PCI Compliance

January 20, 2012

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements that guarantee that all companies that process, store or transmit credit card information maintain a secure environment.  This applies regardless of size or number of transactions that an organization processes annually.   Most companies achieve PCI compliance by not keeping the credit card information in any type of database once the transaction is complete.  One often overlooked violation of PCI compliance is Telephone Call Logging or more simply stated recording the customer reading the credit card information to your call center agent or employee.

Companies that deploy call logging see increased employee performance through the use of objective employee grading standards.  This results in improved customer service and efficiency.  It is not a practical option for organizations to give up these productivity gains merely to achieve PCI compliance.

What are the options to achieve PCI compliance while still using call logging technology?  Options include having the employee manually pause the recording.  A second method is to transfer the caller to an unrecorded extension, collect the credit card information and hand the call back to the original agent.  Another option is to transfer the caller to an unrecorded Interactive Voice Response Unit (IVR) and have the machine take the number.  The fourth and most effective option is integrating your call logging appliance into your Customer Relationship Management Software (CRM).  The problem with solutions 1, 2, and 3 is that with any manual process the issue is getting your employees to following the process without fail.

The most reliable method is to integrate your call logging appliance into your CRM application.  With an integrated solution as soon as the employee clicks on the computer screen field to enter the credit card data the call logging appliance automatically shuts off.  Once the cursor is moved from that field the call recording automatically begins again.

Many organizations have deployed call logging; make sure you take a fresh look at what calls you are recording or risk losing your ability to process credit cards. Please feel free to contact me if you have questions about how to secure your credit card data.  I will put you in touch with a data security expert.

Craig Hodges

Craig_hodges@bsbcom.com

586-330-9252

Posted in Understanding Telephony Blog | Edit | Leave a Comment »

Advertisements

One thought on “PCI Compliance

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s