We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Your selected question

What are the guidelines surrounding PCI DSS and the storing of voice recordings?

If the data is recorded in an analogue format (on tape) and there is no way to access this data other than by manually searching through it, then the tapes must be subject to the same level of security as normal paper transaction records - they must Restrict Access to the electronic data, Track access through user ids etc, and physically restrict access to the data media.

If this data is stored electronically and it can be searched using any data mining or other automated means, then the same access controls methods would need to be adopted as for any storage of digital media. This must include the removal of the CVV2 check digits after authorisation, and will involve rendering the PAN unreadable using any of the accepted techniques.

Please refer to our White Paper; ‘Processing Telephone Payments Securely' published in April 2010 for more information.

How useful did you find the answer given?

Not at all Very useful