PCI DSS Compliant call recording software module. Make sure you are PCI compliant, meet PCI standards and FSA call recording regulations.

Meeting PCI DSS Standards and FSA Call Recording Regulations

How to meet PCI DSS standards:

1. Mask sensitive data in the right way
2. Encrypt data effectively
3. Provide the right levels of security access and privileges
4. Watermark files for additional authenticity
5. Keep an effective user audit log

Data Track's PCI DSS Compliant call recording module, available in V5 as VPI Capture, supports PCI Compliance guidelines by employing advanced desktop screen analytics monitoring technology. Our VPI application suite is a powerful call recording software application for PCI compliance. We have successfully addressed these 5 topics in a way that makes it easy to implement, simple to use and has an attractive ROI. This is an important balance in any the call centre environment.

In addition to addressing key PCI DSS standards, the VPI application suite is modular and looks to balance compliance with agent effectiveness. Implementing such a solution ensures organisations of all sizes and types have the safety and certainty of compliance and can focus on key issues, such as customer satisfaction and staff motivation.

Don't Compromise Between Compliance Requirements and Liability Needs

Many other call recording applications will permanently delete or mask out sensitive data (masking data may involve distorting or bleeping out spoken credit card numbers or blacking out the numbers in a data field) prior to archiving and storing the recorded interaction. The major issue with this commonly deployed method of dealing with PCI Compliance is that the permanently deleted audio can never be replayed or retrieved by anyone, even with appropriate security rights, to resolve a liability dispute or to recognise and remedy inappropriate employee conduct. For example, if an employee keeps their cursor over a credit card data entry field for an extended period of time, all of the important purchasing statements that were said by the customer before or after the agent entered and processed the credit card informational field(s) can never be retrieved.

Secure Communications with File and Data Transport and Storage Encryption

During call playback, VPI has the ability to prevent any non-authorised users from accessing sensitive PCI data. This way, managers and supervisors with rights to access the sensitive information, can listen to and assess the calls. This advanced method allows for the protection of both, the customer, and the organisation that deals with the customer. For example, if a case arises where authorised users need to play the recorded interaction in its entirety, that option remains. Consider the case of where a customer claim accuses the company of billing the wrong credit card number. In a dispute, how would the company defend that the credit card transaction was indeed processed based on the number provided and authorised by the customer and was not mistaken by the agent? By keeping the recording of the entire interaction and making sensitive portions accessible only to authorised personnel (i.e. in-house counsel), a company can now comply with PCI rules and still have access to important interaction information for prompt dispute resolution to ensure liability protection.

Controlling access and user privileges

PCI compliance guidelines state that organisations must protect customer sensitive data from unauthorised users. As long as this protection is guaranteed, recording of customer interactions - even those that contain sensitive data - is permitted. VPI gives you the ability to continue to record all calls (audio and screen if desired) while providing management of security at a user-level, with limitation of access to sensitive PCI data - enhanced by roles-based security using end-to-end data encryption, file watermarking and detailed audit trail reporting. VPI employs an intelligent screen analytics tool that monitors the events when agents enter specific screens, or specific data fields within their screens. These events automatically trigger VPI to mark the area in the interaction where customer sensitive data is being discussed, and categorises the call accordingly.

Ensure Authenticity with File Watermarking

Every call within the VPI application is watermarked in real time to ensure authenticity. VPI offers a powerful application to validate the authenticity of any WAV file.

Monitor Sensitive Information with Detailed Audit Log Reporting

To further ensure maximum security and compliance with PCI DSS Standards and other regulations, VPI's audit trail log records all user activity within the system so that organisations can conduct full trace audits to determine who accessed any recording in the system and when - for playback, export, or any other critical events.