PCI DSS - the basics

PCI DSS and call recording - the basics

To increase controls around cardholder data and help prevent payment card fraud, the Payment Card Industry (PCI) has established a single set of Payment Card Industry Data Security Standards - PCI DSS.

Payment card data divides into two groups:

Customer identifiable data, such as name and address
Sensitive authentication data, specifically the printed security code and magnetic stripe data

Any business or organisation that takes card payments over the telephone and records their calls is directly affected by Section 3.2 of PCI DSS. This states that no sensitive authentication data may be stored, in any format, once a transaction has been authorised. This directive does extend to contact centres which use call recording.

Find out how PCI DSS affects your business or organisation.

Company A case study

PCI DSS + call recording key facts