How to Balance Call Recording with PCI Compliance
The idea of call recording is generally communicated to consumers as a necessity for quality assurance and training purposes. In some cases, it must also be used to ensure the proper processes are being followed in a financial transaction-based environment. But that’s where things can get messy – the calls need to be recorded to ensure compliance, yet certain information on the call can’t be recorded. How do you create the right mix?
A recent white paper published by Magnetic North suggested that certain myths exist around call recording. The most prominent is the idea that as contact centers process millions of card-based financial transactions, PCI DSS is a challenge for the call recording solution. When the two have to work together, the results tend to be messy as certain information must be captured and other information left out.
The concept here is that capturing information like cardholder details and security codes for storage can lead to the potential for fraud. The generally accepted knowledge in the field is that avoiding these problems is a significant headache, one that many contact center leaders don’t want to deal with. Some may opt to record conversations with the IVR and just mute the conversation for certain fields. Screen recording may also need to be avoided.
While these options do offer alternatives, they are also difficult to implement and manage, presenting their own set of operational issues. For that reason alone, a number of contact centers are out of compliance or struggle with a process that generates increased average handling times, call backs for failed attempts and a considerable increase in post call administrative work.
What is being described here is really a manual approach to try and leverage call recording in a PCI environment. Less than ideal, it can also cause a myriad of problems such as noncompliance, unhappy customers waiting too long to speak with an agent, loss of important information in the recorded section of the call and simple inefficiencies.
Fortunately, the process does not have to be manual to be compliant. A cloud-based solution designed specifically for the PCI environment streamlines the process and keeps the contact center in compliance without extra work. The process is simple in that the whole call is recorded, yet no data is actually stored. Callers do not share their card numbers with agents, but instead enter them via the keypad. From there, the information is sent directly to the card provider, sidestepping the contact center altogether.
While compliance is then secured, there are a few other benefits this approach provides. Customers enjoy a better experience as they feel safer and the call is processed at a more efficient pace. It can be easily integrated with online payments for customer weary of making payments on line. It is also available 24x7, allowing customers to complete their transactions by their own schedule.
With this kind of deployment, PCI and call recording can live in harmony, both providing the contact center and the customer the necessary benefits to continue on.
Edited by Alisen Downey