PCI DSS Compliance and Call Recording

How does PCI DSS Affect Your Call Recordings?

For most businesses, recording calls is compulsory - so how can you make them PCI DSS compliant?

If your business or organisation takes card payments over the phone and records its calls, under PCI DSS regulations, you cannot store any sensitive authentication data in your call recordings. So put simply, there are four ways in which you can ensure this data is not stored:

web payments

1. Switch off your call recordings

Without any call recordings, there is no risk. However - this is an impractical option and you would lose all the benefits associated with call recording such as training, customer service and compliance. It is also impossible for business operating in regulated financial sectors.

2. Transfer the customer elsewhere

You could transfer your customers to an automated payment card processing solution such as an IVR. This is not customer-friendly solution and it also requires significant integration with back-end IT and telephony systems which will cost time and money.

3. 'Pause and Resume'

This commonly involves using a call recording system which records the entire call apart from the sensitive authentication data. This method is technically very difficult to robustly set up, and difficult to maintain during future changes in your organisation. Even Automatic Pause and Resume is not recommended by the PCI SSC.

4. Filtering out the sensitive data

Put simply enough, if you filter out the sensitive card data from your call recording systems so it's never recorded - and this will make your existing call recording system PCI DSS compliant. Find out more about how CallGuard works.


CallGuard will make your existing call recording system PCI DSS compliant.

Compatible with any call recording system, CallGuard solves the headache created by the demands of making your call recordings PCI DSS compliant. In addition, CallGuard also stops agents from seeing card data, and does not require any changes to your existing payment, telephony or computer systems.

Need to Compare?

Compare the different methods being used to make call recordings PCI DSS compliant.

There are Non-Compliant Methods

Some approaches to securing call recordings are not compliant with PCI DSS.