What is PCI Compliance Call Recording?

The federal government and industry organizations have passed a variety of rules requiring companies to secure their data, from customer and employee social security numbers, to credit card numbers, to internal documents. And yet, 81% of companies breached were not compliant with PCI data security standards at the time of a data loss incident, according to a National Retail Foundation study. 

A call recorder system must be compliant with PCI processing guidelines. This entails the removal of certain information such as credit card security codes from recorded calls. Data considered non-sensitive, and thus safe to archive, includes call date/time, customer ID, agent ID, sale or collection amount and hold time. 

When considering a call monitoring system, make certain that there are safeguards in place to adhere to PCI compliance. In the area of privacy, this would include the capability (automatic or manual) by a call center employee to pause a recording when sensitive customer information is revealed, and resume recording thereafter. 

Encryption is another key element of PCI protection. All sensitive data should be encrypted at the time of its collection, and remain so during the storage, transfer and archival process. 

As part of an overall workforce management strategy, the call recorder program should also provide security audits that specify when a call recording database has been accessed, and by which employee or manager. Passwords should be in place to protect against unauthorized access. 

While these measures are vital to protect the financial information of call center customers, they are equally vital to the call center, to protect from the liability and loss of customer confidence that would result from a data breach.