PCI DSS - the basics
 

PCI DSS compliance and call recording

If your business or organisation takes card payments over the phone and records its calls, under PCI DSS regulations, you cannot store any sensitive authentication data in your call recordings. There are four ways in which you can ensure this data is not stored:

  1. By switching off your call recordings. This is an impractical option and you would lose all the benefits associated with call recording such as training, customer service and compliance. It is also impossible for business operating in regulated financial sectors.

  2. You could transfer the customer to an automated payment card processing solution such as an IVR. This is not customer-friendly solution and it also requires significant integration with back-end IT and telephony systems which will cost time and money.

  3. By using a call recording system which records the entire call apart from the sensitive authentication data. This is known as the ‘pause and resume‘ method. Pause and Resume is technically very difficult to robustly set up, and difficult to maintain during future changes in your organisation.

  4. Filter out the sensitive card data from the recording system, so it is never recorded. This is how CallGuard works.

Using CallGuard, you will make your existing call recording system PCI DSS compliant. A neat ‘bolt-on’ to ANY call recording system, it solves the headache created by the demands of making your call recordings PCI DSS compliant. In addition, CallGuard also stops agents from seeing card data, and does not require any changes to your existing payment, telephony or computer systems.

Comparison

For more information on the methods for becoming PCI DSS compliant for call recordings, please see our comparison table.

Non-compliant methods

Some approaches to call recording are not compliant with PCI DSS. For a brief description of these, please click here.

Veritape’s own call recording system

Veritape, the creators of CallGuard, have a wealth of experience in call recording. Our own system is your best option if you are looking for a call recording solution which is also PCI DSS compliant. For more information on Veritape’s call recording system, please click here.

White Paper

Contact us to request our white paper which contains more information on PCI DSS compliance and call recording .