Why PCI Redaction Matters: Creating a Queryable Database of Customer Insight

by Emily Nave

Not long ago, one of the three major credit bureaus, Equifax, endured a security breach that put nearly half the country’s personal and financial information in jeopardy. The fiasco has cost the company millions in legal fees and something that no dollar amount can ever replace: their reputation.

It doesn’t matter if you’re running a multibillion-dollar giant like Equifax or a small mom-and-pop shop—data security breaches can happen to anyone. If you are accepting credit cards as a form of payment or collecting any other type of personal information, you have taken on the burden of protecting that information for your customer. This rings especially true for call centers that collect this type of data.


A standard of due diligence has been put in place in order to protect consumers’ data from theft and companies from potential legal issues. The Payment Card Industry Data Security Standard Compliance (or PCI compliance) is a set of measures put forth to hold companies accountable for protecting their payment or credit card information. These strict standards hold hefty penalties if not adhered to.

When it comes to call centers collecting this type of information en masse, the burden can become even heavier. If you are using speech recognition and analytics software to record and transcribe conversations for data and training purposes, you need to be sure that you have the proper processes put in place to cover and encrypt any sensitive customer information.

With technology such as VoiceBase’s speech recognition and analytics API, you are protecting consumer data while still mining invaluable insights from conversations. VoiceBase’s platform is PCI DSS Level 1 certified, the highest certification possible, so you can rest easy knowing that all of the personal information coming into your call center is handled with care. And by protecting their information, you are in turn protecting your own reputation as a company. Let’s explore a few of the features and benefits that you will realize when you go with VoiceBase for your speech solution. 


VoiceBase’s Detection API is a feature that identifies the specific start and stop time (milliseconds) of a particular phrase. This is most beneficial for detecting sensitive, personal information like social security and credit card numbers, but it is also beneficial for detecting events such as upset customers, sales and appointments made, mentions of competitors, and product feedback.

Detection can also help greatly with insights such as agent monitoring and script adherence. Detection comes with a set of general phrases that can be understood in any context, but it is always advisable to train the detection tool on your own data to ensure the highest accuracy possible.

Once a certain phrase is detected, you then have the option to redact that information. PCI Redaction is a feature that identifies the specific start and stop time of a phrase and then redacts that sensitive information from both the audio and transcript. For audio, the API will return scrubbed recordings with flat tones where PCI info is detected, and for text redaction, we will replace the sensitive data with the term [redacted]. Obviously, this feature is imperative to your company’s PCI compliance.


VoiceBase’s detection and redaction tools are nearly foolproof, too. We have found that 97 percent of calls with PCI present have more than two-thirds of the cardholder data redacted, rendering those credit cards useless. The leftover 3 percent of calls that didn’t have the data redacted was simply due to poor call quality and wasn’t recorded correctly in the first place.



Before this technology existed, if you wanted to make conversations with personal information queryable, you would have to go into each call and manually redact the information yourself. While typically accurate, the process costs hours of time and manpower and you would only get to a small fraction of your calls.

With automated detection and redaction, you can now mine data and make all transcripts searchable. This opens up a wealth of information of customer insights to help you make more informed business decisions for agents dealing with sensitive situations.

Your customer’s security should be your top priority. However, you also want to be able to utilize the data that lives within the conversations that contain your customer’s personal information. VoiceBase’s Detection and Redaction API makes it easier than ever to protect your customer’s data and remain PCI compliant while still tapping into the nuggets of insights in those interactions.

Need tips for PCI compliance and other compliance considerations? We wrote you a guide book. Get a complimentary copy of the Executive Guide to Call Center Compliance.

pci compliance tools and tips e book

More From the Voice analytics blog

Predictive Analytics for Strategic Insights

Predictive Analytics for Strategic Insights

Predictive analytics is an advanced form of data mining that leverages machine learning to identify patterns in voice recordings, intuit a speaker’s intent, and predict a future outcome — be it a sale, account cancellation, or one of many customized “X” signals your clients might request.

read more