Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Why not just encrypt call recordings to become PCI compliant?

compliant encrypt PCI recordings
0
Posted

Why not just encrypt call recordings to become PCI compliant?

0 CommentsAdd a Comment

1 Answer

0

Although the credit or debit card Primary Account Number (PAN) can be stored in an encrypted form the CVC should not be stored in any format (see FAQ Can we store the CVV on the call recording?). Encrypting the call recording presents a host of management issues that have to be administered downstream of the call recording. Encryption and decryption keys have to be distributed to the appropriate personnel, and policies have to be defined under which call recording can be decrypted (e.g. training, quality control, process optimisation, customer complaints). Where call recordings are required by external bodies (e.g. regulators), then credit card credentials have to be “white noised” before they can be shared. This manual process has to be very carefully managed because of the risk of sharing credit cards details externally.

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.