November 2, 2017
Depending on the function of the contact center in your business, your agents may need to process credit card transactions over the phone. If so, you must remain in compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI compliance requires that all companies that accept, process, store, or transmit credit card information must provide ample data security to protect this information from hackers.
For most businesses, staying PCI compliant is a top priority, but your contact center may be violating these standards and leaving this data (and your business) vulnerable.
Call Recording: the Unexpected Culprit
Many contact centers today record their calls. It assists with quality management, training, remediating customer conflicts, and more. IN addition, your organization may be required to record calls in order to stay in compliance with certain legal requirements. The point is that call recording is a common and widespread industry strategy. Yet if your customers are openly reading their credit card numbers aloud over the phone, those recordings violate PCI standards if not properly protected.
This leads to a few crucial questions:
Where are those calls being stored?
What is the security on those recordings?
How long do you intend to keep those recordings?
Hackers have been known to target these call recordings as a possible source of credit card information. Should a hacker infiltrate your network and procure these recordings, credit card companies are able to hold your business liable for damages.
Staying within PCI Compliance: Two Solutions
Of course, your contact center can simply stop recording their calls, but you’ll lose out on the immense value a library of recording calls can bring you. Instead you must find a way to preserve the recording while still avoiding sensitive customer information. To do that, there are two solutions: one manual and one automatic.
- Manual Solution: This approach requires the agent to manually stop a recording before the sensitive information is read aloud and resume the recording once the information in entered into the system. While this requires no software to enact, it does leave itself open to human error.
- Automated Solution: Alternatively, Mindsight can develop a custom script for your call recording software otherwise known as “automated pause and resume” or “automated mute and unmute” technology. When the contact agent clicks into the field to enter the credit card number, the script will immediately pause the recording or mute the caller. Once the agent moves on to the next form field, the caller will be unmuted or the recording will resume. This approach has the dual benefit of protecting customer data and eliminating the possibility of human error.
Protect Your Customer Data and Remain in PCI Compliance
In an age of high profile hacks where even enormous international corporations are vulnerable, the best way to protect your customer data is to not possess it in the first place. Even though it is inadvertent, even though you may have been unaware, you must not record sensitive customer information in your contact center.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
For Further Reading: