TMCnet - World's Largest Communications and Technology Community



Making Call Center Compliance and PCI Data Security Standards Easy

TMCnews Featured Article

July 30, 2012

Making Call Center Compliance and PCI Data Security Standards Easy

By Tracey E. Schelmetic, TMCnet Contributor

If you're a call center and you sell anything, or even simply facilitate sales, you're probably storing personal financial data in the form of payment cards in your call center. Even if you're not storing the information, chances are, you're inputting the information somewhere. Chances are also good that if you record calls for quality, performance management and training purposes, the data is getting stored anywhere, even if indirectly and you never intend to actually use the card data again. If you do this, then out of necessity, you must be complying with Payment Card Industry Data Security Standards (PCI (News - Alert) DSS).

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for that companies handling cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards must comply with. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls and security around cardholder data to reduce credit card fraud as a result of data loss or theft. Validation of compliance is done annually by an external Qualified Security Assessor (QSA) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

To assure compliance, call centers that record telephone calls must adopt best practices that ensure that the company's call recording system eliminates capture of customer cardholder data from processing and storage. It's easier said than done, however. Contact centers are stumbling in find ways to handle customer payment card transaction and understand how technical and architectural compliance assessments can determine how the call recording system may be removed from Payment Application Data Security Standards validation.

CallCopy (News - Alert) will sponsor a Web event tomorrow titled, “Does Your Call Recording Comply with PCI Data Security Standards? Learn Best Practices for Secure Handling of Customer Payment Card Data.” The event will detail how a company's call recording system can be implemented not to be “payment aware” at any time and not qualify as a “payment application” according to the PCI Security Standards Council’s definition. When implemented as specified, a contact center's call recording will not negatively impact PCI DSS compliance and will ensure that customers’ payment card data are being handled securely.

Edited by Stefania Viscusi

Technology Marketing Corporation

35 Nutmeg Drive Suite 340, Trumbull, Connecticut 06611 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments:
Comments about this site:


© 2017 Technology Marketing Corporation. All rights reserved | Privacy Policy