The Midwest’s Leading Supplier of Digital Recording Solutions forVoice, Video & Data
Much of this presentation was created by Kristyn Emenecker, Director, Solutions Marketing, Verint Systems, Inc., and is used with her permission.
Exploring PCIAnd
Customer Data Security
Presented by:Gina R. George, MCSE, CBC
Corporate Communications Director
• Founded in 1983
• Headquartered in Grove City, OH
• Sales & Support Offices in IN and IL
• Platinum Business Partner for Verint Systems and 2007 Verint Business Partner of the Year
• Authorized Reseller for VIQ Solutions
• Seller of SCI-DVR
• Additional Lines: AMAG, Firetide, cNotify
Myth: The Call Center’s Not A High Risk Area
What Is PCI-DSS: A Second Opinion
“The PCI Data Security Standard was launched in 2006 by private-sector organizations to improve the security of credit card data. But PCI has instead become a massive butt-covering exercise that extends from retailers to auditors to major credit card brands.
Whether data is any safer remains to be seen.”
Andrew Conry-MurrayPCI And The Circle Of Blame
Information WeekFebruary 23, 2008
Call Recording & PCI: Possible Solutions
End-to-end encryption• Encrypt audio and screens
at acquisition• Decrypt only at playback
Data avoidance• Pause recording while caller
speaks sensitive information• Mute recording while caller
speaks sensitive information• Tone over recording while
caller speaks sensitive information
Data deletion• Delete part or all of the
recording after the call is completed
Possible Solutions: Scenario #1
Large catalog retailer• Records for QA only• Voice & Screens• Contact Center, Branch Office & Work-at-Home Agents
Compliance Methodology: Data Deletion• Agents use an applet on their workstations to tag credit card calls
• Recording system does automatic sweep every two minutes and purges tagged calls
• Calls can be manually tagged later by supervisor if missed by agent and found during QA review
• Reports are generated and correlated to credit card authorization records to prevent system abuse
Possible Solutions: Scenario #2
Large public utility• Records for QA and compliance• Voice & Screens• Contact Center, Branch Office & Work-at-Home Agents
Compliance Methodology: Data Deletion• Automated process scans call recording database for agent ID, date
and time
• Process compares result to similar scan of credit card transaction files
• Upon finding a match, process deletes audio and screen files from call recorder