Call recording can help your business be PCI compliant
Posted by Laurie Coleman on 07/07 at 10:33 AM Call recording,
Call recording can help your business be PCI compliant

With more people shopping online or ordering items over the phone during lockdown and even as restrictions ease, businesses need to me mindful of how they take payments.


Where businesses that take card payments over the phone, they are not permitted to record the CV2 number under payment card industry (PCI) regulations. Whether this number is spoken or typed in on a keypad, businesses must adhere to these regulations and not keep any recordings of either the numbers being said or the dial tones of the keypad.


With more than half of UK consumers now buying goods online, PCI protection is more important than ever before. Businesses found breaching these security standards risk a considerable fine. Coupled with loss of reputation, breaching PCI regulations is inadvisable.   


Many businesses use call recording for checking call details, dispute resolution, training and monitoring. To meet PCI regulations, call handlers need to remember to pause and resume the recording when customers give them their card details. However, this relies on human endeavour and as we all know, humans make mistakes. If an employee forgets to press the pause button, a breach could be very costly.


Technology has thankfully moved on! 


How to avoid PCI breaches 

Cease recording calls  
This is the simplest way to avoid breaching any PCI regulations. However, businesses would also lose out on all the benefits of call recordings which you can read more about in our previous blog here: https://www.swcomms.co.uk/blog/article/call-recording-options-have-moved-on/ 

Automated compliance 
An automated system is the answer to confidently meet PCI regulations. When card details are entered by an agent on a PC, the application monitors for payment website addresses and then automatically pauses the recording as customer says their details and restarts when they have exited the relevant website.  

Interactive voice response (IVR) solutions 
Automated IVR solutions recognise when a customer is going to enter private details, such as card numbers. When a customer is asked to enter their payment details via their telephone keypad, the tones are masked to prevent them being deciphered.  


If your business is still relying on dated PCI compliance methods or you’ve just started taking payments over the phone, then please do get in touch as I would be happy to help. 

Posted by
Laurie Coleman's avatar
Laurie Coleman on 07/07/2020

Laurie has worked in the communications and IT industry since 2012 and had a fantastic knack for looking after our customers to ensure they remained happy and all their needs were being met. He has swapped his talents for the presales department to give the same attention to our potential clients.

He has an in-depth technical knowledge of our existing product portfolio as well as all products and solutions that we have sold in the past to ensure that all customers, old and new, receive the same level of expertise and service. Laurie is also a key part of our Microsoft Office 365 team and was the first to sell the product for swcomms.

Away from the office, Laurie is a keen Exeter Chiefs fan, both home and away, and likes to keep an eye on the NFL.

Contact: laurie.coleman@swcomms.co.uk

Contact us now

Send us a message