
	Home > Ask the Information Security Experts > Information security governance and risk management Questions & Answers > What are best practices for credit cards in a call centre?

Ask The Security UK Expert: Questions & Answers

EMAIL THIS

What are best practices for credit cards in a call centre?

QUESTION:
Can a call centre, which takes credit card payments, record telephone conversations, which will obviously contain full card details, name, address, security code etc.? Also, can it then archive these recordings for any period it wants?

RELATED CONTENT

	Information security governance and risk management
	Will physical security integrators work with IT departments?
	How to write an information security policy
	How to manage logs
	Credit card data protection (over the phone)
	Complying with the UK Data Protection Act of 1998
	How to achieve laptop data security

Compliance Regulation and Standard Requirements

PCI DSS requirements still baffling as compliance deadline approaches

Make PCI DSS compliance easier by reducing scope, outsourcing data

Cloud computing compliance: Exploring data security in the cloud

Encryption basics: How asymmetric and symmetric encryption works

SIEM systems streamline compliance processes, offer security benefits

No major PCI DSS revision expected in 2010

PCI QSAs, certifications to get new scrutiny

Tips to achieve PCI compliance

PCI DSS requirements: Get ready for stricter enforcement, fines

Data Protection Act breach could cost companies 500,000 pounds

Enterprise Data Storage

Safend expands data leakage prevention product to plug more gaps

TrueCrypt: How to get started with open source disk encryption

Report: Firms avoid encrypting backup tapes, databases

Encryption tips: How to secure a laptop

The real reason behind backup recovery disk failures

Infosec pros wake up to Excel spreadsheet security risks

How to enforce an enterprise data leak prevention policy

3ami allows employers to track use of USB storage devices

How to create a data classification policy

EMC adds configuration management with Configuresoft acquisition

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Basel II (SearchSecurityUK.com)

Code of Connection (CoCo) (SearchSecurityUK.com)

EU Data Protection Directive (SearchSecurityUK.com)

Financial Services Authority (SearchSecurityUK.com)

IFRS (International Financial Reporting Standards) (SearchSecurityUK.com)

UK Identity Cards Act (SearchSecurityUK.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Alan Calder EXPERT RESPONSE FROM: Alan Calder

Pose a Question

Other Security UK Categories

Meet all Security UK Experts

Become an Expert for this site

ANSWERED April 2009:
Credit card data that is collected by a call centre is subject to the PCI Data Security Standard (PCI DSS), however it is collected. The PCI restriction against storing CVV numbers (security code) alongside the primary account number (PAN), or more simply the credit card number, will apply. That storage of credit card data it is not allowed under any conditions.

The Data Protection Act also applies, as this is personal data. So the credit card data from call centres may only be collected in ways and for purposes that callers have consented to, and must be protected appropriately. It then must be destroyed as soon as that purpose is achieved. In other words, the information may not be stored indefinitely.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Access Management: Authentication, Biometrics, Password Security

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2008 - 2010, TechTarget \| Read our Privacy Policy