Thanks Mark.
Re Creditline plus, we have been told by bothe Security Metrics (who do the job for Barclays) and the Lloyds pci support, that the presence of browser based input as used by creditlineplus bring every users's environment into scope since the ablity of keyloggers etc to infect a pc on the LAN means that the whole LAN comes into scope. The fact that the 'Virtual Terminal' used by the credit checking software does not store the data locally is not material. It is 'stored' on screen and in cache.
Same problem currently exists with the Voice recording. We can move forward by using white noise or getting users to hit the stop record button whilst taking credit card detaisl, but we would have to delete all existing recordings.
Anyone else had this advice?