Is your call recording software PCI compliant?

PCI regulations are making big changes to the way that businesses have to run call centres that deal with payment card information. It is to ensure that card details are not stored on computer systems which are susceptible to cyber-attacks. How do you know if your call recording software is PCI compliant though? No need to worry, here is the one main point you need to worry about and how to handle it.

Storing card details

The only area that call recording software could possibly cause a problem is if you take credit card or debit card information over the phone. In this situation if your call recording software has recorded this and then stored it, you will be in breach of the PCI regulations. This could lead to a large fine and possible sanctions placed on how you do business. This relates to the card number, card holder name and the CV2 number.

Ways around it

There are three main ways around the PCI regulations. The first is to pause any conversations as soon as the card details are about to be discussed. There is call recording software out there that can carry this out for you by listening out for certain verbal cues. This does significantly reduce the amount of effort required, but it is not foolproof. However, manually pausing and restarting is also prone to manual errors so that is not foolproof either.

The second way is to mute the sound that is sent to the call recording software. This will ensure that no sound is recorded and thus no information is stored. Not all call recording software allows this so it may require employees to go back into the files and manually mask the corresponding areas. This is obviously going to increase your workload significantly to ensure that you comply, so it is better to use call recording software that has the feature integrated.

The final way is for the customer to input their information via the keypad. This can still offer ways for the dial tones to be recorded but there are call recording software options out there that will mask any dial tones. This is the most efficient way and it also ensures that you are not open to accidental PIC breaches. The only foolproof way is to not record calls at all, but that is not an option in the modern world, so taking information via the keypad is the most effective method.

Was this post helpful?