PCI DSS stands for Payment Card Industry Data Security Standard. The standard was developed by the major credit card companies as a guideline to help organisations that process card payments prevent credit card fraud. A company storing payment card data in a Voice Recording system must be PCI DSS compliant or risk losing their ability to process credit card payments, being audited and/or fined.
Symphony™ - PCI Compliance
Where voice recording is concerned there are two main principals to be considered in relation to complying with PCI DSS;
- Security surrounding the recording of a customer’s personal data and credit card number and;
- Mandatory requirement not to record the customers three digit card security code (CVV2).
Weston Digital Technologies Symphony™ platform allow customers to meet the requirements of the first principal for compliance through a number of standard system features;
- All recordings are encrypted
- Passwords for system access are encrypted
- Access to the system is protected by enhanced security features
- User account privileges and access to recordings are controlled by the individual users account permissions
- The system has a comprehensive audit trail log which monitors all system and user events
- IP address and/or computer name of the computer used to access the system is recorded in the system audit trail
- Various call retention policies can be configured to accommodate different retention requirements. Calls can be automatically deleted after a pre-set time interval
Symphony PCI Compliance Suppression allows customers to comply with the second principal by suppressing recording during activation. The discarded audio is replaced with a tone to indicate that audio has been suppressed for security. There are several ways to invoke Compliance Suppression which are described on the following page;
|Dial a Code:a configurable keypad sequence is dialled by the agent on their handset to start and stop PCI suppression*||When an agent needs to take credit card details during a call, before asking for the details they key in a DTMF codeto suppress recording. Once the transaction is complete, the code is re-entered and recording resumes. If the agent forgets to re-activate recording, it resumes automatically with the next call they make or receive or it can be configured to resume automatically after a specified time period.|
|Pause Button:a windows application is installed on the agent’s workstation to control PCI suppression. Clicking the button starts and stops PCI suppression†||When an agent needs to take credit card details during a call, before asking for the details they click the application icon on their desktop to suppress recording. Once the transaction is complete the agent clicks on the icon again and recording resumes. If the agent forgets to re-activate recording, it resumes automatically with the next call they make or receive or it can be configured to resume automatically after a specified time period.|
|Screen Observation:a service runs transparently in the background on the agents’ workstation triggering PCI suppression automatically when a card-payment application or card data capture page is launched. Recording resumes when the application or screen is closed†||When an agent needs to take credit card details during a call and launches the card-payment application or page, the service automatically recognises the application Window or page name and PCI suppression starts automatically. Once the transaction is complete and the application Window or page is closed, recording resumes.|
|Symphony API Tool Kit:this allows systems integrators and software developers to customise the interaction between their own business applications and Symphony for PCI suppression, recording control, replay and database integration.||When an agent needs to take credit card details during a call and launches the card-payment application or page, the business application makes an API call to invoke PCI suppression. Once the transaction is complete the business makes a further API call to resume recording.|
*This functionality is only available for TDM systems.
†This functionality requires CTI Integration with host PABX.