How does PCI DSS Affect Your Call Recordings?
If your business or organisation takes card payments over the phone and records its calls, under PCI DSS regulations, you cannot store any sensitive authentication data in your call recordings. There are four ways in which you can ensure this data is not stored:
- By switching off your call recordings. This is an impractical option and you would lose all the benefits associated with call recording such as training, customer service and compliance. It is also impossible for business operating in regulated financial sectors.
- You could transfer the customer to an automated payment card processing solution such as an IVR. This is not customer-friendly solution and it also requires significant integration with back-end IT and telephony systems which will cost time and money.
- By using a call recording system which records the entire call apart from the sensitive authentication data. This is known as the ‘pause and resume‘ method. Pause and Resume is technically very difficult to robustly set up, and difficult to maintain during future changes in your organisation.
- Filter out the sensitive card data from the recording system, so it is never recorded. This is how CallGuard works.
Using CallGuard, you will make your existing call recording system PCI DSS compliant. A neat ‘bolt-on’ to ANY call recording system, it solves the headache created by the demands of making your call recordings PCI DSS compliant. In addition, CallGuard also stops agents from seeing card data, and does not require any changes to your existing payment, telephony or computer systems.
For more information on the methods for becoming PCI DSS compliant for call recordings, please see our comparison table.
Some approaches to securing call recordings are not compliant with PCI DSS.