Pause Recording for PCI Compliance

Get in Touch

Credit/Debit card payments taken over the phone are subject to PCI DSS.

Credit/Debit card payments taken over the phone are subject to PCI DSS.

Ensuring you comply with the relevant PCI DSS requirements is essential when recording telephone conversations if taking credit and debit card payments over the telephone.

To comply with PCI DSS you must: 

  • Protect cardholder data 
  • Limit access to sensitive information 
  • Implement appropriate security measures 
  • Have clear policies and procedures.  

Doing so can help protect your customer’s sensitive information and minimise the risk of fraud and data breaches. 

Which industries fall under PCI Compliance? 

PCI DSS applies universally to businesses handling payment card information, regardless of transaction volume, method (e.g., POS terminals, online forms, phone), or sector. From Travel & Transport booking last-minute holidays over the phone to bookmakers in the Leisure industry processing bets for major sporting events, virtually all sectors must adhere to PCI standards. This underscores the relevance of PCI compliance to businesses of all sizes and industries, whether acquiring data via phone, website, or mobile app. 

Why PCI Compliance Matters and How It Affects Your Business 

Two primary factors drive PCI DSS compliance. Firstly, non-compliant businesses facing data breaches risk not just substantial fines from Card Schemes, but also potential exclusion from card acceptance programs, and placement in the Terminated Merchant File (TMF), akin to a blocklist. These consequences can be severe, underlining the urgency and importance of PCI compliance.  

Secondly, maintaining reputation and customer trust hinges on providing secure transaction environments and safeguarding cardholder data against fraud. 

Dispelling Common PCI Misconceptions 

Achieving PCI compliance is more complex than purchasing an off-the-shelf solution. Compliance hinges not on the recorder but on its deployment and integration within existing processes and systems, making each case unique. 

Common approaches that fall short of PCI Compliance include: 

  • Password protecting recorders 
  • Encryption (only PAN can be retained encrypted, not sensitive authentication data) 
  • Audio masking (retains sensitive data during processing) 

How Vidicode UK helps you achieve PCI Compliance  

Some voice recording solutions also require expensive add-ons such as CTI and TAPI licenses and the PCI feature. That’s not the case at Vidicode UK, where our Apresa call recording system provides users with a choice of four FREE options to ensure PCI compliance.

  • Manual DTMF
  • PC Application
  • Payment Page App Detection
  • Payment Page App URL

To ensure greater security and protection of any credit/debit card information stored, the Vidicode Apresa also includes.

  • Comprehensive audit trails with easy search for recordings
  • Fingerprinting & Encryption
  • Authenticated & restrictive user access

Additional improvements encompass Voice Crunch AI Speech Analytics, designed to monitor keywords and guarantee that no unauthorized information regarding the customer’s payment card is disclosed. 

What is PCI DSS? : Requirements when recording calls 

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards that major credit card companies developed to help protect against fraud and data breaches.

One of the requirements of PCI DSS is handling and storing credit and debit card information securely. This is especially important when recording telephone calls if credit and debit card payments are taken over the telephone.

One of the critical requirements of PCI DSS is the protection of cardholder data. This means you must encrypt sensitive information such as credit and debit card numbers, expiry dates, and security codes. When recording telephone calls, it is essential to ensure that sensitive data is masked or removed before storage.

Another requirement of PCI DSS is limiting access to cardholder data. Only authorised personnel should be able to access sensitive information such as credit and debit card numbers. When recording telephone calls, it is essential to restrict access to the recordings to authorised personnel only by implementing access controls such as passwords or biometric authentication.

Ensuring the recording systems and networks are secure and protected against unauthorised access when recording telephone calls is essential. This can be achieved by implementing firewalls, intrusion detection systems, and other security measures.

Finally, PCI DSS requires that organisations implement appropriate policies and procedures to ensure that the security of cardholder data is maintained. When recording telephone calls, it is essential to have clear policies and procedures to ensure that sensitive information is handled appropriately. This can include guidelines on managing and storing sensitive information and strategies for conducting and reporting data breaches.

Understanding Levels of Compliance 

PCI Compliance is categorised into four levels based on transaction volumes over 12 months: 

  • Level 1: Over 6 million Visa/Mastercard transactions 
  • Level 2: 1-6 million Visa/Mastercard transactions 
  • Level 3: 20,000-1 million Visa/Mastercard e-commerce transactions 
  • Level 4: Less than 20,000 Visa/Mastercard e-commerce transactions or up to 1 million Visa/Mastercard transactions 

PCI DSS Compliance Requirements 

Level 1 companies require yearly on-site reviews and network scans.  

Levels 2-4 complete annual self-assessment questionnaires and quarterly network scans. 

Implications of Non-Compliance 

  • Monthly fines ranging from £3,500 to £250,000 
  • Withdrawal of merchant services, impacting revenue streams 
  • Loss of customer trust and confidence in data security 

For more information on Apresa’s PCI DSS features call 0203 4881498 or complete the enquiry form

Important Links

See how we helped a home shopping channel with their PCI compliance

Go to our on PCI Compliance for Home Shopping Channel JML

Direct Marketing Association-PCI DSS Compliance as it relates to Call Recording     https://dma.org.uk/uploads/PCI%20Guidance%20Notes_542ec328e8176.pdf

https://www.pcidssguide.com/pci-compliance-for-call-centres/

Case Studies

Travel Up
Secure call recording for a travel broker

Since its inception in 2004, TravelUp has aimed to make worldwide travel effortless for its customers. With so many options for a customer, its bespoke deal finder technology searches masses of different suppliers simultaneously. It quickly returns all the best available deals for flights, hotels or full... Full Case Study

Games Workshop
Games Workshop

... Full Case Study

OEM Bespoke Solutions

Based in Huddersfield and proud of their Yorkshire heritage TLF Research boast a proven track record of improving the customer experience, satisfaction, and loyalty of their client’s companies through the design and running of customer research programmes. As a full-service agency TLF has assisted customers including Visa, Calor, Co-op and Saint... Full Case Study

SoloProtect

Over the last 20 years, SoloProtect has innovated and evolved to provide an industry-leading lone worker safety solution that is used by thousands of people across the world. SoloProtect work with public, private, and charity sector organisations that employ large numbers of staff who work alone, are community-based, or are required... Full Case Study

As one of Shropshire’s biggest and longest established Motor Dealerships Budgen Motors prides itself on giving excellent service to all its customers. Budgen has been in Shropshire for 40 years and it is still family run today. Originally started by Tommy Budgen in the 70s, Budgen was taken over by the late... Full Case Study

MSL Motor Group was founded by Stephen O’Flaherty who is widely celebrated as one of the great pioneers of modern Irish motoring. His grandson, who is also named Stephen O’Flaherty, is the Chairman of MSL Motor Group today. The O’Flaherty family have a long history in the Irish motor industry and have... Full Case Study

Call Recording, Call Management, Speech Analytics, Transcription

When Infinity Group, one of the UK’s largest IT and Telephony providers were tasked by Right to Health, to find a reliable, user friendly call recording platform that met FCA* compliance standards they turned to Vidicode UK and call recording expert Everton Stuart. Right to Health, founded in 2001, specialise in finding... Full Case Study

DF Markets (Delta Financial Markets Ltd.) is a Forex, CFD and Financial Spread Betting provider established and located in Canary Wharf, London. The company is regulated by the Financial Conduct Authority (FCA register number 534027). The protection of client funds is provided by the Financial Services Compensation Scheme (FSCS). DF Markets offers... Full Case Study

JML

Founded in 1986 by John Mills and now a global operation, JML was once a small family company that developed through consumer exhibitions with exciting live demonstrations of innovative products. Over the last two decades we’ve grown into a household name, one of the nation’s favourite brands and a world leader... Full Case Study

The company was founded in 2003, but in 2007, with the arrival of the new shareholder, we dedicated particular resources and energy to the Investment Management business, focusing on the search for good results and outperformance of the benchmark indices. Our team’s best management skills lie in UCITS Funds and Alternative... Full Case Study