Featured Video Play Icon

PCI & GDPR Compliant Call Recording

PCI DSS

The Payment Card Industry Data Security Standard regulations stipulate that no cardholder data (Name, expiry date, PAN, etc) should ever be stored unless it is necessary to meet the needs of your business. In addition to this no sensitive authentication data (SAD) which includes validation codes (CVV2, CVC2, CID or CAV2), PIN numbers and magnetic stripe data can be stored in any digital, audio or video format after it has been authorised. This is the case even if the information has been encrypted.

To ensure compliance, PBX Hosting’s call recording solution will pause the audio while credit card numbers are being read out over the phone. This way you can ensure that no sensitive data is captured during call recording.

PCI DSS

The Payment Card Industry Data Security Standard regulations stipulate that no cardholder data (Name, expiry date, PAN, etc) should ever be stored unless it is necessary to meet the needs of your business. In addition to this no sensitive authentication data (SAD) which includes validation codes (CVV2, CVC2, CID or CAV2), PIN numbers and magnetic stripe data can be stored in any digital, audio or video format after it has been authorised. This is the case even if the information has been encrypted.

  1. Record 100% of calls or calls to certain extensions using 256-bit encryption.
  2. Search for particular calls using multi-criteria search and filter tools
  3. Store all calls for 5 years (or however long you need to) using retention rules
  4. Time stamp call recordings keeping and audit trail and easy to access recordings
  5. Permission based access for users

GDPR

In May 2018 the EU’s GDPR (General Data Protection Regulations) came into force. The GDPR is designed to strengthen individual’s rights when it comes to organisations collecting/recording/using their personal data. Companies are now required to demonstrate compliance with penalties for not conforming.

Business wanting to record calls will need an affirmative action from the person they plan on recording or be able to actively justify the purpose of recording fulfils any one of 6 conditions:

  1. The people involved in the call have given consent to be recorded
  2. Recording is necessary for the fulfilment of a contract
  3. Recording is necessary for fulfilling a legal requirement
  4. Recording is necessary to protect the interests of one or more participants
  5. Recording is in the public interest, or necessary for the exercise of official authority
  6. Recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call

Contact Us for more information about PCI & GDPR Compliant Call Recording

Get in touch with us today

To discuss your requirements with one of our friendly sales team