Call Center Management Featured Article
Call Center Management Must Pay Attention to PCI when Recording Calls
Monitoring within the call center environment is a common and often required task to ensure agents are following script, adhering the industry guidelines and meeting performance objectives. Call center management must keep PCI (News - Alert) (payment card industry) regulations in check when focusing on compliance, however, to ensure proprietary information is never recorded.
According to this Monet Software blog, a variety of rules have been put in place by the federal government and other industry organizations that require companies to keep data secure. This is especially true when a company manages sensitive information such as credit card and social security numbers.
Even with these requirements in place, however, 81 percent of companies that have experienced a breach in security were found to be out of compliance with the PCI data security standard at the time of the loss. This data was captured by the National Retail Foundation study and identifies a worrisome trend.
Call center management may not always be in control of the network security IT administers on a regular basis, yet they do have some pull when it comes to selecting the recording mechanisms to follow protocol within the campaign. Therefore, it is strongly suggested the call center select a call recorder system that is compliant with PCI processing guidelines.
A recording mechanism with PCI compliance is designed to either stop the recording process at the point in the call when sensitive information is captured, or remove the information from the recorded call. The data call center management can effectively record and archive includes date and time of call, the customer ID, agent ID, sale or collection amount and the length of the hold time.
Call center management will do well to consider a call monitoring system that has specific safeguards in place to ensure adherence to PCI standards. Call center agents should have the ability – either automatically or manually – to pause a recording when sensitive information is revealed and then resume recording of the call after that point.
PCI protection must also offer encryption capabilities in the call recording mechanism. When sensitive information must be captured, it should be encrypted at the point of collection and remain encrypted during storage, transfer and archiving processes.
The call recording program, as part of the whole workforce management strategy, should also provide security audits to specify when the call recording database has been accessed and who gained access to the records. Appropriate passwords should also be in place to ensure protection against unauthorized access or users.
While call center management ensures compliance to the PCI standard by paying attention to the recording mechanism, it’s also critical that information is protected according to the customer’s standard to build out that confidence and benefit from the potential of long-term loyalty.
Edited by Amanda Ciccatelli