlined and secure for customers and agents, Sycurio.Voice prevents sensitive customer information from being exposed to your people, your processes, your environment, and your systems
Step 1: Your customer calls the contact center and begins their conversation.
Step 2: When the customer needs to share sensitive data, your agent initiates SecureMode. This masks the Dual-Tone Multi-Frequency (DTMF) tones as the customer inputs their data using their telephone keypad or by speech recognition.
Step 3: The captured secure data is dynamically routed to your processor – entirely bypassing the company network. No sensitive data enters the environment, so you can record the call from start to end.
Step 4: Sycurio.Voice removes the transaction almost entirely from the scope of your organization’s PCI DSS compliance obligations.
Sycurio.Digital is an innovative easy to deploy UI and API driven omnichannel digital payments solution which powers better customer payment experiences across all your engagement channels.
Featuring powerful and flexible tools for every channel you choose to transact in, Sycurio.Digital makes it easy to unleash seamless and secure payment flows for customers via a variety of digital channels
Payment card details never enter the contact center infrastructure or digital channel systems
Step 1: Customer interaction with agent or digital channel.
Step 2: Payment link is generated
via API or Agent UI.
Step 3: The payment link is embedded in the channel.
Step 4: Customer opens and follows link, enters payment card information. The transaction progress is monitored in real-time by the merchant systems or agent.
We’ve come a long way since our inception in 2009, when our pioneering technologies first revolutionized how call and contact centers enable compliant and secure telephone payments. Over the years, we’ve continued to innovate.
Today our best-in-class data security solutions and services help organizations transform and simplify how they manage consumer data protection, regulatory compliance and payment security. So they can safeguard every customer interaction in every channel – and deliver a standout customer experience that builds consumer trust and loyalty.
By listening to our customers and partners – and anticipating their needs – we continue to enrich our portfolio of solutions. Ensuring they can transition with confidence into a digital-first world.
Sycurio’s technologies automate the capture, separation and transmission of sensitive data such as card and bank payments, or health and personal information from your contact center, remote agents, web-service and applications.
The sensitive information is passed directly to your data processor through our secure infrastructure without it ever entering your environment – protecting your customers, agents and your business.
As well as significantly descoping your organization and reducing the cost of compliance, this approach enables you to maintain regulatory compliance in relation to privacy and security for any health or financial related transactions.
The Payment Card Industry Data Security Standard (PCI DSS)is a framework of security standards created to ensure that organisations thataccept, process, store or transmit payment card information maintain a secureenvironment.
The Payment Card Industry Security Standards Council (PCISSC) began operating in 2006 with the goal of managing the Payment CardIndustry (PCI) security standards and improving payment security throughout the entire transaction process. The PCI DSS is administered by the PCI SSC, an independent entity created by Visa, MasterCard, American Express, Discover and JCB.
The European Union General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive align with the UK’s General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
GDPR is a wide-ranging and actively enforced legislation in both the EU and UK. It applies to almost all businesses and organisations that operate in or within the EU and the UK.
All personal data (information about a particular living individual) and its processing (collecting, recording, storing, using, analysing, combining, disclosing, transmitting, deleting) is subject to GDPR legislation.
Since GDPR became law in 2018, enforcement has led to significant fines. Recently, these have included Amazon €746/$877M in 2021, WhatsApp €225/$255M in 2021, Google Ireland €90/$102M in 2022, and Facebook €60/$68M in 2022. Fines relating to data breaches that included the potential exposure of personal and payment information have included; Ticketmaster £1.25M in 2020, British Airways £20M in 2020, and Marriott International in £18.4M 2020.
The California Consumer Privacy Act (CCPA) gives consumers control over the personal information that businesses collect about them, including their name, social security number, email address and biometric data.
Organisations can be sued for data breaches of non-encrypted and non-redacted data where reasonable security procedures and practices have not been in place to protect it.
The Health Insurance Portability and Accountability Act of1996 (HIPAA) is a US federal law which protects sensitive patient health information from being disclosed without the patient’s consent or knowledge.
A major element of HIPAA is the Privacy Rule, which ensures that individuals’ protected health information (PHI) is properly protected while allowing the sensitive information to flow effectively. This rule is supported with the Security Rule, which requires all individually identifiable health information created, received, maintained, or transmitted in electronic form (electronic Protected Health Information - e-PHI) to be securely managed.
To comply with the HIPAA Security Rule, all parties must:
The European Union Payment Services (PSD 2) - Directive (EU) 2015/2366 is commonly referred to as PSD2. This legislation is also applicable in the UK as an element of the Payment Services Regulations (PSR) 2017.
The legislation was enacted in part to require providers of payment services and third-party payment service providers to improve customer authentication processes and introduce Strong Customer Authentication (SCA) protocols, such as two factor authentication (2FA).
The widespread implementation of 3D Secure version 2 security protocol (3DS2) and other multi-factor authentication processes in consumer and business payment environments is a result of the Directive.
The UK Financial Conduct Authority’s telephone and electronic communication recording rules were derived from the EU Markets in Financial Instruments Directive (Directive 2004/65/EC).
The FCA SYSC 10A requires full and accurate records of financial service industry transactions, including telephone conversations, and electronic communications must be retained for at least six months.
The European Securities and Markets Authority (ESMA) Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR) are a legislative framework that covers a wide range of financial instruments and market activities.
Within this body of legislation there is an obligation to retain secure audited and accessible records for a minimum period of five years from the date of the communication.
The Gramm-Leach-Bliley Act (Financial Services Modernization Act of 1999) is a US federal law that controls the management of private consumer information by financial institutions and business that supply credit or finance as part of their offering (for example, auto dealers).
Under the GLBA Safeguards & Privacy Rules, financial institutions and businesses must control, secure and protect the non-public information (NPI) they collect, store, share and process.
The Safeguards Rule has two key elements:, financial institutions should implement both logical and physical security protocols, and provide breach notifications when NPI is compromised.
Penalties for failure to comply with GLBA are potentially severe, with civil fines of $100,000 per violation, and officers/directors may face personal liability fines per-violation of $10,000.
Nacha develops, governs, manages and enforces the operating rules for the Automated Clearing House (ACH) Network which powers the Direct Deposits and Direct Payments for US banks and credit unions.nacha.org
Managed and published by the International Organization for Standardisation (ISO) in partnership with the International Electrotechnical Commission (IEC), ISO/IEC 27001 is globally recognised as the leading standard and framework for information security.
The ISO 27001 framework enables organisations to protect their information in a systematic way using an Information Security Management System (ISMS).
The 3D Secure version 2 security protocol aims to prevent the fraudulent use of credit cards by multi-factor authentication of cardholders in card-not-present (CNP) transactions.
It is developed and managed by EMVCo, an organisation jointly owned by major payment card brands. The three domains in which the protocol operates are the issuer, acquirer and interoperability domains (hence ‘3D’).
Designed to minimize disruption, Sycurio.Voice and Sycurio.Digital seamlessly integrate with your existing infrastructure; including your telephony, as well as the full range of contact center applications, from CRM to payment processing.
When it comes to deployment options, our multi-instance architecture gives you a choice of cloud, hybrid or on-premises (with our dedicated appliances), so you can find the best fit for your needs.
Seamless integration for CRM platforms including Salesforce & EPIC
60+ Leading Payment Service Providers (PSPs)
Enables agentless voice-based IVR payment transactions
Support for global Telephony & Carrier services
Flexible Cloud, Hybrid (Cloud + On-premise) or On-Premise deployment options
Overlays with Contact Center Software Solutions (CCaaS)
Integrates with Unified Communication Software Solutions (UCaaS)
Our Professional Services team can advise, design, and execute the most effective solutions to secure your payment and transaction infrastructure. Working on the frontline alongside your network, operations and security teams, our Support and Customer Success teams give you fluid and direct access to our technical resources and deep systems knowledge. Ensuring your systems stay optimized to assure delivery of a frictionless customer experience.Speak to an expert
Our support and professional services options include: