Home > Ask the Information Security Experts > Information security governance and risk management Questions & Answers > Credit card data protection (over the phone)
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

Credit card data protection (over the phone)

>
QUESTION:
As we move towards PCI compliance, I have been asked by our call centre to look at installing a recording function on the phone system (as many do). The problem is that card transactions are taken over these phone lines, which means people's card details are recorded along with the conversation, and these include the security code.

PCI says you can't store this data, so how can certain providers sell their products to call centres and say these recordings can be stored for any length of time unencrypted?


RELATED CONTENT
Information security governance and risk management
Will physical security integrators work with IT departments?
How to write an information security policy
How to manage logs
What are best practices for credit cards in a call centre?
Complying with the UK Data Protection Act of 1998
How to achieve laptop data security

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Alan Calder EXPERT RESPONSE FROM: Alan Calder

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site
ANSWERED May 2009:
Regarding credit card data protection, it is a requirement of the Payment Card Industry's Data Security Standard that all records that contain the primary account number (PAN) and the CVV number (the 3-digit security code), if they are stored together (which they shouldn't be), must be encrypted. If the vendor that you've chosen doesn't produce an adequate product for that purpose, I suggest that you look for alternatives elsewhere.




Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Access Management: Authentication, Biometrics, Password Security
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts