Making PCI Redaction More Efficient and Effective

Making PCI Redaction More Efficient and Effective

Ongoing protection of PCI (payment card industry) data like primary account numbers, expiration dates and CVVs is a crucial concern for nearly all call centers. Cybercrime continues to rise, and data theft and misuse can cost organizations millions of dollars in business disruption, fines and legal fees. Those who don’t invest in implementing proper security procedures are in danger of being next in line for the latest data breach.

As a contact center, the first step to effectively protecting PCI data is ensuring compliance with the globally recognized PCI DSS (Data Security Standard). To achieve PCI DSS compliance, you must at minimum avoid recording CVV numbers. However, for maximum protection and risk mitigation, contact centers should aim to redact all types of PCI from saved audio and transcripts. The less PCI data you store, the less risk you face. So how can you redact CVV and other PCI data from your recordings?

Reliance on Agent Actions Leaves Too Much Room for Mistakes

When contact centers want to redact PCI from call audio, the responsibility often falls to the agent. For example, agents may be asked to manually stop call recordings as PCI data is provided. Alternatively, contact centers may use desktop analytics systems that pause the recording whenever an agent opens a specific page or moves a cursor into a specific spot on-screen.

However, these methods leave room for human error and malicious intent, and PCI DSS recommends against relying on manual interventions for compliance. Agents may forget to pause a recording or be slow to react, resulting in full or partial PCI data being recorded. Recordings may also not be resumed right away, resulting in the loss of audio valuable for analytics, compliance and quality control. Finally, agents could misuse the ability to pause recordings to shield parts of calls from QA or compliance review, opening you up to serious compliance and legal issues.

Automated Redaction is a Best Practice for Compliance and Risk Mitigation

Rather than leave this critical task to agents, automated PCI data detection and redaction provides a more robust and reliable method of risk mitigation. By using automated speech recognition (ASR) technology, you can detect PCI data in real-time as it is spoken and prevent the permanent recording of that information in audio and transcript files. At the same time, you’ll still record all of the context around the data provided, so that no other information is lost in the process. ASR solutions can also redact the numbers on-screen so that the agents cannot screenshot any information.

At Voci Technologies, our ASR solution supports real-time and post-call PCI redaction to protect contact centers and their customers. By default, our redaction feature is configured to redact all numbers, except for low-risk numbers such as ordinal numbers, percentages, times, prices and short decimals, which are recognized by context words around the numbers such as “dollars” or “percent”. By using an ASR engine for PCI detection and redaction, contact centers can more easily and effectively achieve – and even exceed – PCI DSS compliance. By drastically decreasing the PCI you store, you’ll reduce your business and legal risk in the instance of any security breach and avoid the need for costly corrective actions. (For more information about post-call and real-time PCI redaction, check out our full white paper on PCI redaction.)

Scalable to contact centers of any size and configurable to any IT infrastructure setup, Voci’s ASR engine offers maximum efficiency and ease of deployment to deliver PCI redaction and more at a cost no one else can. To learn more about our automated solutions for PCI protection, sign up for a demo today or call 412-621-9310.