Contact Us
General Enquiries Tel: 020 8326 8326
Need Support? Tel: 020 8326 8300
red box logo
NICE fully colourised logo
NICE in contact fully colourised logo
Verint fully colourised logo
Microsoft fully colourised logo
Contact Centre Technology

Three important approaches to call recording for PCI Compliance

5 min read
Author Atiq Rehman
Date Jul 30, 2013
Category Compliance

Update August 2016 – We’ve recently put together an updated article on PCI DSS Compliance. Check out our latest articles on this topic – The Insiders’ Guide to Contact Centre PCI Compliance

Pause and resume in call recording can help you meet your PCI compliance obligations, but ideally this needs to be an automated process rather than an agent triggered manual method. So it’s worth reminding ourselves of the three forms of automated methods that can be used in call recording that can help you meet your Payment Card Industry obligations.

The use of pause and resume in call recording for PCI Data Security Standards compliance has been getting a bit of attention recently – does it meet PCI requirements or not? The answer has to be “maybe”, and as always, the devil is in the detail! If you rely on the agent to remember to pause the recording then this form of manual pause and resume has inherent dangers (human error). But if the pausing and resumption can be triggered automatically, then you are in a better position.

So it’s worth recapping on the forms of automated methods that can be used in call recording that can help you meet your PCI DSS obligations. Here’s the three that we use most frequently:

Automated Pause & Resume: compliant recording is achieved because the recording system automatically stops recording during the payment process when sensitive customer information is being exchanged. This is achieved through integrating the call recorder with your agent desktop and/or transactional systems.

Automated Mute & Unmute: similar in principle to pause & resume, this approach mutes both the agent and the caller audio within the recorder while the agent is in the payment details screen. The recording isn’t “stopped” but, importantly, nothing is recorded.

DTMF collection of payment details: here the caller keys in credit card number, expiry date and authentication code. The agent stays on the line, so there is no transfer involved, but they don’t hear the card details and the solution suppresses the recording of the DTMF tones.

While each of these approaches can support PCI compliance, there are subtle but important differences between them. For a fuller understanding of each approach you should read “How to Ensure PCI DSS Compliance” the latest guide in our Business Systems Best Practice series. This paper provides a practical guide to PCI and how call recording should be deployed to comply.

If you want to find out more on how Business Systems can help you ensure compliance, feel free to contact us: 0800 458 2988, [email protected].