training-porpoises
Data Privacy and Security

"Your call may be recorded": The threat to customer data

This is a contributed piece by Matthew Bryars, CEO of Aeriandi

We are all familiar with the phrase ‘your call may be recorded for training and monitoring purposes’ and most of us have little objection to it. We understand the need for companies to comply with regulations such as the Financial Conduct Authority (FCA) when handling payment transactions, and we know that our calls may be used to train future customer service employees. But do we know, or even stop to consider, how the content of our calls is managed?

Making these considerations could give rise to a number of questions: ‘Where are these legacy calls stored?’ ‘How are they protected?’ ‘Who can access them?’ ‘How long will they be kept?’ Not knowing the answer to these questions can be particularly concerning when you’ve made a payment over the phone and divulged all the information required by a criminal to commit fraud. If legacy calls are not stored securely then these sensitive details will remain at risk until either the recording is destroyed or the payment details expire, long after you’ve forgotten the call ever took place.

PCI DSS – keeping customer data away from prying eyes

The good news is that the implementation of the Payment Card Industry Data Security Standard (PCI DSS) will significantly reduce legacy concerns over time. While it is not a legal requirement for businesses to adhere to PCI DSS, the reputational and monetary risks associated with a customer data security breach are strongly encouraging vendors to ensure compliance is met. The latest version of the standard instructs businesses to:

Refrain from storing authentication data after it has been authorised;

Render all data unrecoverable once the authorisation process is complete.

There are a number of technologies available today which can help businesses to comply with PCI standards, ranging from rudimentary pause/record, through to secure telephone payment platforms that ensure sensitive payment information never enters the call centre in the first place, thus eliminating the legacy issue.

Securing your legacy archive

The bad news is that while the solutions above can solve the compliance issues facing businesses now and in the future, many have already been collecting and storing legacy data for decades, frequently archiving recordings onto tapes or discs. So how can they mitigate this security risk? Locking thousands of tapes in a secure vault is impractical and would make it almost impossible to access the data should it be needed for legitimate business reasons. This would be especially inefficient for public sector bodies that are required to respond to Freedom of Information (FOI) requests within 20 working days and therefore need to have call recordings readily accessible as well as secure.

Data analytics software that can automatically scan and delete sensitive information may be an option in the future, but the technology is not yet reliable enough to make it viable. As such, the best option for many businesses is to implement a secure legacy archiving solution. With this approach, old recordings stored on tapes or discs are digitised, the tapes destroyed, and the digital copies stored in a secure cloud that complies with PCI DSS.

This solution enables businesses to preserve the quality of call recordings, access data quickly and free up the office space that was previously taken up by recording equipment and tapes. Secure legacy archiving can also significantly reduce the compliance burden facing businesses that process card payments, making it quicker and easier for them to keep customer data secure and accessible.

In the not too distant future, the loopholes surrounding phone payment processes and legacy call recordings will be eradicated and increasing compliance with PCI DSS will ensure that secure data storage is standard practice. However, until that time it is necessary for businesses to be alert to the security risks posed by call recordings and ensure they have processes in place to keep their customers’ confidential data secure.

PREVIOUS ARTICLE

« More US 2016 tech lunacy: John McAfee for president?

NEXT ARTICLE

BT funds kids' tech schooling, asks big questions »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?