PCI Compliance - Versadial Call Recorder

2 PCI Compliance Versadial Solutions 9940 Irvine Center Drive, Irvine, CA 92618 949-457-0650 www.versadial.com Executive Summary PCI Security Council’s “Information Supplement: Protecting Telephone-based Payment Card Data ” document recommends asking call center system vendors the following questions. 1. How does the call-center system help my company comply with the PCI DSS requirements, and how does it automatically remove sensitive credit card information from recorded calls? If you take credit card details over the phone, ask your supplier to prove that they are “PCI DSS compli- ant” and to explain how they remove sensitive authentication data from their recordings, automatically (with no manual intervention by your staff). 2. How will the call-center system comply with any future changes in legal regulations or codes of practice? It is important that any call-recording system purchased now can adapt to future changes in the law, regulations and industry best practices. Organizations need to ensure that their recording system is as future-proof as it can be. Suppliers must be able to prove that regardless of any constraints or changes the government or other regulatory body may require for call recording solutions, their system is flexible enough to adapt. This document is provided for current or potential users and for resellers of the Versadial Call Record- ing Solution, as a response to the above questions. It also serves as a guide to making a call recording system and procedure compliant with PCI Data Security Standard. This document provides supplemen- tal and relevant information as it pertains to the Versadial Call Recording Solution and does not replace or supersede PCI DSS requirements.