PCI Compliance Call Recording

Meeting Payment Card Industry Security Requirements

Protecting customer privacy is a major concern for organizations. The Payment Card Industry Data Security Standard (PCI DSS) requires contact centers to secure credit cardholder information and protect against fraud. To ensure contact center PCI DSS compliance, the NICE Engage Platform provides advanced privacy control, access control tools, multi-tiered security design and end-to-end multimedia encryption capabilities. The NICE Engage Platform was reviewed by Trustwave (Qualified Security Advisor) and acknowledged based on the PCI Directive.


Contact Centers and PCI Compliance Recording

The payment card industry developed the PCI DSS requirements to help ensure the safe handling of sensitive information and protect customers against identity theft. Both data storage and transmission of cardholder information that are not secure constitute a security breach.  The risk can come from various sources, whether from an employee that may try to gain unauthorized access to customer data or from an outside hacker.

 The standard constitutes a set of comprehensive requirements for enhancing payment data security, including security management, policies, procedures, network architecture, software design and other critical protective measures. It applies to anyone that stores, processes or transmits payment data.

 For contact centers, PCI DSS compliance means that certain portions of sensitive cardholder information must not be stored, even if in the most secured fashion. Other portions of the data are permitted for storage and should be stored and processed according to PCI DSS security requirements.


NICE Engage Platform Capabilities for Contact Center PCI Compliance Call Recording

NICE has adapted its products to the PCI DSS since the standard’s inception and provides advanced capabilities to help contact centers ensure PCI compliance:

  • Privacy control– prevents recording parts of interactions which contain sensitive authentication data. Interaction recording is paused by means of:
    • Automatic recording pause-and-resume through NICE’s built-in Desktop  Analytics (based on the agent’s screen activity) or through integration with third-party software such as CRM systems
    • Manual recording pause-and-resume by the agent when sensitive or private information is being disclosed during a call (either voice data, screen information or both)
    • Access control tools– contact center agents have a unique username and password to gain access to NICE solutions. NICE employs a rich set of access control tools including:
      • A profile-based user administration methodology
      • Strong password management capabilities
      • User authentication using the industry’s standard Challenge Handshake Authentication Protocol (CHAP)
      • Optional support for Microsoft Active Directory to allow user authentication and single sign-on
      • Multi-tiered solution design– NICE’s architecture supports a multi-tier design, segregating data and functional elements into access control zones, which are controlled by a network firewall.
      • End-to-End Multimedia Encryption- NICE provides full end-to-end multimedia encryption for recorded interactions. Data is encrypted at the point of capture and remains encrypted throughout its lifetime— storage, transfer and archival.

NICE’s advanced security capabilities and field-proven expertise help make your contact center environment PCI DSS compliant. Learn more about NICE’s compliance recording and risk management solutions.