PCI credit card compliance: Credit card data protection (over the phone)

Ask the Expert

PCI credit card compliance: Credit card data protection (over the phone)

As we move towards PCI credit card compliance, I have been asked by our call centre to look at installing a recording function on the phone system (as many do). The problem is that card transactions are taken over these phone lines, which means people's card details are recorded along with the conversation, and these include the security code.

PCI says you can't store this data, so how can certain providers sell their products to call centres and say these recordings can be stored for any length of time unencrypted?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

Regarding credit card data protection, it is a requirement of the Payment Card Industry's Data Security Standard (PCI DSS) that all records that contain the primary account number (PAN) and the CVV number (the 3-digit security code), if they are stored together (which they shouldn't be), must be encrypted. If the vendor that you've chosen doesn't produce an adequate product for that purpose, I suggest that you look for alternatives elsewhere.

This was first published in June 2009


COMMENTS powered by Disqus  //  Commenting policy