Home
Topics
IT security
Regulatory compliance and standard requirements
What are best practices for credit cards in a call centre?

What are best practices for credit cards in a call centre?

Alan Calder, Compliance

Can a call centre, which takes credit card payments, record telephone conversations, which will obviously contain full card details, name, address, security code etc.? Also, can it then archive these recordings for any period it wants?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Credit card data that is collected by a call centre is subject to the PCI Data Security Standard (PCI DSS), however it is collected. The PCI restriction against storing CVV numbers (security code) alongside the primary account number (PAN), or more simply the credit card number, will apply. That storage of credit card data it is not allowed under any conditions.

The Data Protection Act also applies, as this is personal data. So the credit card data from call centres may only be collected in ways and for purposes that callers have consented to, and must be protected appropriately. It then must be destroyed as soon as that purpose is achieved. In other words, the information may not be stored indefinitely.

Read More

This was first published in May 2009

Back to top

More from Related TechTarget Sites

CIO
Security
Networking
Data Center
Data Management

CIO
- #MITCIO tweets and tips on architecting the enterprise of the future
  
  Six takeaways from the MIT Sloan CIO Symposium on architecting the enterprise for cloud, big data, mobile, you-name-it.
- IT strategies are no way to do business
  
  Fresh off the MIT Sloan CIO Symposium, Searchlight looks at IT strategies, having a blast while building a data center, doing safe search and more.
- City CIO propels open government initiative with technology innovation
  
  IT Leadership Awards finalist, CIO Jonathan Reichental, launched a successful open government initiative by using technology innovation.
Security
- Case study: CDI launches aviation company DLP program on short runway
  
  Technology services company CDI-Aerospace used a Verdasys DLP solution to manage third-party risk for a major aviation client.
- IT certification guide: Vendor-specific information security certifications
  
  Experts Ed Tittel and Mary Lemons provide a 2013 overview of vendor-specific information security certifications available.
- Introduction: Vendor-neutral security certifications for your career path
  
  Ed Tittel and Mary Lemons offer the definitive primer for vendor-neutral security certifications in 2013.
Networking
- F5 Application Acceleration Manager combines WAN, Web optimization
  
  F5 Application Acceleration Manager is a single platform for transport, data center and application optimization.
- Robust network security solutions still lacking
  
  As network attacks grow in intensity, network administrators are still seeking tools to block intrusions.
- Networking blogs: The MapR platform strategy; Tax Day case for IPv6
  
  This week, networking bloggers point out the steady progress of the MapR platform and make a case for the serious adoption of IPv6.
Data Center
- Data center modernization starts with cloud, SDN and virtualization
  
  Some of the technologies driving data center modernization include cloud computing, flash storage, virtualization and software-defined networking.
- Data center technologies evolve to meet tomorrow's computing demands
  
  VMware's upcoming public cloud and AMD's 64-bit ARM servers are technologies for the data center that exemplify the changes in the IT industry.
- New data center cooling strategies to improve efficiency, lower costs
  
  Stagnant strategies for data center cooling will keep energy bills climbing ever higher, but a more modern approach can bring them back down to earth.
Data Management
- New BI stack tackles data load at Boston Children's Hospital
  
  Boston Children's Hospital upgraded its business intelligence architecture to boost enterprise reporting, a move that also required retraining users.
- Expanded Hadoop use cases will drive need for new enterprise features
  
  With user interest rising, Hadoop vendors are trying to pave a path to higher adoption with add-ons that target issues holding the technology back.
- Jim Goodnight on SAS in-memory analytics and the data scientist
  
  A podcast Q&A with SAS execs Jim Goodnight and Jim Davis looks at big data enablers, including in-memory analytics, and the role of data scientists.

All Rights Reserved,Copyright 2000 - 2013, TechTarget