Are you familiar with PCI DSS?
As every business knows, the recording of phone calls is extremely important. What is also essential is that, if your agents are taking payments over the phone, your call recording equipment complies with the Payment Card Industry Data Security Standard (PCI DSS) .
The PCI DSS is a far-reaching standard that affects many businesses and industries. Heavy fines may be incurred if a business does not comply with the standard. The Data Security Standard covers, in particular, the rules for retention of credit card details, either in text format or in the form of phone call recordings. The PCI DSS requires that the retailer or company should protect stored cardholder data – this normally includes the cardholder’s name and expiry date of the card. The primary account number or PAN can only be stored if it is securely protected by encryption and appropriate secure access. However, the 3 digit security code (CSV) is regarded as sensitive data and MUST NOT be stored after authorisation.
All companies using customers’ card details must comply with the PCI DSS Standard
To meet the PCI DSS requirements whilst recording calls, it is necessary to “mute or pause) the recording during the time that the credit card details are being taken and verified.
SMARTCALL call recording solutions provide a range of methods that allow muting of recordings in the widest range of telephony environments including: Manual mute, Active window mute and Integrated Mute triggered by your own CRM system. Find out more about call recording solutions.
The PCI DSS was put into place because of real concerns regarding credit card fraud and, in particular, the loss of customers’ card details, an occurrence which is becoming increasingly common. All companies that take telephone orders or require customers’ card details are required to comply with the PCI DSS. Contact SMARTCALL to find out how we can help today.