PDQ terminals which run over the network and use end-to-end encryption technology, or those which use the mobile telephone network to communicate, are unaffected by Chorus and can continue to be used exactly as they are now.
Analogue PDQ terminals do not comply with PCI-DSS rules if their calls are routed over VoIP networks. You will not be PCI-DSS compliant if you continue to use analogue devices that will send data via Chorus. This includes using analogue convertors (Mediatrix) or Chorus analogue lines on branches (OSBs). Please refer to the University's card data security guidance:
Colleges should ocontact their banks with regard to changing equipment while departments should contact email@example.com
Where payments are taken by a voice call you must let the Chorus team know so that we can encrypt that particular number’s calls. Note that this only protects the parts of the call which traverse the University’s networks – not where they cross any part of the public internet – but it will ensure that the transaction has improved security.
As now, you will also need to adhere to data-protection rules regarding customers’ card details. This would include, for example, not recording any part of a call that includes reading out a card number, by either party.