PCI Compliance | Quality Management Blog

Information how you need it.

Interested? Monet offers exceptional videos that allow you to explore how we can help, at your own pace. Click below to select from a wide variety of quick, informative and self-paced videos that you can watch right now.

Watch a Demo

Quick, informative and self-paced videos you can watch right now.

Watch Now

No, thanks. Keep Reading.

Quality Management

Practical information about call center recording software, call monitoring and quality assurance for contact centers

PCI Compliance Hints, Tips & Best Practices

The practice of call center call recording is regulated by a number of organizations to encourage best practices and reduce instances of data breach.

The Payment Card Industry Data Security Standard (PCI DSS) addresses telephone credit card transactions. The PCI DSS requires file encryption, secure storage and the deletion of certain information, such as the credit card security code. For call centers, security measures must be made in accordance with these restrictions.

How can you be sure your business is in compliance? The following blogs and articles provide more information. Or, find out more about how Monet’s Workforce Optimization software can help with PCI compliance.

Still have questions? Search for answers here.

Speech Analytics and Compliance

Posted: by:

Compliance is – let’s be honest – a pretty dull topic. 

But in our continuing quest to avoid what is boring, we cannot neglect the laws and regulations now in place that help to keep business transactions stable and secure. This can also be a costly topic to ignore, given the penalties that may be imposed on businesses that do not keep accurate, up-to-date records of telephone transactions. 

Recorded call records must be kept accessible for a minimum of six months, and that timeframe may increase with new legislation on its way. 

Is your contact center keeping up? Do you have transactions saved across multiple platforms? 

Speech Analytics Can Help

In addition to its many other benefits in customer service and cost savings, speech analytics also play an important role in your compliance effort. 

Should you ever need to demonstrate how your contact center is meeting established criteria for keeping credit card information safe, speech analytics can quickly search through thousands of calls and highlight any in question by locating the precise language used in each call. Even single words can be flagged and calls brought up for review. 

Having ready access to calls subject to compliance not only saves time, it reduces risk of exposure, as it now becomes easier for managers to check compliance during internal reviews. Doing so regularly can help your contact center avoid fines and negative publicity, at a time when the public remains concerned about secure transactions. 



Learn more

Is Your Contact Center PCI Compliant?

Posted: by:

Every company CEO has read the dire headlines about online security breaches, such as the one that hit Target last holiday season. Such incidents are not only costly; they are a public relations nightmare.

So the motivation is to protect the business and its valued customers at all costs. For call centers, security measures must be made in accordance with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS requires file encryption, secure storage and the deletion of certain information, such as the credit card security code.

To determine whether your contact center is PCI compliant, start with a review of these three areas:

Privacy
Does your call recording technology provide a means to prevent the recording of sensitive data when it is not necessary? This can be as basic as a Pause and Resume option, or a Mute button. When cardholder data is transmitted and/or stored, it should be done only after this data has been encrypted. Any potential flaws in the system should be reviewed through a vulnerability management program. 

Access Control
Both physical and logical access controls should be in place to restrict access to sensitive data. Access should be granted on a need-to-know basis only to those individuals who require it for the function of their jobs. Some contact centers address this by assigning a unique ID to all employees, so there will be an audit trail in the case of an unauthorized access. Given the employee turnover that exists at many contact centers, access rights to this data should be terminated immediately after an employee leaves the company.

Network Security
Make certain that every aspect of your contact center technology is as secure as possible. That starts with an effective firewall and router, as well as internal processes that provide additional layers of protection. All traffic from unsafe networks and hosts should be restricted, and there should never be any direct access between any network component containing cardholder data and the Internet. All remote devices used by contact center personnel should also provide adequate protection. Follow-up testing on all security systems and processes should be conducted on a regular basis.

For more information about this and other regulations, please also check this blog post about PCI compliance and regulations. Please note, that the list mentioned above is not a complete list of requirements - please make sure to read the official PCI regulations and other applicable regulations for a complete set of requirements and rules for your contact center.

And of course, you can always contact us if you have questions about call recording and compliance.



Learn More

Improving Compliance with Call Recording Software

Posted: by:

The practice of call center call recording is regulated by a number of organizations to encourage best practices and reduce instances of data breach. Different call centers may fall under the auspices of different agencies and regulations. To improve compliance with call recording software, these are some of the guidelines to understand.

PCI
Version 2.0 of PCI DSS went into effect on January 1, 2011. The Payment Card Industry Data Security Standard (PCI DSS) addresses telephone credit card transactions. The PCI DSS requires file encryption, secure storage and the deletion of certain information, such as the credit card security code. Data considered non-sensitive, and thus safe to archive, includes call date/time, customer ID, agent ID, sale or collection amount and hold time.

HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) includes regulations and restrictions on patient records to protect privacy. While conversations between patients and healthcare providers can be recorded, they must also be protected. There is also a training requirement to HIPAA that is made easier by the use of call recording software. Saved calls can be used to train staff on the accepted practices at a call facility.

The Sarbanes-Oxley Act
The purpose of the Sarbanes-Oxley Act is to compel businesses to maintain complete electronic records of all business processes and transactions. Call recording software captures and stores all phone calls to insure compliance with this accounting reform bill, and expedites the discovery and auditing process should an issue arise.

FIPS
Federal Information Processing Standards (FIPS) apply to US government agencies and supporting contractors. Requirements here are very specific, and demand a high level of security and encryption to protect sensitive information in computer and telecommunication systems. If there is a government component to your call center call recording system, make certain it performs at the required security level.

For more detailed information and the latest updates and changes to the respective laws and regulations, please consult the official sources and publications.



Learn More


A More Efficient Call Center in One Minute?

These are just some of the real-world benefits experienced after implementing Monet WFM software.

Watch Video