Your selected question
What are the guidelines surrounding PCI DSS and the storing of voice recordings?
If the data is recorded in an analogue format (on tape) and there is no way to access this data other than by manually searching through it, then the tapes must be subject to the same level of security as normal paper transaction records - they must Restrict Access to the electronic data, Track access through user ids etc, and physically restrict access to the data media.
If this data is stored electronically and it can be searched using any data mining or other automated means, then the same access controls methods would need to be adopted as for any storage of digital media. This must include the removal of the CVV2 check digits after authorisation, and will involve rendering the PAN unreadable using any of the accepted techniques.
Please refer to our White Paper; ‘Processing Telephone Payments Securely' published in April 2010 for more information.
How useful did you find the answer given?Not at all Very useful