Pause & Resume / Contact Center

In the context of PCI DSS compliance, contact center operations, and customer experience (CX) design, "Pause and Resume" (also known as “stop/start”) refers to a mechanism or process that allows contact center agents to temporarily pause or suspend sensitive payment card data being recorded during customer interactions, to help towards compliance with the Payment Card Industry Data Security Standard (PCI DSS) requirements.

The PCI DSS is a set of security standards designed to protect cardholder data and ensure secure handling of payment information. One of the key requirements is to limit the storage, transmission, and processing of sensitive card data, such as cardholder name, card number, expiration date, and CVV/CVC code.

The PCI DSS stipulates sensitive authentication data such as the three or four digit security codes (CID, CVC2, CVV2 or CAV2) must be protected – and cannot be recorded or stored.

The Pause and Resume functionality, when implemented in contact center operations, enables agents to pause the call recording or capturing of sensitive payment card data during customer interactions. A superior, more secure approach would be to use technology (such as Sycurio's DTMF masking solution) that automatically detects and masks or suppresses the sensitive information, preventing it from being stored or recorded in any form.

By pausing and resuming the recording or processing of payment card data, contact centers can reduce the scope of PCI DSS compliance requirements and minimize the risks associated with handling and storing sensitive information on call recordings. This practice may help to protect customer data, enhance security, and maintain compliance with PCI DSS guidelines - though is subject to human error in the stopping and starting of the call recording process. Leaving gaps when pausing call recordings can conflict with the compliance requirements of state, federal, and industry governing bodies that mandate all calls must be recorded in their entirety.

In the context of CX design, the Pause and Resume functionality should be designed to ensure a seamless customer experience. Agents need to be trained on how to effectively pause and resume interactions without disrupting the flow of the conversation or inconveniencing the customer. It is crucial to maintain clear communication with customers about the purpose and process of pausing the interaction to maintain transparency and build trust.

Implementing Pause and Resume in contact center operations may help in compliance with PCI DSS requirements, as it allows agents to handle sensitive payment card information securely without compromising customer service.

It is worth noting that Pausing call recordings only addresses ONE small aspect (or just 3 PCI controls!) leaving the rest of your contact center environment, including agents vulnerable and exposed to sensitive authentication data.