PCI Compliance Recording Resources and Solutions
PCI Compliance Recording Resources and Solutions
PCI Compliance Call Recording Software Solution Resource Library  Resource Library
View a Live VPI PCI Complianct Recording Software Demonstration!  Live Demo
Request a Quote for VPI's Affordable PCI Complianct Call Recording System.  Pricing 
Please Click Here to Give us Your Feedback   Feedback
View VPI's Site Map for more information VPI's PCI Compliant Call Recording System and other award-winning solutions.  Site Map
Contact us for a demonstration of VPI's PCI Complianct Recording Software Solution  1-800-200-5430
Immediate Results. Unmatched Value with PCI Compliance Call Recording Software Solution
PCI Compliance Recording Resources and Solutions
    Products
    Next Steps
    News
The Most Powerful, Cost-Effective PCI Compliant Call Recording Software for Complying with PCI DSS Requirements
PCI Compliant Call RecordingVPI, a PCI Security Alliance member, supports PCI Compliance call recording guidelines by employing advanced desktop screen analytics monitoring and PCI compliant call recording technology. Updated in February 2010, PCI DSS requirement 3.2 states that organizations must not store sensitive authentication data subsequent to authorization - even if encrypted. Sensitive authentication data consists of magnetic stripe (or track) data, card validation code or value, and PIN data. This data is deemed particularly sensitive as it can be used by to generate fake payment cards and create fraudulent transactions. These PCI compliance call recording guidelines require organizations that handle credit card transactions over the phone to delete all recordings or recorded segments that contain sensitive authentication data.

The PCI SSC's full statement 3.2 released on February 18, 2010 reads:

This response is intended to provide clarification for call centers that record cardholder data in audio recordings, and applies only to the storage of card validation codes and values (referred to as CAV2, CVC2, CVV2 or CID codes by the payment brands).

It is a violation of PCI DSS requirement 3.2 to store any sensitive authentication data, including card validation codes and values, after authorization even if encrypted.

It is therefore prohibited to use any form of digital audio recording (using formats such as wav, mp3 etc) for storing CAV2, CVC2, CVV2 or CID codes after authorization if that data can be queried; as card data can easily be extracted using freely available software.

On an exception basis, storage of CAV2, CVC2, CVV2 or CID codes in an analog format after authorization is allowed; as these recordings cannot be data mined easily. However the physical and logical protections defined in PCI DSS must still be applied to these analog call recording formats.

Audio recording solutions that prevent the storage or facilitate the deletion of CAV2, CVC2, CVV2 or CID codes and other card data are commercially available from a number of vendors. All other recordings containing cardholder data captured by call centers must be protected in accordance with the PCI DSS, including PCI DSS requirement 3.4.
 
Challenge with Most Call Recording Systems in Use Today
In order to comply with these new PCI compliance call recording regulations, many organizations will be forced to delete all of these verbal receipts because the process of listening to the contents of potentially hundreds of thousands of call recordings would be cost prohibitive and labor intensive. Unfortunately, the many calls that do not contain sensitive data will also be deleted - calls that should be retained for quality assurance (QA) purposes and liability management.
 
Now You Don't Have to Compromise Between Compliance Requirements and Liability and Quality Assurance Needs
VPI's rules-driven interaction recording solution enables organizations to maintain PCI compliance by identifying the calls that cannot be accessed and archived due to data sensitivity issues as well as those that can be safely archived for use in QA and liability management - enhanced by roles-based security using end-to-end data encryption, file watermarking and detailed audit trail reporting. The VPI CAPTURE PRO™ PCI compliant call recording system leverages unique desktop screen analytics that can detect events and data directly from application screens - such as an employee entering sensitive credit card authentication data into a field on screen - and tags them to the recorded interactions. VPI's PCI compliant call recording software then automatcially classification for deletion of or muting and masking all audio and video recording files containing sensitive authentication data to help ensure compliance with the latest PCI DSS regulations. As an added bonus, the VPI CAPTURE PRO PCI compliance call recording solution can retain non-sensitive data related to the interaction - such as call date/time, call direction, Customer ID, Agent ID, sales or collections amount, number of transfers and hold time. Instead of being deleted along with the sensitive audio and screen recordings, this valuable data is made available in interactive reports for analysis into key business issues and opportunities.

PCI Compliant Call Recording

To help you ensure compliance with PCI DSS regulations, the VPI Fact Finder™ desktop screen analytics tool automatically identifies the occurance of sensitive credit card details within interactions - giving you the flexibility to either delete the entire file or mute and mask the portions of audio and screen video containing sensitive information.
 
Secure File and Data Transport and Storage Encryption
To further secure sensitive information, the VPI CAPTURE PRO PCI compliant audio recording solution uses built-in end-to-end data encryption and key management to secure the SQL database that holds attributes of all recordings. The media manager provides for AES 128, 192, 256 or variable bit encryption/decryption when files are stored and accessed from the media manager.
 
Ensure Authenticity with File Watermarketing
Every call within the VPI application is wartermarked in real time to ensure authenticity. VPI offers a powerful application to validate the authenticity of any WAV file.
 
Monitor Sensitive Information with Detailed Audit Log Reporting
To further ensure maximum security and compliance with PCI Compliance and other regulations, VPI's PCI compliant call recording provides a detailed audit trail log that records all user activity within the system so that organizations can conduct full trace audits to determine who accessed any recording in the system and when - for playback, export, or any other critical events.

The information provided here is believed to be accurate, but is presented without express or implied warranty and is subject to change without notice. Please do not rely on this information as legal advice. We recommend seeking confirmation from your legal counsel.
PCI Compliance Recording Resources and Solutions









Sign Up for an Educational Webinar on VPI's Empower Product Line! View a Live VPI PCI Complianct Recording Software Demonstration!

    VPI Solution Finder
    Product Details

Desktop analytics is an important component of the emerging analytically-enabled quality assurance process. These applications are highly valuable because they help contact center managers reduce operating expenses while improving the customer experience.

 

- Ted Lubowsky, Industry Analyst, DMG Consulting
The savings that desktop analytics has the potential to uncover can be stunning.

 

- Paul Stockford, Saddletree Research