Craig Marston

Chief Technology Officer, Paytia Limited

Southampton, United Kingdom

Craig leads the engineering side of Paytia as Chief Technology Officer. He specialises in PCI DSS compliance, secure payment capture, MOTO (Mail Order and Telephone Order) payment architecture, and the GDPR obligations that sit alongside taking card details by phone. Craig is a member of the Institute of Financial Accountants and the Institute of Public Accountants, and is based in the Southampton area.

View LinkedIn Profile

Credentials

  • Chief Technology Officer, Paytia
  • Member, Institute of Financial Accountants (since 2011)
  • Member, Institute of Public Accountants (since 2015)
  • PCI DSS and GDPR specialist

Areas of Expertise

PCI DSS complianceDTMF masking and call audio handlingMOTO payment securityGDPR for contact centresSecure payment platform architecture

Articles by Craig (87)

What Are SMS & Text-Message Payments? A Plain-English Guide
Payment Technology

What Are SMS & Text-Message Payments? A Plain-English Guide

Claims Payment Integration — Connect Your System
Payment Technology

Claims Payment Integration — Connect Your System

Cost of PCI Compliance in 2026: The Real Numbers
PCI Compliance

Cost of PCI Compliance in 2026: The Real Numbers

Detokenization Explained — How Tokens Become PANs
Payment Security

Detokenization Explained — How Tokens Become PANs

Fraud Detection Tools Compared — What Contact Centres Use
Payment Security

Fraud Detection Tools Compared — What Contact Centres Use

Hidden Costs of PCI Non-Compliance — Fines & Breaches
PCI Compliance

Hidden Costs of PCI Non-Compliance — Fines & Breaches

HIPAA Fines for Payment Processing Breaches — Real Cases
PCI Compliance

HIPAA Fines for Payment Processing Breaches — Real Cases

HIPAA Payment Processor Checklist — What to Look For
Payment Security

HIPAA Payment Processor Checklist — What to Look For

HIPAA + PCI Compliance for Healthcare Contact Centres
Payment Technology

HIPAA + PCI Compliance for Healthcare Contact Centres

How to Reduce PCI Compliance Cost in Practice
PCI Compliance

How to Reduce PCI Compliance Cost in Practice

How to Set Up IVR Payments — Implementation Guide
Payment Security

How to Set Up IVR Payments — Implementation Guide

Insurance Company Fraud Detection — Tools and Tactics
Payment Security

Insurance Company Fraud Detection — Tools and Tactics

Moving from SAQ D to SAQ A — Pinnacle Group Case Study
PCI Compliance

Moving from SAQ D to SAQ A — Pinnacle Group Case Study

P2PE vs Tokenization — Which Reduces PCI Scope More
PCI Compliance

P2PE vs Tokenization — Which Reduces PCI Scope More

Payment Fraud Red Flags — What Agents Should Watch For
Payment Security

Payment Fraud Red Flags — What Agents Should Watch For

PCI Audit Cost Broken Down — Every Fee, Every Hour
Payment Security

PCI Audit Cost Broken Down — Every Fee, Every Hour

PCI Compliance for Insurance Claims — What You Need to Know
Payment Technology

PCI Compliance for Insurance Claims — What You Need to Know

PCI Cost: In-House vs Outsourced — Real Numbers Compared
Payment Security

PCI Cost: In-House vs Outsourced — Real Numbers Compared

All 9 PCI SAQ Levels Explained — A to D Compared
Payment Security

All 9 PCI SAQ Levels Explained — A to D Compared

SAQ A Controls Explained — All 22 Requirements
PCI Compliance

SAQ A Controls Explained — All 22 Requirements

SAQ A Documentation Checklist — What Your Auditor Wants
PCI Compliance

SAQ A Documentation Checklist — What Your Auditor Wants

SAQ A Eligibility Checklist — Do You Qualify?
PCI Compliance

SAQ A Eligibility Checklist — Do You Qualify?

SAQ A vs SAQ A-EP — Which One Are You?
PCI Compliance

SAQ A vs SAQ A-EP — Which One Are You?

SAQ D-Merchant Explained — All 329 Controls
Payment Security

SAQ D-Merchant Explained — All 329 Controls

Social Engineering Attack Defence — Contact Centre Playbook
Payment Security

Social Engineering Attack Defence — Contact Centre Playbook

TCPA-Compliant Payment IVR — Setup Guide
PCI Compliance

TCPA-Compliant Payment IVR — Setup Guide

TCPA Consent for Payment Calls — Opt-In, Written, Recorded
PCI Compliance

TCPA Consent for Payment Calls — Opt-In, Written, Recorded

TCPA Penalties — Worst-Case Scenarios and Real Settlements
PCI Compliance

TCPA Penalties — Worst-Case Scenarios and Real Settlements

TCPA vs FCC Robocall Rules — How They Overlap
PCI Compliance

TCPA vs FCC Robocall Rules — How They Overlap

Vishing Detection — Voice Phishing in Call Centres
Payment Security

Vishing Detection — Voice Phishing in Call Centres

Showing the 30 most recent of 87 posts.

Ready to take secure payments?

Book a demo with our team. We'll show you DTMF masking live, talk through PCI DSS scope reduction, and put together pricing based on your call volume.

PCI DSS Level 1
Cyber Essentials Plus
Book a demoBack to Blog

Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia