PCI Compliance and Risk for Enterprise Telecommunications

by Alissa Pagels-Minor


PCI – PII Redaction requirements

Electronic data processing laws are constantly evolving and there are many standards and regulations that today’s businesses need to maintain. PCI – DSS, the International Payment Card Industry Data Security Standard, is a global information security standard designed to prevent fraud by strengthening the control of credit card data.  These standards are designed to protect merchants and their customers from breaches that could compromise the integrity of their credit and debit card data. 

When an organization of any size accepts payment cards from any of the five major credit card brands, it must follow PCI / D SS standards. According to the PCI Security Standards Council, one of the most important requirements for recording conversations is how customer card data is stored and handled. If you are a merchant that accepts credit or debit card payments, you should be able to store and transfer your cardholder’s data securely. The PCI Security Standards Council has developed and maintained a set of standards for secure access to credit card information and other sensitive information

How can Call Centers Maintain PCI Compliance?

Some recording systems have buttons for call center agents that allow them to interrupt the recording when a credit card number is spoken. This start/stop method adds further complexity to agents’ processes and opens up greater possibilities for error. Many modern enterprise companies use an automated method of PCI Redaction that utilizes Natural Language Processing (NLP) and voice analytics to automatically detect the moment a customer starts speaking their card number to redact it from the recording and the transcript. This results in “[redacted]” appearing in the transcript and an auto tone in the recording blocking the data. 

Heightened Risk

If the Target data breach has taught us anything, it is that failure to protect customer private data can lead to serious fines and reputational problems. Not only do companies risk massive fines for data breaches and lack of compliance, but the damage done to the brand can also be immeasurable. Contact Centers are often the main target of fraudulent activity because they store Personally Identifiable Information (PII), including personal information such as names, addresses, telephone numbers, and credit card numbers.

For a company to be PCI compliant it needs to pass strict standards regarding its People, Processes, and Technology.   This includes how employees are vetted, how personal data is handled, and what security and technology are in place to protect customer data.  When Personally Identifiable Information (PII) information is verbally spoken, where is that voice recording stored? Who has access to it? How many years is it stored?   All these facets need to be evaluated carefully when evaluating PCI compliancy.

Automate Your PCI Compliance

Any company, regardless of industry, must be aware of PCI compliance requirements if they are handling credit card data in any way. Sourcing vendors that are also PCI compliant and aware of latest regulatory requirements is important. VoiceBase partners with many customers to ensure the automatic, accurate redaction of PII from every single call being handled by their call centers. As a PCI DSS Level 1 certified provider, we help our customers minimize risk and improve operating efficiency with our PCI redaction technology. 

Want to learn more about how VoiceBase PCI Redaction works for call centers? Download the PCI Redaction info sheet here

pci compliance infosheet

More From the Voice analytics blog

call recording     Data security     PCI Compliance     PII     telecom