When you’re taking payments, you need to ensure your organisation is doing so compliantly. For you that may mean making a small number of agent seats or your entire contact centre environment PCI compliant. Or it may mean ensuring your staff are able to take payments compliantly no matter where they or your customers are. PCI compliance basically means that your payment system is secure and that your customers can trust you with their card information. It protects consumers from payment card fraud and it protects your business from exposure to liability which, in turn, protects your brand reputation.
Pause and resume recording alone has its drawbacks: it is subject to agent error, it often still leaves the agent exposed to sensitive card details and it requires regular checks by your personnel to ensure agents are adhering to the pause/resume process. And pause and resume over an unsecured telephone line just doesn’t protect the cardholder’s data.
The Payment Card Industry Security Standards Council (PCI SSC) warns of the risks businesses take if they use pause and resume call recording for processing payments by phone.
Pause and resume – whether manual or automated – only removes the call recording and its storage from PCI DSS scope. It does not address the risks posed by unscrupulous agents, their desktop environment and internal phone systems. PCI SSC’s guidelines are clear: the only solution against fraud and to ensure compliance is to completely remove payment card data from the contact centre environment.
For more information on PCI SSC’s guidelines, click here.