The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

The Coalfire Blog

Is it Safe to Speak? Protection for Telephone-Based Payment Card Data

April 12, 2011, Rick Dakin, CEO, Co-founder and Chief Security Strategist

Rick Dakin

Recently, the PCI Security Standards Council released educational resource requirements for securing cardholder data in audio recordings. The PCI SSC has been focusing on call center operations and recording systems of merchants. The need to provide a secure system to protect cardholder data is at an all-time high for these call centers.

The PCI SSC offers these following tips for call centers:

  • Ensure appropriate retention policy is implemented and maintained. This means ensuring that cardholder data is stored only when completely necessary.
  • Ensure that the PAN is masked when displayed. Full payment card data should be limited to agents on a need-to-know basis.
  • Proper Authentication. All staff, agents and administrators should have their own log-in information.
  • Adhere to an information security policy. Call centers need to develop daily operational security procedures that are consistent with PCI DSS requirements and defined within the organization.

If you have a call center or use external providers, make the time to have the discussion to help maintain PCI compliance with sensitive account data.

<< Go Back

Blog post currently doesn't have any comments.

Post Topics