Worried about PCI DSS?
Want more awesome content? Sign up for our newsletter.
Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. First and foremost, companies need an order processing and recording system that masks, mutes and encrypts customer and card data. Strict authentication controls for all employees are needed and implement strict processes to prevent agents from, for example, writing card numbers on note pads for later entry. Finally, maintain secure configuration standards and regularly test them for vulnerabilities.
Related to call recording, systems, these are requirements:
- Skip recording of card info – The standard requires that card security codes (CID, CAV2, CVC2, CVV2) are not stored.
- Cardholder data protection – Access to recordings protected and available with a multi-level access, with recordings encrypted and not alterable.
- Network security – TLS 1.1/1.2 are required as of 30th of June 2018
- Audit trail – Implement strong access control measures
How Imagicle can help
Imagicle Call Recording will be fully supporting PCI-DSS as of Spring’18 release, expected within end of March’18. The release will support Pause/Resume button via the user web UI and directly within the gadget for Cisco Jabber and Cisco Finesse, to avoid recording of credit card info. Imagicle Call Recording already provides role-based access to recordings to protect access, with recording encrypted with AES algorithm and with tampering attempts detection. Moreover, both recording engine and access to web and gadget UI are securely available via TLS 1.2, providing the maximum security level. With the audit trail support, as of Winter’18, it will be possible to determine who has accessed any recording in the system for playback, export and attempts to download and delete.