In a call center, customers read their credit card information, CVV codes, and expiration dates to call center agents. If you handle such credit card data, you fall within the scope of the Payment Card Industry’s Data Security Standard (PCI DSS). The PCI DSS is a proprietary information security standard. You find more details on this here (https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) and here (https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf). In short they do not want you to save credit card information in a call recording. As far as I found out, there are three PCI compliance solutions: Pause and resume of call recording - there are a variety of different ways to trigger the pausing and resuming of call recording. Some of these use a resident desktop analytics capability; others intercept the payment application messaging to increase the reliability of the pause and resume mechanism. Automated payments - the use of IVR both as a self-service function selected by the caller, or as an agent tool where at the point of payment the call is transferred to an automated system. The automated system is made aware of all of the core details, such as the customer's account and how much to pay, and simply collects the card details and executes the payment. DTMF clamping – a system that sits between the public telephone network and the contact centre. The agent remains in full voice contact with the caller throughout the transaction, however the caller is obliged to enter card details using a keypad. It would be great if 3CX implements at list one of the three solutions.