On a daily basis, millions of people give their credit card, debit card, and bank account information to retailers and service providers. In a survey conducted by Visa, 44 percent of credit card users were concerned about their information being stolen over the phone.
The Payment Card Industry Data Security Standards have been enacted since 2006 to protect this financial information when it is processed, stored, and transmitted. For businesses that record phone calls and electronic interactions for regulatory compliance, risk management, or quality assurance, the contact center must implement several levels of security to comply with the PCI standards and ensure the integrity of their practices.
Step 1: Encryption. Both the call and the desktop activity must be encrypted at the time of the recording. This level of security is critical because it protects data even if network security is compromised. Even if an encrypted file such as a recording is acquired, the unauthorized individual will not be able to play it.
Step 2: Access Control. Team members within the contact center require various access to call and screen recordings. For example, a quality assurance analyst performing an agent’s evaluation does not necessarily need to see or hear specific customer information, but the supervisor verifying a purchase does. This level of access should be determined by setting user roles and permissions in your call recording software.
Step 3: Voice and Screen Masking. This is a critical component to protecting sensitive data embedded in recorded interactions because it hides sensitive information during the course of playback. Masking voice and screen recordings enables the contact center to share call recordings with more people, such as agents, providing more options for evaluations and coaching.
Step 4: Restricting Physical Access to Recordings. Recordings must be physically protected from being saved, copied, or distributed, and potentially getting outside the business. Businesses that do rely on unprotected access methods risk sharing that data with unwanted users. By restricting the way users can physically access recordings, the contact center can still share important information with clients, remote agents, and other departments within the enterprise.
Step 5: Tracking System Activity. In the event of a security breach, it is necessary to have programs in place that monitor log ins, log outs, play back of recorded calls, and other events. This allows businesses to not only trace an outside attack, but also to identify suspicious behavior within the organization.
Businesses that record contact center interactions must be able to protect the data contained in every recording. That is why Autonomy etalk delivers reliable security features that protect this data while still efficiently managing your recording needs.
For information on how Autonomy etalk can help you meet PCI Data Security Standards, download the free whitepaper Encrypting Recordings is Not Enough: Steps to Protect Your Most Sensitive Data or sign up for the free webcast at www.crmxchange.com/webcast/etalkjuly07.asp.