The Right Choice for Call Recording
Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions
WWW.OAISYS.COM

The Right Choice for Call Recording
What is PCI DSS?
 Payment Card Industry (PCI) Data Security
Standard (DSS)
 Developed by the Credit Card Industry to encourage and enhance cardholder data security
 Covers Network Security, Password
Protection, Storage, Encryption, Software
Vulnerability, etc.
WWW.OAISYS.COM

The Right Choice for Call Recording
PCI Core Principles
 Implement Strong Access Control
◦
Restrict access to cardholder data by business need-to-know
◦
Assign a unique ID to each person with computer access
◦
Restrict physical access to cardholder data
 Regularly Monitor and Test Networks
◦
Track and monitor all access to network resources and data
◦
Regularly test security systems and processes
 Maintain an Information Security Policy
◦
Maintain a policy that address information security
WWW.OAISYS.COM

The Right Choice for Call Recording
Who is Impacted by PCI?
 ANY company that stores, processes, or transmits credit card information is impacted and should be aware of the standards
◦
Financial Services
◦
Collections
◦
Sales/Retail
◦
Charities/Donor Networks
WWW.OAISYS.COM

The Right Choice for Call Recording
Call Recording and PCI DSS
 NO call recording software can actually be deemed “PCI compliant”
 Only software used to accept and process payment cards, such as card readers and online payment card validation solutions, can be PCI compliant
 Call recording software properly designed and developed with respect to PCI DSS can help facilitate compliance with the guidelines
WWW.OAISYS.COM

The Right Choice for Call Recording
How OAISYS Solutions Address PCI DSS
 Permissions-Based User Accounts
 Call Segment Sharing
 User Security and Audits
 Data Transmission/Encryption Standards
 Data Storage/Encryption Standards
 Recording Blackouts
WWW.OAISYS.COM

The Right Choice for Call Recording
Permissions-Based User Accounts
 Only authorized users can access data
 Permissions can be based on user type or other criteria, such as:
◦
Outside Number
◦
Call Duration
◦
Extension
◦
ACD information
WWW.OAISYS.COM

The Right Choice for Call Recording
Call Segment Sharing

OAISYS Portable Voice Document (PVD™) technology provides for selective sharing of specific call segments (both internal and external)
 Recipients can only hear selected segments of the call
 Permissions can limit the length of time that a recipient will have access, or whether it can be shared further
WWW.OAISYS.COM

The Right Choice for Call Recording
User Security and Audits
 The OAISYS solution provides an administrative interface that delivers activity tracking and reporting
◦
Date, time, and user associated with access of any call
◦
User authentication controls are granular, which allows provisioning of the minimum access level required for tasks
 Call recordings include a digital watermark
◦
Proves call has not been altered in any way
◦
Can verify that sensitive information was not included or recorded
WWW.OAISYS.COM

The Right Choice for Call Recording
Data Transmission Standards
 PCI requires use of strong cryptography
(such as SSL or IPSEC) during transmission over open, public networks
◦
The Internet
◦
Wireless Technologies
◦
Global System for Mobile (GSM)
 If sharing/sending is done internally, this requirement does not apply
WWW.OAISYS.COM

The Right Choice for Call Recording
Data Transmission Standards
 If needed, strong encryption during transmission can be obtained when using a
VPN with IP Security (IPSEC) and Triple
Data Encryption Standard (TDES)
◦
IPSEC handles the connection to the outside network
◦
TDES encrypts the streaming data
WWW.OAISYS.COM

The Right Choice for Call Recording
Database Encryption Standards
 OAISYS can utilize file-level encryption if necessary
 Encryption is tied to the Operating System
(Windows 7 or Server 2008)
 Advanced Encryption Standard (AES) calls for 128-bit encryption minimum
◦
Windows AES uses 256-bit key
WWW.OAISYS.COM

The Right Choice for Call Recording
Blackouts
 If you do not record the Primary Account
Number (PAN), PCI requirements DO NOT
APPLY
 PCI DSS requires that Card Verification Codes are NOT stored under any circumstance, even if encrypted
 If you do not record the PAN or Card
Verification Codes, you can easily comply with
PCI standards
WWW.OAISYS.COM

The Right Choice for Call Recording
WWW.OAISYS.COM

The Right Choice for Call Recording
Three Ways to NOT Record
1.
2.
3.
Do not record stations collecting data requiring PCI adherence
Transfer calls to non-recorded stations when PCI data is collected
Stop recording of calls when obtaining data requiring PCI adherence, then start again after data is obtained – in other words, BLACKOUT the data
WWW.OAISYS.COM

The Right Choice for Call Recording
WWW.OAISYS.COM

The Right Choice for Call Recording
OAISYS Desktop Client – Manual
Recording Stop
 User can manually click the start/stop button on the OAISYS Desktop Client
 Requires manual intervention, but allows for flexible start/stop
Start/Stop
Button
WWW.OAISYS.COM

The Right Choice for Call Recording
Desktop Client API – Automatically
Start/Stop
 Desktop Client utilizes a COM (ActiveX) interface to accept client-to-client commands to automatically start/stop recording
 Start/Stop functionality can be engaged by placement of the cursor in the appropriate field on the client application
WWW.OAISYS.COM

The Right Choice for Call Recording
Desktop Client API – In Layman’s Terms
 Place your cursor in the credit card # field on the client software and it sends a trigger to the OAISYS software to STOP recording automatically
 Move your cursor to another field and the client software sends a follow up trigger to the OAISYS software to START recording again
WWW.OAISYS.COM

The Right Choice for Call Recording
Desktop Client API – Internet Explorer
Plug-in
 OAISYS has developed a plug-in utilizing
IE7 and the Desktop Client which can automatically start/stop based on the position of the cursor in the browser window
 Works for ANY website, not just client controlled addresses
WWW.OAISYS.COM

The Right Choice for Call Recording
Desktop Port API – Automatically
Start/Stop
 Desktop Port API utilizes server-to-server commands to automatically start/stop recording
 Typically applies to systems like predictive dialers that have their own client access software
 Essentially provides same functionality as
Desktop API, but for different types of applications
WWW.OAISYS.COM

The Right Choice for Call Recording
WWW.OAISYS.COM