Call Recording for
Credit Card Companies
Verba call recording solutions provide compliance services for credit card companies.
PCI DSS Compliant Call Recording
PCI DSS stands for Payment Card Industry Data Security Standard, and is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
A company processing, storing, or transmitting cardholder data must be PCI DSS compliant. The PCI SSC (Council) is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined. All in-scope companies must validate their compliance annually. The current version of the standard specifies 12 requirements for compliance, organized into 6 logically related groups, which are called control objectives.
Verba solutions for PCI DSS compliance
- Cardholder data protection – Access to audio and screen recordings is managed at the user level with the enhanced multi-level access control module in Verba.
- File encryption – Video and audio files can be optionally encrypted using the industry standard AES technology. This ensures that no encrypted data can be read (decrypted) on file system level.
- Network encryption – Verba security features include SSL encryption for all client-server communications in playback.
- Controlling recording – The standard requires that card security codes (CID, CAV2, CVC2, CVV2) are not stored. Verba is able to receive start and stop triggers via its standard API to define the beginning and end of a period within a call that contains this information, effectively pausing the recording of both voice and screen. Note: modern call recording systems are recording at the extension side, instead of the trunk side, so the sensitive card security codes are not recorded at all.
- Audit – Verba includes an extensive activity audit system, providing a database of all activity in the system. You will be able to conduct full trace audits to determine who has accessed any recording in the system for playback, export, or any other critical functions.