PCI DSS Compliance

When your customers use their credit cards to pay online or over the phone, they trust you with their personal and payment information. Verint helps you ensure that sensitive information is always protected and that your business easily and effectively mitigates risk while complying with PCI DSS standards. We offer a comprehensive set of compliance features that are aimed to enable adherence to data privacy regulations and payment industry standards.

Comply with Payment Industry Regulations

Whether you’re capturing voice, video, instant messaging, or desktop screens, the Verint platform helps enable PCI DSS compliance for contact centers and other businesses that process card payments. It provides a set of secure and easily manageable features, from audit logs and encryption to selective recording and content policies. All of this and more, to help your business prevent fraud while avoiding reputational damage, non-compliance fines and data breach costs.

Why does PCI DSS matter to your business?

Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard. The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. These standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

A company processing, storing, or transmitting cardholder data must be PCI DSS compliant. The Payment Card Industry Security Standards Council is responsible for managing the security standards, while compliance with the PCI standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined. All in-scope companies must validate their compliance annually. The current version of the standard specifies 12 requirements for compliance, organized into 6 logically related control objectives.

Verint Solutions for PCI Compliance

Cardholder Data Protection – Access to audio and screen recordings can be managed at the user level with enhanced role-based access control. Engineered for maximum security, Verint helps your users define who gains access to what- and what actions they may take.

File Encryption – Video and audio files can be optionally encrypted using the industry standard RSA/AES-based media encryption technology. This ensures that no encrypted data can be read (decrypted) on file system level and your sensitive data and high-value information are always fully protected.

Network Encryption – Verint security features include SSL encryption for all client-server communications in playback.

Protect cardholder data and secure your recordings

Align with industry standards through automation

Pause & Resume – The industry standard requires that card security codes (CID, CAV2, CVC2, CVV2) are not stored. Users can set up manual or automatic pause and resume triggers via Verint’s standard API to define the beginning and end of a period within a conversation that contains this information, effectively pausing the recording of both voice and screen.

Content Filtering – By using the IM Content Filtering feature of the Ethical Wall, you can easily enforce content policies for instant messaging and redact sensitive data from any text-based conversation. Such protective technology will ensure that your organization complies with legal and ethical rules at all times.

Audit Logs – Verint includes an extensive activity audit system, providing a database of all activity in the system. You will be able to conduct full trace audits to determine who has accessed any recording in the system for playback, export, or any other critical functions.

Pause & Resume

Verint offers a dynamic feature that recognizes when recording is necessary and when specific parts of a conversation should be censored. The pause & resume functionality of audio, video and screen recording can be triggered manually and automatically using flexible APIs. Interactions can be recorded up to the point when customers need to provide sensitive data – such as credit card numbers or passwords – at which point the system stops recording, pausing both voice and screen, while this sensitive information is given and restarts only at its conclusion.

The platform also provides automatic pause and resume for web applications. Whenever an agent visits a ‘banned’ page during an interaction, the Desktop Agent detects this automatically and pauses the recording. The recording is only resumed once the agent has left that page. Auto-pauses are clearly marked on the playback screens, so you always know that an automatic pause has occurred and the duration of that pause.