Ahead of this year's holiday season, consumers charged more to their credit cards for second straight month. Robust holiday spending is driving the speculation that U.S. consumers are shifting their use of credit and debit toward credit. Early spending patterns do suggest that total credit card spending is increasing, as it has all year. Worldwide, consumers carry more than 1 billion Visa cards alone. More than 450 million of those cards are in the United States. The number of U.S. identity fraud victims rose 12 percent to 11.1 million adults last year. Credit and debit card fraud is the No. 1 fear of Americans in the midst of the global financial crisis. Concern about fraud supersedes that of terrorism, computer and health viruses and personal safety – one in ten Americans have already been victims of credit card fraud. Software.net found that as many as 40% of its transactions were fraudulent. Expedia.com lost $6 million due to fraudulent credit card purchases.

During the holidays and throughout the year, contact centers that engage in catalog sales, up-selling and/or cross-selling, service providers, and collection companies that take payments in the form of credit or debit cards can become unsuspecting targets of cyber criminals. The card information is typically entered by agents into a CRM or other sales automation software and may be recorded by voice and screen recorders. And there it resides - thousands and even millions of card records inviting remote criminals or even greedy employees to extract consumer card data for personal gain or sell into a sophisticated secondary market.

The payment card industry (PCI) established a Council to define technical standards aimed at minimizing the risk of cyber crime to the misuse of credit cards. The Council subsequently issued a Data Security Standard (PCI DSS) which details security requirements for members, merchants and service providers that store, process or transmit cardholder data. Contact centers and other organizations that accept credit card payments are generally prohibited from archiving sensitive information such as account numbers and security codes after payment authorization has been received. Compliance to PCI-DSS is now mandatory for all non-credit card 'issuing' organizations dealing with credit, debit and ATM cards, as defined by the PCI Security Standards Council - size of an organization and its annual sales are no longer a factor for exceptions. While being compliant to PCI DSS - an already daunting task - is the first part, it it also required that you prove your organization's compliance to PCI-DSS. This PCI Audit is performed either with a set of questionnaires or by a Qualified Security Assessor, external to the organization.

On October 28, 2010, the Payment Card Industry Standards Council made a major update to the PCI Data Security Standard to clarify it. PCI DSS version 2.0 went effective on January 1, 2011. In PCI DSS version 2.0, the PCI DSS standards were clarified to require that no sensitive credit card information be stored within recorded calls, even if those calls are encrypted. The standards committee made the change because of the availability of sophisticated malware that could penetrate encryption algorithms. Organizations that do not take action by December 31, 2011 to ensure compliance with these new PCI call recording requirements could face costly fines. 

Achieving PCI DSS Compliance

To help organizations ensure compliance and avoid costly fines, VPI has developed an effective, affordable solution. The VPI CAPTURE PCI call recording system has the ability to detect when an agent enters an application screen with sensitive information, when sensitive information is inputted, and when they leave a screen containing sensitive information.  The VPI telephone voice recording system then has the ability to promptly mute sections of recorded audio and mask screen video during this sensitive portion of the call.


To further secure sensitive information, the VPI CAPTURE PCI DSS call recording system help you:

• Secure File and Data Transport and Storage Encryption – VPI uses built-in end-to-end data encryption and key management to secure the SQL database that holds attributes of all recordings. The media manager provides for AES 128, 192, 256 or variable bit encryption/decryption when files are stored and accessed from the media manager.
•  Ensure Authenticity with File Watermarking - Every call within the VPI system is wartermarked in real time to ensure authenticity. VPI offers a powerful application to validate the authenticity of any WAV file.
• Monitor User Activity with Detailed Audit Log Reporting – VPI records all user activity within the system so that organizations can conduct full trace audits to determine who accessed any recording in the system and when - for playback, export, or any other critical events.

So many of our customers today are conducting business over the phone, which frequently includes processing credit card transactions. We all know how crucial it is to keep that personal data safe and secure – protecting the identities of the buyers and the reputation of the companies taking their sensitive information.

What some companies don’t know, however, is that in October 2010, the Payment Card Industry Council made a major update to the PCI Data Security Standard that tightened the rules for recording and access to sensitive credit card data. Like many other regulations, the requirements are detailed, the information is overwhelming and it may be hard to discern whether or not you are truly prepared.

PCI DSS version 2.0 went into effect on January 1, 2011. Organizations that do not take action to ensure compliance with these new requirements by December 31^st, 2011 could face costly fines and possibly even revocation of their rights to process credit card transactions.  Larger organizations will be required to pass PCI security audit to prove their compliance. VPI is here to offer insights and guidance.

For a limited time, you can download your free copy of the Call Recording Guide to PCI DSS Compliance authored by chief analyst, Dick Bucci, from Pelorus Associates, to learn:

• How the new PCI DSS requirements will affect your organization
• Important PCI DSS requirements that impact telephone call recording and call center quality assruance
• How to protect against breaches of sensitive card and personal information without sacrificing performance management, quality assurance call monitoring and call center coaching and training
• Six alternatives for preventing unauthorized recording, storing and access to sensitive credit card authentication data
• Best practices for securing at-home and remote employees

Traditional contact center quality monitoring involves random capture of call recordings – either based on predetermined selection criteria or schedules.   We agree that it is impossible for human beings to inspect every single call; but there are two dynamics we have to consider – separating the capture method from the call selection method.  

Latest-generation call recording software allows for recording all calls first, and then a powerful rules engine is used to decide which calls to keep or inspect.   It may sound like a small nuance, but actually this type of call center recording software design approach opens the solution to become far more effective to inspect call center effectiveness.   Rather than make selections of calls for call center quality assurance based on when somebody is scheduled to be in their seat, or assuming that we are taking an X% sample of total call volume when we are not yet aware of how many calls the agent takes, or hoping that we get a sample of calls that are prime examples of effectiveness in handling high value transactions – we suggest a different approach – an approach we term precision quality monitoring.    It involves a call recoridng software designed for the capture of all calls, then determination of what to inspect based on a variety of outcomes. Outcome-based information is used to determine which calls need to be stored, which calls need to be secured in a more robust manner (i.e. for PCI and HIPAA compliance, etc.), which calls answer interesting questions about the performance of a new process, and which calls can simply be discarded.

The outcomes used to make these critical decisions are either attributes of the calls themselves, attributes of the agents fielding the calls, or simply true random samples based on any number of criteria.   When the call recording software is enhanced with desktop screen analytics, not only can the calls be tagged with extended information in a unique way, but they can also be analyzed based on the associated information and provide a roadmap for your management team to identify trends – both positive and negative - that affect performance.    This approach is revolutionary, because it breaks down barriers that have long been separating related functions.   In the old days (a couple of years ago), you would have an approach for running reports and analyzing data that flows through your call center, then you would go to another call center quality assurance system for inspecting agent performance and perhaps hunt for examples of the performance trends.   Unfortunately, using a random method based on limited agent based information meant that it was often difficult to find enough examples of the call types involved in the trend to make a legitimate operational adjustment based on the sample.  

Latest call recording software and integrated performance optimization technologies change that dynamic. The process of identifying and addressing business issues is completely unified. Now you can identify trends in interactions, both positive and negative, and then the recorded interactions become an element of the data you are reviewing.   Importantly, these latest-generation call center optimization technologies are incredibly easy to use and take the selection guesswork out of the equation. They truly automate the end-to-end quality review process, beginning with identifying the appropriate calls to inspect, serving those calls to the right person to perform the inspection in a simple “to do” list, and address the issues uncovered through a variety of action steps. 

To find out more about uncovering performance issues via intelligent recording and quality management, visit: http://www.vpi-corp.com/Call-Center-Quality-Assurance-Management-Software.asp

Phone call recording software plays a key role in many industries. It is a mandatory requirement in the majority of public safety organizations and within various industries, such as financial services and healthcare. With so much valuable information in vast number of customer interactions, the overwhelming majority of many organizations are now using call logging software. Telephone voice recording software helps many organizations optimize the customer experience, improve agent call quality, and minimize risk by providing receipts of oral commitments for dispute resolution, preventing privacy leaks and highlighting questionable employee conduct.

Analytics-Enhanced Call Recorder Software Solutions

Full-time voice call recording software with rules-based records retention, combined with the use of integrated desktop screen analytics, is in high demand by organizations to comply with increasingly complex privacy compliance regulations, including PCI-DSS (Payment Card Industry - Data Security Standard). These new, analytics-enhanced telephone voice recording software technologies are helping organizations of all sizes identify sensitive information that should be protected from access or replay by unauthorized users, such as consumers’ credit card numbers, Social Security numbers, addresses, phone numbers, references, family members, etc. Analytics-enhanced call logging software technologies are also helping with the identification of certain types of interactions that matter most with regard to business goals and economic circumstances.

The Benefits of Desktop Screen and Telephone Call Recording

Many organizations are now adopting high-volume desktop screen recording software. Using phone recording software to review screens in conjunction with the corresponding call audio can expose and improve application navigation and workflow processes to reduce call and post-call handling time. Screen recording software is also a very valuable tool for evaluating the quality and efficiency of Web chat interactions. Voice and Data call recording equipment enables managers to see how front-line employees are handling multiple chat sessions simultaneously on one or multiple desktop monitors. Voice logging software is also being used to optimize the use of email and Web chat. Training managers are using the multimedia screen and voice recordings as best practice training clips, and to monitor the quality of email responses and Web chat sessions.

A Secure Digital Call Recording Software Solution

Full-time voice call recording software is essential for helping organizations manage compliance and liability issues. However, it’s imperative to implement a system that will guard data from unauthorized access with granular user and data security rules and end-to-end AES 256 encryption with key management. A comprehensive audit trail log should record all user activity within the system so that organizations can conduct full trace audits to determine who accessed any recording in the system and when – for playback, export, or any other critical events.

To learn more about the latest advancements in phone call recording software, visit: http://www.VPI-corp.com/Phone-Call-recording-Software.asp

Telephone voice recording solutions are essential for recording agent-customer interactions and associated telephony and screen data. However, in this new age of cyber crime and identity theft, the inevitable emergence of strict regulations to help protect sensitive customer data has resulted in many organizations being forced to scramble to update or replace their existing phone audio recorder solutions in order to adhere to the latest legislative guidelines.
 

The PCI-DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. Announced in January 2010, PCI-DSS requirement 3.2 states that organizations must not store sensitive authentication data subsequent to authorization – even if encrypted. Sensitive authentication data consists of magnetic stripe (or track) data, card validation code or value, and PIN data. This data is deemed particularly sensitive as it can be used by to generate fake payment cards and create fraudulent transactions. 

The PCI-DSS regulations are requiring organizations that handle credit card transactions over the phone to delete all archived recordings that contain sensitive authentication data. In order to comply with these new regulations, many organizations are having to delete all of these verbal receipts because the process of listening to the contents of potentially hundreds of thousands of call recordings would be cost prohibitive and labor intensive. Unfortunately, the many calls that do not contain sensitive data will also be deleted – calls that should be retained for quality assurance (QA) purposes and liability management.

VPI’s rules-driven call logging software solution enables organizations to maintain PCI compliance by identifying the calls that cannot be accessed and archived due to data sensitivity issues as well as those that can be safely archived for use in QA and liability management. The VPI CAPTURE PRO call recording software solution leverages unique desktop screen analytics that can detect events and data directly from application screens – such as an employee entering sensitive credit card authentication data into a field on screen – and tags them to the recorded interactions. This enables automated classification for deletion of all audio and video recording files containing sensitive authentication data and helps ensure compliance with the latest PCI-DSS regulations. And as an added bonus, VPI's phone audio recorder makes valuable non-sensitive data related to the interaction – such as call date/time, call direction, Customer ID, Agent ID, sales or collections amount, number of transfers, and hold time – is still kept and made available in interactive reports for analysis into key business issues and opportunities. For more information on VPI’s compliance call logging software solution, visit: http://www.VPI-corp.com/PCI

In addition to offering highly advanced screen analytics capabilities, VPI's phone call logger provides built-in end-to-end data encryption and key management, file watermarking, and detailed audit log reporting. Cost-effective and very affordable, VPI solutions enable organizations to gain a lasting advantage – with open standards and service oriented architecture, the VPI telephone voice recording solution has the flexibility to grow and evolve in order to adapt to your changing environment. VPI customers benefit from unsurpassed versatility and ROI as the unified platform supports virtually any PBX – digital or analog, TDM or VoIP, individually or blended – with a unified interface and industry standard file formats.

Do you record or plan to record your calls and/or desktop screen activity? Do your employees discuss sensitive information over the phone? If so, there are serious telephone call recording laws and phone call recording regulations that you need to be aware of. To avoid costly violations and ensure customer credibility, you need to become familiar with the new and evolving digital call recording laws, voice call recording regulations, and industry standards that most profoundly impact organizations today. You should make a point of learning what you can do to avoid violating these call recording laws, and where to go when you need help. The information in this article on telephone call recording laws and regulations is not intended as legal advice. Always check with your legal counsel to learn more about how voice logging regulations can affect you and your organization. Let’s discuss some of the most common telephone call recording laws and phone call recording regulations impacting organizations today.

Payment Card Industry Data Security Standard (PCI-DSS)

Established by American Express, Discovery Financial Services, MasterCard Worldwide, Visa International and JCB, PCI-DSS regulations are intended for organizations that accept credit cards and record those interactions with call recording equipment. The regulations forbid the insecure storage of unencrypted credit card numbers, PIN numbers, and other personal information in databases and digital call recording software systems. Digital call recording software systems should be able to identify, encrypt and restrict access to sensitive customer information from unauthorized users. According to the PELORUS Group, a leading independent market research and consultancy company in the financial services and telecommunications industries:

1.     Contact centers can easily become unsuspecting violators (of PCI-DSS compliance regulations) because of the practice of recording private customer information in data and voice call recording software systems.

2.     Unless agents are specifically authorized to see this information, their unrestricted access is a violation of PCI-DSS.

3.     You can avoid potential violations by investing in telephone recorder software that blocks or encrypts recordings that contain card numbers.

Health Insurance Portability and Protection Act (HIPPA)

The HIPAA Privacy Rule protects the privacy of individually identifiable health information. With regard to call recording laws and call recording regulations, it’s imperative that organizations have the ability to identify, restrict access to and encrypt specific interactions containing sensitive information from unauthorized users.

Fair Debt Collections Practices Act (FDCPA)

Designed to eliminate abusive, deceptive, and unfair debt collection practices, the FDCPA mandates that collectors must identify themselves, including the name of their firm, and explain that the purpose of the call is to collect a debt. With regard to telephone call recording laws and regulations, all interactions must be day and time stamped, and all calls recorded in order to assess employee compliance.

Telemarketing Sales Rule

The Telemarketing Sales Rule prohibits sellers and telemarketers from making false or misleading statements. The Federal Communications Commission may assess a fine of up to $11,000 per violation. Seven pieces of information must be provided by the employee during the call - such as identity of the seller, the nature of the goods or services offered for sale, the full cost of all offers, etc.

Learn more about call recording laws and call recording regulations and how to avoid costly fines and legal fees with latest in analytics-driven phone call recording software – download your complimentary copy of the white paper “Call Recording Laws, Regulations and Best Practices for Ensuring Compliance,“ authored by renowned analyst Dick Bucci from The PELORUS Group at http://www.VPI-corp.com/Call-Recording-Laws