Pause and Resume
A risky shortcut for
PCI DSS compliance.
Gaining and maintaining compliance with industry regulations is essential, particularly for highly regulated sectors like financial services.
Call recording in contact centers is not only standard practice but often mandated by regulatory bodies. For instance, organizations regulated by the Financial Industry Regulatory Authority (FINRA) in the US and the Financial Conduct Authority (FCA) in the UK are required to have a continuous and tamper-proof recording of telephone conversations involving client orders and trading activities.
Recording customer calls serves various purposes, including regulatory compliance, training, quality control, and dispute resolution.
However, ensuring compliance with industry regulations, such as the Payment Card Industry Data Security Standards (PCI DSS), poses unique challenges, especially when sensitive payment card data is involved.
The pitfalls of Pause and Resume.
Using Pause and Resume solutions may seem like a quick fix to address PCI DSS compliance challenges by pausing call recordings during payment transactions. However, this approach has significant limitations and risks:
Limited
scope
It only addresses a single element (call recordings) leaving critical contact center systems and environments… and your agents exposed to card data.
Technical complexity
Automated Pause and Resume solutions may introduce technical complexities and workaround processes, potentially impacting call handling times and agent productivity
Compliance challenges
Pausing call recordings conflicts with regulatory requirements mandating the recording of entire calls, exposing organizations to compliance risks and governance failures
Security
concerns
Agents and internal systems remain exposed to card data, risking compromise and cyberattack - making home/remote working challenging
Contact center PCI DSS compliance involves 438 security controls, spanning data security, network security, telephony systems, access controls, physical security and more.
Pausing your call recording only addresses ONE small aspect (call recordings), leaving the rest of your contact center environment vulnerable.
Pause and Resume
requires a SAQ- D the most comprehensive, costly, onerous, and complex SAQ involving around:
438
controls
VS
Sycurio.Voice
requires SAQ-A, a much simpler, cost effective SAQ and reduces scope to just 6 controls
6
controls
Using Pause and Resume
Pause and Resume addresses ONE element (call recordings) the rest of your contact center environment and agents are still in scope for PCI DSS
Using Sycurio.Voice
With Sycurio.Voice your entire contact center is descoped for PCI DSS including call recordings, agents, desktops, IT systems, physical environment and telephony
Sycurio.Voice is a superior solution that address contact center PCI DSS compliance challenges effectively while ensuring the security of sensitive cardholder data. Our patented data capture technology prevents payment card data from entering the contact center environment, significantly reducing PCI scope.
Benefits of Sycurio.Voice include:
- Enhanced security: agents are no longer exposed to cardholder data, mitigating the risk of insider fraud and reputational damage
- Risk reduction: payment card details never enter the contact center infrastructure – reducing the risk from any data breaches
- Simplifying PCI DSS compliance: Sycurio.Voice removes card information from call recordings, agents, desktops, IT systems, the physical environment and telephony network
- Reduced audit costs and scope: Pause and Resume requires SAQ-D (438 controls). Voice requires SAQ-A (6 controls)
- Operational flexibility: enables a flexible agent workforce, allowing secure payment processing from any location including home and remote workers and OSPs
- Streamlined CX: customers can remain on the phone with agents during the entire payment transaction, enhancing efficiency, streamlining payments and reducing call handling times
- Cost savings: by reducing PCI DSS compliance scope and simplifying audit requirements, Sycurio.Voice lowers compliance costs and cyber insurance premiums
- Continuous call recordings: no need to use Pause and Resume and risk non-compliance with other regulatory or industry requirements
Although Pause and Resume has become a widely used contact center practice, it does not necessarily deliver guaranteed or robust PCI DSS compliance.
The PCI SSC's Information Supplement on Protecting Telephone-Based Payment Card Data addresses this.
“Sycurio’s solution offered a streamlined approach to further eliminating risk where sensitive customer payment data is concerned. One that also enables us to continue to record calls without comprising our regulatory compliance.“
Chris Gray - Senior IT Manager, iGO4
“This is easier than our old way of processing payments and now the conversations between me and my customers’ just flow. It has made my job easier to assess my calls now, as they don’t need to look for two parts of a recording.”
Contact Center Team Leader, Cabot
