Ensuring a secure environment, being PCI compliant, when taking credit card details over the phone is essential. The Payment Card Industry Data Security Standard (PCI DSS) sets standards that require all companies to accept, process, store and transmit credit card data securely at all times.
What is PCI?
The Payment Card Industry Security Standards Council (PCI SSC) was launched in 2006 with the aim of managing security standards within industries that take credit card details in order to administer transactions. The PCI SSC is an independent body that was created by the major payment card brands; Visa, MasterCard, American Express, Discover and JCB.
Guidelines are designed to protect customers making a payment using a credit card. Standards exist for all forms of transactions whether they are in person, online or over the phone. Particular attention is paid within the security standards for over the phone transactions where call logging or recording systems are in use.
Is Telestat Call Recording Software PCI compliant?
Yes. Telestat Call Recording Software is PCI compliant as a result of the pause/resume feature that exists within the programme. At the point that credit card details are being taken the recording of the call can be paused, ready to be resumed at the point that the transaction is complete. This feature alleviates any potential of the data becoming compromised.
Beyond the technology
Technology such as Telestat Call Recording Software has been adapted and developed in order to ensure that business can remain PCI compliant and yet still manage to evaluate and monitor important aspects of their performance. However, wherever there is human intervention within any process, further steps should still be taken to guard against any possible compromise. Often payment details are being taken in call centre environments, manned in some cases for 24 hours a day, meaning that the turnover of staff needs managing effectively. It’s therefore vital for businesses to be able to demonstrate where procedures have been put in place beyond the technology to ensure that data remains safe and secure.
Sample steps that can be taken could include –
- The removal of pens and paper from call centre environments
- Restricting or completely removing the use of mobile phones within the workspace
- Ensuring that login procedures are strictly adhere to and that users are only allowed access to areas of the system that require to work
- Restricting the number of staff that have access to sensitive data
Despite the existence of PCI guidelines, responsibility remains squarely with the individual businesses to be able to prove that all data, but particularly sensitive financial information, is handled securely and professionally. Finding the right balance between technology and human intervention is of the utmost importance and should not be taken lightly. The adoption of the right form of call recording software can still allow for a business to be PCI compliant and yet still manage to make use of all the benefits such systems can bring to the organisation.
If you’d like to find out more about call recording or call logging software please don’t hesitate to give us a call; we’d be happy to tell you everything we know – which happens to be rather a lot! Drop us a line on 0333 0022 440, or contact us. We’re here ready to help.