Hey, I'm Sibun!

Jalna, Maharashtra

Many organisations that use voice recordings throughout the Contact Centre achieve this as a result of it's required for enterprise causes, such as agent training or confirmation of verbal contractual agreements which might be carried out over the phone channel when promoting providers.

Depending upon the transaction kind, regulatory requirements to keep any recordings (for various durations of time) for playback apply. For businesses, notably in the financial providers and retail sectors, further necessities apply because of the fact that when purchase transactions are accomplished over the phone utilizing payment cards, certain knowledge must be protected.

For organisations which are required to document phone conversations and also take cost card particulars over the phone the recording and storage of this information can turn into a PCI compliance concern.

Typically the decision recording will report the entire conversation together with the Primary Account Number (PAN) and the three or 4 digit security code (CAV2, CVC2, CVV2 or CID). In addition to the issues required across the call recordings, enhanced processes and procedures are required for all of the different stages involved in and around the initial call.

There are many things to be thought-about when recording a name containing cardholder knowledge, it's critical to rapidly decide what knowledge must be protected, for what size of time and relying upon what analytical tooling is in place inside your small business; the suitable management and protection of this data is paramount. It is price noting that a number of the largest fraudulent actions that happen are often from throughout the organisation, so it is crucial to ensure that voice recording is looked at from both a expertise and a user process perspective, as they go hand in hand.

Some things to consider

- Is a proper Security Awareness Training programme in place and being maintained?

- Have you developed and carried out a set of PCI DSS compliant Policies?

- Are the call recordings saved securely?

- Is your network securely maintained and guarded against assault?

- Do you keep and secure a detailed set of auditable logs?

Where technology exists to stop recording of those knowledge elements, such technology ought to be enabled. If these recordings cannot be information mined, storage of CAV2, CVC2, CVV type 2 or CID codes after authorisation may be permissible as long as appropriate validation has been performed. This contains the physical and logical protections outlined in PCI DSS that should nonetheless be applied to those name recording formats.

What this implies:

Essentially, the Card Verification Value (CVV) must not be retained post authorisation. In any event, and only as a last resort, where a CVV is retained it must be held topic to extra security controls to satisfy the intent of the Standard, however all the time by way of a compensating management.

Before any such compensation management can be applied it have to be verified by a Qualified Security Assessor (QSA) in turn approval should be obtained for the compensation management from the buying bank.

How can Host Merchant Service assist you to?

Host Merchant Service is a QSA providing a range of services and options that enable organizations to become and remain compliant with the usual. We have developed tailored packages to address the specific requirements of organizations who should adjust to the necessities discussed in this document.

Sending to: 112 supporters

Add attachment (2MB filesize limit)

Your message has been sent!

Hi there! We're excited for you to send your first message.

Just a reminder, use messaging respectfully and appropriately. As a community of filmmakers and film lovers, we're here to tell stories, expand imaginations, build bridges and deepen empathy. Like everything on our platform, be supportive, create healthy debate, never get nasty and definitely don't spam. To use Seed&Spark, you agree to abide by our Code of Conduct.

Are you sure you want to delete this draft? There's no undo button!

The draft has been successfully deleted!


Hiding your project will prevent it from being viewed on the site or showing in search results on the web. Please note that it can take up to a week or two for Google to stop surfacing the page in search results. Anyone that clicks through before then will see the not found page.

Unhiding your project will allow it to be viewed on the site and show in search results on the web. Please note that it can take up to a week or two for Google to start surfacing the page again in search results.



Basic Info

Before we get started, please confirm the following:

By starting a project you agree to Seed&Spark’s Site Guidelines.



Basic Info


Saved to Watchlist

Way to go, you just added something to your watchlist for the first time! You can find and view your watchlist at anytime from your profile.