When I read the PCI SSC's (Security Standards Council) advice/clarification on protecting credit card information over the phone (call center recordings) I think of call recording/Business Activity Monitoring (BAM) solutions like Verint, and the large amount of recorded data.
I know of several clients/organizations that have years/months of legacy data in this context (including WAV files that have been sent as email attachments). My advice is to encrypt this legacy data before/after archiving it to tape/disk, and to scrub new recordings prior to being archived.
https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf
No comments:
Post a Comment