Choose how far to de-scope your organisation from PCI DSS

12th September 2011

Technology partners Veritape and ExoIS showcase CallGuard and PeepSafe™ at the PCI SSC North American Community Meeting in Scottsdale, Arizona.

Organisations taking payments by telephone and recording their calls, and who are looking to make their call recordings PCI DSS compliant, should look no further than CallGuard, from Veritape.

CallGuard delivers PCI DSS compliance to any call recording system by eliminating sensitive card data from telephone conversations before they are recorded. It can also prevent agents from seeing any card data on screen and hence eliminate the potential for card data theft.

How does it work? Customers, when making payments by phone, enter their card details using their telephone keypad. CallGuard automatically detects and blocks DTMF tones (containing the payment card data) from a call recorder. At the same time, CallGuard automatically enters the customer’s card details into the relevant fields on the Agent’s screen. It obscures the card details, so the Agent handling the call never sees the customer’s personal data. The end result is that you can fully observe PCI DSS call recording requirements and continue to record your calls.

However, Veritape’s technology extends wider than call recordings. Having been incorporated within the ExoIS PeepSafe™ solution, Veritape’s technology can also be used to help remove cardholder data from voice, mail and fax channels. It can also remove cardholder data from entire applications and network segments. This technology partnership gives organisations the ability to completely descope their corporate environment from PCI DSS.

ExoIS is a leading provider of information security, compliance services and products and a PCI Qualified Security Assessor Company (QSAC). It is the powerhouse behind PeepSafe™ 2.0, a cost effective, fully managed secure portal environment that incorporates encrypted email, fax, voice messages, online storage and the safe processing of cardholder data.

PeepSafe™ can completely de-scope voice-only environments from PCI DSS, removing the risk of “at home agents.” It can also de-scope entire call centres, ensuring that corporate call recording systems are fully PCI DSS compliant, greatly reducing the risk of agent fraud. Incorporating a tokenization engine and integrating with any internal application, database and payment gateway, PeepSafe™ can be quickly implemented with minimal effect on existing business processes.

Together, CallGuard and PeepSafe™ deliver more choice to organisations looking to de-scope part or all of their operation from PCI DSS.

“Our technology partnership allows us to deliver a choice of unique services to a wide range of customers,” says Cameron Ross, Veritape’s Managing Director. “CallGuard works well for organisations wanting to ensure that their call recordings are PCI DSS compliant. PeepSafe’s™ powerful, fully-integrated reach means that organisations can de-scope themselves entirely from the demands of PCI DSS. And both PeepSafe and CallGuard put the interests of the customer first, by ensuring that card holder data is robustly secure.”