4 Responses to “The Missing Link In Call Center Recordings”

  1. 1 Christi F.
    August 5, 2014 at 7:50 AM

    I work in a call center, for a utility company. Calls are all recorded – for quality purposes, of course. So, based on my company’s training and my own research – they are allowed to record the calls, but, there should be some sort of mechanism that would not allow for the PII to be retained within that recording (i.e., card number, CVV, etc.). There should also be no way for the representative to write down that information via hard- or soft-copy means (paper/pen, email, notepad, etc.). What has brought me searching for any further clarification is there is a rule that has been instituted that states there is a “no cell phone” zone around the call center. I am presuming so no pictures or recordings could be taken of the numbers entered. However, there is no limitation on actual hard phones being utilized within that same area, whereby someone could then overhear the same PII data.

    • August 6, 2014 at 5:04 AM

      Just so we are all clear, if your call recording technology has the ability to remove or not record PII, under the PCI DSS you are required to implement that technology.

      Overhearing PII is one of the risks in a call center environment. The only way to address that issue is with training.

      • 3 Christi F.
        August 6, 2014 at 7:41 AM

        I appreciate your quick response. At this time, it is my understanding that the technology is not available with “this release” – and potentially, if it becomes available it will be a “manual” process of stopping and starting the recording.

        So, for my second portion of the convoluted question I had… Is there an actual requirement in PCI to ban cell phone usage within a particular distance of the call center area?

        Thank you!

      • August 6, 2014 at 2:25 PM

        No. Cell phone bans are just what the best call centers do.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.


February 2010
« Jan   Mar »

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 1,868 other followers

%d bloggers like this: