Make your call recordings PCI DSS compliant
August 31, 2017
Organisations record telephone calls between staff and customers for many reasons. This may be contractual ‘voice signatures’, quality control, staff monitoring, training or customer service review.
Call recording is essential for organisations of any size that interact with their customers over the telephone. It provides irrefutable facts resulting in more rapid dispute resolution. In fact, in certain industries such as financial services, recording calls is a regulatory requirement.
What is PCI DSS compliance?
When all this personal information stored, there are inherent security risks. For this reason, the major credit card companies developed the Payment Card Industry Data Security Standard (PCI DSS). It is a set of regulations to protect cardholder data wherever it is processed, stored or transmitted. This means you cannot store certain portions of sensitive cardholder information at all, even in a secure environment. As such organisations taking credit card details over the phone may well be recording the full cardholder details in contravention of the PCI DSS requirements.
Sensitive authentication data has never been allowed to be stored post-authorisation
Neira Jones, head of payment security at Barclaycard
Information stored within voice recordings is relatively easily to data mine and is also subject to the PCI DSS regulations. With options ranging from simply not recording calls through to using an automated system, the priority is ensuring the use of a fully PCI DSS compliant solution such as that provided by CyTrack CyRecord.