Pause Recording for PCI Compliance

Credit/Debit card payments taken over the phone are subject to PCI DSS.

Ensuring you comply with the relevant PCI DSS requirements is essential when recording telephone calls if taking credit and debit card payments over the telephone. Gone are the days when you could scribble down the cardholder’s details. You must protect cardholder data, limit access to sensitive information, implement appropriate security measures, and have clear policies and procedures.

In many companies, the person taking the card details will use their telephone keypad to mask out the card number. The telephone keypad emits DTMF (Dual-Tone Multi-Frequency) tones down the line to achieve this.

Some voice recording solutions also require expensive add-ons such as CTI and TAPI licenses and the PCI feature. That’s not the case at Vidicode UK, where our Apresa call recording system provides users with four FREE options to ensure PCI compliance.

• Manual DTMF
• PC Application
• Payment Page App Detection
• Payment Page App URL

To ensure greater security and protection of any credit/debit card information stored, the Vidicode Apresa also includes.

• Comprehensive audit trails with easy search for recordings
• Fingerprinting & Encryption
• Authenticated & restrictive user access

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards that major credit card companies developed to help protect against fraud and data breaches.

One of the requirements of PCI DSS is handling and storing credit and debit card information securely. This is especially important when recording telephone calls if credit and debit card payments are taken over the telephone.

One of the critical requirements of PCI DSS is the protection of cardholder data. This means you must encrypt sensitive information such as credit and debit card numbers, expiry dates, and security codes. When recording telephone calls, it is essential to ensure that sensitive data is masked or removed before storage.

Another requirement of PCI DSS is limiting access to cardholder data. Only authorised personnel should be able to access sensitive information such as credit and debit card numbers. When recording telephone calls, it is essential to restrict access to the recordings to authorised personnel only by implementing access controls such as passwords or biometric authentication.

Ensuring the recording systems and networks are secure and protected against unauthorised access when recording telephone calls is essential. This can be achieved by implementing firewalls, intrusion detection systems, and other security measures.

Finally, PCI DSS requires that organisations implement appropriate policies and procedures to ensure that the security of cardholder data is maintained. When recording telephone calls, it is essential to have clear policies and procedures to ensure that sensitive information is handled appropriately. This can include guidelines on managing and storing sensitive information and strategies for conducting and reporting data breaches.

For more information on Apresa’s PCI DSS features call 0203 4881498 or complete the enquiry form

Important Links

Direct Marketing Association-PCI DSS Compliance as it relates to Call Recording     https://dma.org.uk/uploads/PCI%20Guidance%20Notes_542ec328e8176.pdf

https://www.pcidssguide.com/pci-compliance-for-call-centres/