Mar 31, 2022
In Welcome to the Forum
Few things are scarier for a business owner than to hear their customer data and credit card information has been exposed to bad actors. According to the Identity Theft Resource Center (ITRC), just 1,108 data breaches were responsible for exposing more than 3.5 million pieces of personal information in 2020, including sensitive information such as credit card details. credit. Customer data found in recorded calls and transcripts is an often overlooked security risk. To protect cardholder data, companies must understand and implement proper call recording and transcription practices or risk dangerous security breaches and steep fines. PCI compliance in call recording and transcription If your business or contact center accepts or processes card payments over the phone and stores this information locally or in a data center, you must follow the Payment Card Industry Data Security Standard (PCI DSS) . Founded in 2006, the PCI Security Standards Council (PCI SSC) created the PCI DSS standard to help businesses and vendors improve their cybersecurity and create a more secure global network for credit and debit card payments. . PCI DSS includes 12 requirements, each focused on increasing security and reducing the risk of data breaches. CallRail PCI Compliance ChecklistSource: CallRail PCI Compliance Checklist Every business that accepts and processes card payments must comply with these standards. However, the frequency of PCI compliance checks required of an individual business depends on the number of transactions it processes per year. Companies belong to Employee Email Database one of four tiers, with Tier 1 requiring the most rigorous and costly PCI compliance controls and measures:Level 1: merchants processing more than 6 million transactions per year, or any merchant who has suffered a security or data breachLevel 2: merchants processing 1 to 6 million transactions per year Level 3 : Merchants processing 20,000 to 1 million transactions per yearLevel 4: merchants processing less than 20,000 transactions per year Because call recordings and transcripts can often contain cardholder data, such as credit card numbers and CV2 codes, they fall under PCI DSS and require enhanced security from company or supplier. Failure to comply not only increases the risk of a security breach, but can also result in fines and lasting consequences. RELATED: Find out how you can protect your customers' credit card information with our PCI DSS compliance checklistPenalties for non-compliance PCI non-compliance fees can range from $5,000 to $100,000 per month depending on the following factors:How many transactions does your company process per year, The size of your business, And how long has your business been PCI compliant. However, the initial fine may be just the tip of the iceberg for companies that have suffered a security breach. For example, let's say a company reports a data breach that exposed its cardholder data. Their payment processing company will visit the bank and review records to verify how long the business has been operating outside of PCI compliance. The payment company will then issue the appropriate fine to the bank and then pass it on to the business as a monthly fine until it is PCI compliant. Depending on the severity of the breach, PCI compliance can take up to two years, with the monthly penalty increasing in value depending on the bank or payment processor. The higher cost of a data breach usually occurs after the fine is set. The company will then have to pay for the investigation, compensate affected customers, manage potential lawsuits, and be immediately placed in Tier 1 – requiring costly PCI DSS verification audits and security updates. Additionally, if the breach is severe enough and not remedied effectively, banks and payment processors may terminate their relationship with the business and prevent it from accepting card payments in the future. While large enterprises can weather the storm of fines and security system updates, small businesses that experience a data breach may never regain financial viability and may have to shut down. Find out how CallRail can help you maintain PCI compliance. How to Ensure PCI Compliance in Your Call Recording and Transcription Several methods are available to protect your customers' confidential information in your call recordings and transcripts. Whichever method you choose, you must protect the following information to remain PCI compliant:Credit Card Number Digit CV2 Billing postcode Manually clear cardholder information The easiest way to protect sensitive information in call recordings and transcripts is to manually review each call and erase or cover up the sections where the customer provides credit card details. However, depending on how many calls your business or call center receives, this method is the most time-consuming and prone to human error. Pause recording This second method involves pausing the recording before the customer provides their cardholder information, then resuming the recording once they have finished speaking.