Benefitting from Call Recording and Screen Capture, and Avoiding Added PCI Compliance Requirements in the Process

Benefitting from Call Recording and Screen Capture, and Avoiding Added PCI Compliance Requirements in the Process

By Paula Bernier, Executive Editor, TMC  |  January 14, 2013

This article originally appeared in the DEC. 2012 issue of CUSTOMER Magazine.

Contact centers know the value of call and screen capture recordings. They use recordings so contact center agents and their managers can review them for training, improved efficiency, resolving customer issues and documenting legal compliance.

But PCI (News - Alert) compliance rules make these processes much trickier when credit card numbers are recorded.

“PCI” here stands for the Payment Card Industry, and compliance relates to the PCI Data Security Standard. This standard lists hundreds of requirements aiming to ensure that organizations which accept, transmit or store cardholder data keep that information secure.

PCI DSS requirements apply to audio and screen capture recordings of a credit card transaction, and failure to meet these requirements can result in heavy fines from the card brands, e.g. VISA and American Express (News - Alert).

The issue is so important that the PCI Security Council published a specific information supplement describing the challenges of call centers which collect credit card information. The supplement specifically notes that “no cardholder data should ever be stored unless it is necessary to meet the needs of the business.”

It continues: “If technologies are available to fulfill PCI DSS requirements without contravening government laws and regulations, these technologies should be used.”

Various companies in the contact center recording space have been working on solutions to record calls and screen captures without violating PCI rules or having to implement additional compliance measures that add costs in the form of new security and training requirements.

A new and exciting offering – branded Numerase – comes from VirtualLogger (News - Alert) LLC.

“The real benefit of the Numerase solution is its ability to meet PCI requirements and still get the business value out of call recordings,” said VirtualLogger President Jim Veilleux.

A key challenge for contact center recording solutions related to PCI data is that it’s difficult to know exactly when the credit card information is recorded, making it impossible to expunge or avoid the data without deleting most or all of the recording, explains Veilleux.

Competing solutions typically identify a credit card number data entry box on the screen. When the agent’s cursor is in this box, those solutions pause the recording, and restart recording after agents leave that area on their PC screens.

But Veilleux says this method has four flaws. First, the approach does not work with all PC screens; some screen technologies are incompatible with it, he says. Second, the method is not based on the typing of the credit card number, but only the position of the cursor. This can remove too much of the recording. Third, the method adds a lot of maintenance; altering the data entry screens requires re-implementation of the solution.

Lastly, these solutions are usually tied to a specific recording solution, so a contact center may need to replace its recording system just to solve this one problem.

“We’ve found a number of problems with the standard solution to avoiding credit card recording,” said Serge Therrien, vice president of IT at HGS. “It’s difficult to implement in some cases, expensive, and often we wind up with partial recordings. VirtualLogger’s approach makes a lot of sense to us.”

VirtualLogger Numerase uses pattern recognition to identify the credit card entry points. During a call, there is a typical spoken word pattern (the agent asking what credit card will be used, the caller answering with the brand, and then the numbers, etc.). In addition, the agent input of credit card numbers also fits a specific pattern (for example, most credit cards numbers are 15-16 digits long). VirtualLogger’s two-pronged approach identifies the location of credit card information by using the data input on the keyboard, and by leveraging speech recognition technology that recognizes the pattern associated with credit card information.

The Numerase solution is highly reliable and works with any Windows PC screen, including Citrix and terminal services. And unlike other solutions, VirtualLogger is making the technology available to work with other brands of call recording solutions.

“Numerase is available for other call recording systems because more than 95 percent of businesses already have call recording systems and most companies won’t find it cost-effective to replace their recording system just for PCI compliance,” said Veilleux.

VirtualLogger offers various pricing models for its Numerase solution. It’s available for $5 per agent per month, with volume and term discounts that can bring it down substantially. Setup is $10 per agent, and significant discounts are offered for VirtualLogger customers. There’s also a purchase option.

For more information on this solution, visit www.VirtualLogger.com/numerase.




Edited by Braden Becker
blog comments powered by Disqus