PCI DSS Compliance and Call Recording


Share on LinkedIn

A couple of weeks ago, Aberdeen Group’s Omar Minkara wrote about the risks of call recording in the contact center, offering tips to help ensure PCI DSS (Payment Card Industry Data Security Standard) compliance. He raised some critical issues, ones that anyone involved in the contact center should not only be aware of – but vigilant in protecting against.

Call recording, as a critical element of contact center Quality Assurance programs, provides cloud-based contact centers the ability to examine prior call information and call recording records. These records, if not administered properly, can be used to access customer information such as credit card number, security codes, pin numbers, etc. And that can expose cloud-based contact centers to potential security breaches and intrusions where unauthorized employees could possibly capture this sensitive information.

Call recording itself is a small element, but key in protecting customer data as contact center solutions rapidly move to the cloud – and puts stress on a company’s PCI compliance strategy. This includes requesting, entering, storing, and transmitting personal and confidential sensitive customer data, such as credit card numbers, social security card info, CCV and pin numbers by contact center representatives.

In order to secure all your transactions, Echopass believes companies should employ the absolute latest tools, techniques, and capabilities to address all areas of security concern, especially those at the point of entry, in addition to data center security.

New capabilities are available to specifically address the ability to stop both the audio and screen recording of personal card data at the appropriate time of customer response, based upon predictive techniques. This ensures that a key area of confidentiality can be addressed and actually removed as a possibility for a security violation right at the outset of customer engagement.

“An ounce of prevention (i.e. not recording the sensitive data in the first place) is worth a pound of cure”, as they say.

Stay tuned in the coming weeks as we explore the further depths of security requirements and available enhancements for cloud-based contact centers.

Dennis Empey
Dennis Empey is senior vice president, Service Delivery at Echopass, the #1 Software as a Service (SaaS) provider of cloud-based contact center solutions to large enterprises. For more information, visit www.echopass.com; LinkedIn: http://www.linkedin.com/company/echopass; Twitter: https://twitter.com/echopasscorp; Facebook: https://www.facebook.com/EchopassCorp; and YouTube: http://www.youtube.com/user/echopasscorp.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here