Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties

Become a Basic Member for free. Click Here

Are you PCI Compliant? - David Rastatter - Blog

Are you PCI Compliant?

If you are taking credit card orders; or, if your customer service reps are exposed to your customers' credit card information, chances are you will have to take a real hard look at your contact center vendor and your processes to be Payment Card Industry Data Security Standard (PCI-DSS) compliant. 

Recordings: When your customers give their credit card information over the phone to your reps, chances are your contact center software is recording those calls. Now, if you happen to use a cloud based call center, these calls are recorded on some server in the cloud and the recordings are then stored in the cloud. How do you know if these recordings are secure in the cloud? What kind of security measures has your cloud vendor taken? Is your cloud vendor PCI compliant?

There are a couple of ways to handle this. One way is to record the calls locally as close to the rep as possible and then never have those recordings leave your premise. In fact, what if you could record these calls with an encryption key locally on the rep's desktop, and then as soon as the calls is finished, the recording is transmitted to a secure server that is resident on your premise. This way, the recordings are never transmitted on any external network, they never reach the cloud, and you don't have to worry about your cloud provider being PCI compliant.

....NOTE - content continues below this message


We invite you and your colleagues to join us online as we take the highest rated industry conference online - join us and the elite in the industry at the NEXT GENERATION Contact Center & Customer Engagement Best Practices Conferences!



Unfortunately, that approach may not be good enough to be PCI compliant if the requirements are that the call recording should be stopped as soon as the customer starts giving her credit card information. However, this can be accomplished by having the customer service repnavigate to a different tab within the contact center system user interface which would trigger a switch to stop recording the call, and as soon as the rep navigates away from the tab, the recording can start again.

There could be environments where the requirement is that the sales reps or customer service reps should not be exposed to a customer's credit card information at all. In this case, the call can be transferred to an automated IVR and the the IVR interacts with the customer, takes the credit card information, and then transfers the customer back to the rep. This may not be the most efficient solution because while the customer is interacting with the automated IVR, the rep is twiddling their thumbs and hoping that the customer successfully gets transferred back to them when they are done entering the customer's credit card information.

Instead of transferring the customer to an automated IVR, the contact center system should be able to do a three-party conference call among the rep, the customer, and the automated IVR. This way the rep is always on the call with the customer, holding their hand while the customer enters their credit card information using their phone's key pad.

To make the above totally secure, it may be required that in the three party conference call among the rep, the customer, and the automated IVR, the contact center rep should not be able to hear the tones that are generated when the customer is entering their credit card information. The contact center software should be smart enough to suppress the DTMF tones so that the rep does not have access to these either. Remember, during the three party conference, the rep is talking to the customer and helping them finish the transaction without the fear of losing the customer towards the end of the transaction or having to worry about the customer being transferred back to them.

What's more, all this has to be done by the contact center system that is running in the cloud if that's what you have subscribed to.

Raj Sharma, President and CEO of 3CLogic

Publish Date: December 28, 2012 5:39 PM

Industry Champion Award Leaderboard

Submit Event

Upcoming Events

Join professionals in the CX and contact center world at our online Expo, part of the 15th annual NEXT GENERATION Contact Center & Customer Engagement Best Practices event.

Attending the EXPO is FREE to any member of our association and you can me... Read More...

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total =
session page-view-total =
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =