A couple of weeks ago, Aberdeen Group’s Omar Minkara wrote about the risks of call recording in the contact center, offering tips to help ensure PCI DSS (Payment Card Industry Data Security Standard) compliance. He raised some critical issues, ones that anyone involved in the contact center should not only be aware of – but vigilant in protecting against.
Avoid Exposing Cloud Contact Centers to Potential Security Breaches
Call recording, as a critical element of contact center Quality Assurance programs, provides cloud-based contact centers the ability to examine prior call information and call recording records. These records, if not administered properly, can be used to access customer information such as credit card number, security codes, pin numbers, etc. And that can expose cloud-based contact centers to potential security breaches and intrusions where unauthorized employees could possibly capture this sensitive information.
Call recording itself is a small element, but key in protecting customer data as contact center solutions rapidly move to the cloud – and puts stress on a company’s PCI compliance strategy. This includes requesting, entering, storing, and transmitting personal and confidential sensitive customer data, such as credit card numbers, social security card info, CCV and pin numbers by contact center representatives.
In order to secure all your transactions, we believe companies should employ the absolute latest tools, techniques, and capabilities to address all areas of security concern, especially those at the point of entry, in addition to data center security.
An Ounce of Prevention
New capabilities are available to specifically address the ability to stop both the audio and screen recording of personal card data at the appropriate time of customer response, based upon predictive techniques. This ensures that a key area of confidentiality can be addressed and actually removed as a possibility for a security violation right at the outset of customer engagement.
“An ounce of prevention (i.e. not recording the sensitive data in the first place) is worth a pound of cure”, as they say.