Webinars - Featured Articles

August 07, 2012

Webinar - Enterprise Call Recording Must Comply with PCI DSS - No Exceptions

Today’s call centers are tasked with everything from keeping customers happy to delivering on strategic goals. One important task that cannot be overlooked is the need to conform with PCI (News - Alert) data security standards. 

Payment Card Information (PCI) security is an especially important topic for organizations that record calls or deal in sales and store this personal financial data.

Though remaining compliant with these standards can seem cumbersome, there are best practices for eliminating the capture of this sensitive information for storage. To help address this topic, CallCopy (News - Alert) recently hosted the, “Does Your Call Recording Comply with PCI Data Security Standards?  Learn Best Practices for Secure Handling of Customer Payment Card Data," webinar.

During the presentation, Matt Madzia, director of Product Development at CallCopy, detailed the definition of PCI and why it is so necessary to eliminate the recording of any personal payment card information including authentication data like CVV codes, pins, etc.,  that are spoken by a customer over the phone during a call. 

While compliance with these standards can seem like a giant process for organizations – since they are not specific to applications – hiring a QSA is recommended to help companies ensure PCI best practices are in place and software in place is meeting those needs.

A call recording solution should prevent sensitive data from ever being recorded or stored. Using a “Blackout” can find times when sensitive information is being shared and recording will stop at that time. 

Also, to protect data, organizations must make sure the call recording solution is encrypted and not openly readable without proper keys. This includes a minimum of 256 bit file level encryption for all audio and video files that are stored. It is also important to separate duties so that not just one person is able to have the access key and data – to limit exposure.

Ray Bohac, chairman and CIO at CallCopy, also noted that while PCI has been a hot topic in the industry lately. It’s something the company has had as a priority for some time now.

For CallCopy, the goal was to make their offering easily ensure compliance. To do so, they played the role of end user and hired a QSA to do a review of their product so they could go deeper into the implementation and create strategies to improve support.

Technology tools, the presenters stressed, are key to achieving a secure environment.

Other tips shared during the webinar include looking for SSL encryption for recording or playback mode with a call recoding software – not only when data is being recorded,  but when its being played back, it should be securely transported.

While there are other methods to achieving compliance, they can also pose potential issues – so organizations must do their homework before partnering with a call recording provider.  

Top items on an organizations checklist when looking for a call recording solution should include:

  • Protects stored cardholder data
  • Encrypts transmission of cardholder data
  • Prevents secure authentication data from being recorded.

Organizations should also ask these specific questions of a vendor:

  • How does your product assist me with reaching my goals as an organization?
  • Is there automated process in place to block recording of secure info.?
  • How does your company manage future updates?

Find out more by checking out the archived version of the Webinar HERE.

Want to learn more about the latest in communications and technology? Then be sure to attend
ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO click here.

Stay in touch with everything happening at ITEXPO. Follow us on Twitter.

Edited by Braden Becker