Ensuring you comply with the relevant PCI DSS requirements is essential when recording telephone conversations if taking credit and debit card payments over the telephone.
To comply with PCI DSS you must:
Doing so can help protect your customer’s sensitive information and minimise the risk of fraud and data breaches.
Which industries fall under PCI Compliance?
PCI DSS applies universally to businesses handling payment card information, regardless of transaction volume, method (e.g., POS terminals, online forms, phone), or sector. From Travel & Transport booking last-minute holidays over the phone to bookmakers in the Leisure industry processing bets for major sporting events, virtually all sectors must adhere to PCI standards. This underscores the relevance of PCI compliance to businesses of all sizes and industries, whether acquiring data via phone, website, or mobile app.
Why PCI Compliance Matters and How It Affects Your Business
Two primary factors drive PCI DSS compliance. Firstly, non-compliant businesses facing data breaches risk not just substantial fines from Card Schemes, but also potential exclusion from card acceptance programs, and placement in the Terminated Merchant File (TMF), akin to a blocklist. These consequences can be severe, underlining the urgency and importance of PCI compliance.
Secondly, maintaining reputation and customer trust hinges on providing secure transaction environments and safeguarding cardholder data against fraud.
Dispelling Common PCI Misconceptions
Achieving PCI compliance is more complex than purchasing an off-the-shelf solution. Compliance hinges not on the recorder but on its deployment and integration within existing processes and systems, making each case unique.
Common approaches that fall short of PCI Compliance include:
How Vidicode UK helps you achieve PCI Compliance
Some voice recording solutions also require expensive add-ons such as CTI and TAPI licenses and the PCI feature. That’s not the case at Vidicode UK, where our Apresa call recording system provides users with a choice of four FREE options to ensure PCI compliance.
To ensure greater security and protection of any credit/debit card information stored, the Vidicode Apresa also includes.
Additional improvements encompass Voice Crunch AI Speech Analytics, designed to monitor keywords and guarantee that no unauthorized information regarding the customer’s payment card is disclosed.
What is PCI DSS? : Requirements when recording calls
PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards that major credit card companies developed to help protect against fraud and data breaches.
One of the requirements of PCI DSS is handling and storing credit and debit card information securely. This is especially important when recording telephone calls if credit and debit card payments are taken over the telephone.
One of the critical requirements of PCI DSS is the protection of cardholder data. This means you must encrypt sensitive information such as credit and debit card numbers, expiry dates, and security codes. When recording telephone calls, it is essential to ensure that sensitive data is masked or removed before storage.
Another requirement of PCI DSS is limiting access to cardholder data. Only authorised personnel should be able to access sensitive information such as credit and debit card numbers. When recording telephone calls, it is essential to restrict access to the recordings to authorised personnel only by implementing access controls such as passwords or biometric authentication.
Ensuring the recording systems and networks are secure and protected against unauthorised access when recording telephone calls is essential. This can be achieved by implementing firewalls, intrusion detection systems, and other security measures.
Finally, PCI DSS requires that organisations implement appropriate policies and procedures to ensure that the security of cardholder data is maintained. When recording telephone calls, it is essential to have clear policies and procedures to ensure that sensitive information is handled appropriately. This can include guidelines on managing and storing sensitive information and strategies for conducting and reporting data breaches.
Understanding Levels of Compliance
PCI Compliance is categorised into four levels based on transaction volumes over 12 months:
PCI DSS Compliance Requirements
Level 1 companies require yearly on-site reviews and network scans.
Levels 2-4 complete annual self-assessment questionnaires and quarterly network scans.
Implications of Non-Compliance
Important Links
See how we helped a home shopping channel with their PCI compliance
Go to our on PCI Compliance for Home Shopping Channel JML
Direct Marketing Association-PCI DSS Compliance as it relates to Call Recording https://dma.org.uk/uploads/PCI%20Guidance%20Notes_542ec328e8176.pdf
https://www.pcidssguide.com/pci-compliance-for-call-centres/