What are best practices for credit cards in a call centre?

Ask the Expert

What are best practices for credit cards in a call centre?

Can a call centre, which takes credit card payments, record telephone conversations, which will obviously contain full card details, name, address, security code etc.? Also, can it then archive these recordings for any period it wants?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

Credit card data that is collected by a call centre is subject to the PCI Data Security Standard (PCI DSS), however it is collected. The PCI restriction against storing CVV numbers (security code) alongside the primary account number (PAN), or more simply the credit card number, will apply. That storage of credit card data it is not allowed under any conditions.

The Data Protection Act also applies, as this is personal data. So the credit card data from call centres may only be collected in ways and for purposes that callers have consented to, and must be protected appropriately. It then must be destroyed as soon as that purpose is achieved. In other words, the information may not be stored indefinitely.

This was first published in May 2009


COMMENTS powered by Disqus  //  Commenting policy