How to ensure your call recording is PCI DSS compliant
In 2004, the major card companies aligned to form the payment card industry data security standard (PCI DSS). Since then, the PCI DSS has evolved not only to provide greater security to the industry, but also to accommodate new technology advancements. Today the PCI DSS is the global data security standard for card payments.
What does PCI DSS compliance involve?
PCI DSS details security requirements for merchants that store, process or transmit cardholder data. PCI regulations forbid storing primary account numbers (PAN), expiration dates, and other specified identifiers unless they meet PCI DSS encryption standards. Security codes and PINs must not be stored under any circumstances.
PCI DSS and call recording
As payments are often taken over the phone, and call recording solutions are often deployed in contact centres, there are complexities that arise for both the agent handling a call in which payment details are taken and the organisation recording the call. In order to ensure that restricted information is not held within a call recording, there are various technologies that can be put in place to ensure recording is paused while payment information is being given and resumed afterwards.
Dubber and PCI compliance
Dubber provide telephony users with all of the tools necessary to achieve full PCI compliance. We currently support a range of tools for PCI compliance; including automated pause and resume functionality. Dubber’s recording solution also fulfils the six key requirements of PCI DSS: to build and maintain a secure network, to protect cardholder data, to maintain a vulnerability programme, to implement strong access control measures, to regularly monitor and test networks, and to maintain and information security policy.
1 Step 1