The Right Choice for Call Recording
Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions
WWW.OAISYS.COM
The Right Choice for Call Recording
What is PCI DSS?
Payment Card Industry (PCI) Data Security
Standard (DSS)
Developed by the Credit Card Industry to encourage and enhance cardholder data security
Covers Network Security, Password
Protection, Storage, Encryption, Software
Vulnerability, etc.
WWW.OAISYS.COM
The Right Choice for Call Recording
PCI Core Principles
Implement Strong Access Control
◦
Restrict access to cardholder data by business need-to-know
◦
Assign a unique ID to each person with computer access
◦
Restrict physical access to cardholder data
Regularly Monitor and Test Networks
◦
Track and monitor all access to network resources and data
◦
Regularly test security systems and processes
Maintain an Information Security Policy
◦
Maintain a policy that address information security
WWW.OAISYS.COM
The Right Choice for Call Recording
Who is Impacted by PCI?
ANY company that stores, processes, or transmits credit card information is impacted and should be aware of the standards
◦
Financial Services
◦
Collections
◦
Sales/Retail
◦
Charities/Donor Networks
WWW.OAISYS.COM
The Right Choice for Call Recording
Call Recording and PCI DSS
NO call recording software can actually be deemed “PCI compliant”
Only software used to accept and process payment cards, such as card readers and online payment card validation solutions, can be PCI compliant
Call recording software properly designed and developed with respect to PCI DSS can help facilitate compliance with the guidelines
WWW.OAISYS.COM
The Right Choice for Call Recording
How OAISYS Solutions Address PCI DSS
Permissions-Based User Accounts
Call Segment Sharing
User Security and Audits
Data Transmission/Encryption Standards
Data Storage/Encryption Standards
Recording Blackouts
WWW.OAISYS.COM
The Right Choice for Call Recording
Permissions-Based User Accounts
Only authorized users can access data
Permissions can be based on user type or other criteria, such as:
◦
Outside Number
◦
Call Duration
◦
Extension
◦
ACD information
WWW.OAISYS.COM
The Right Choice for Call Recording
Call Segment Sharing
OAISYS Portable Voice Document (PVD™) technology provides for selective sharing of specific call segments (both internal and external)
Recipients can only hear selected segments of the call
Permissions can limit the length of time that a recipient will have access, or whether it can be shared further
WWW.OAISYS.COM
The Right Choice for Call Recording
User Security and Audits
The OAISYS solution provides an administrative interface that delivers activity tracking and reporting
◦
Date, time, and user associated with access of any call
◦
User authentication controls are granular, which allows provisioning of the minimum access level required for tasks
Call recordings include a digital watermark
◦
Proves call has not been altered in any way
◦
Can verify that sensitive information was not included or recorded
WWW.OAISYS.COM
The Right Choice for Call Recording
Data Transmission Standards
PCI requires use of strong cryptography
(such as SSL or IPSEC) during transmission over open, public networks
◦
The Internet
◦
Wireless Technologies
◦
Global System for Mobile (GSM)
If sharing/sending is done internally, this requirement does not apply
WWW.OAISYS.COM
The Right Choice for Call Recording
Data Transmission Standards
If needed, strong encryption during transmission can be obtained when using a
VPN with IP Security (IPSEC) and Triple
Data Encryption Standard (TDES)
◦
IPSEC handles the connection to the outside network
◦
TDES encrypts the streaming data
WWW.OAISYS.COM
The Right Choice for Call Recording
Database Encryption Standards
OAISYS can utilize file-level encryption if necessary
Encryption is tied to the Operating System
(Windows 7 or Server 2008)
Advanced Encryption Standard (AES) calls for 128-bit encryption minimum
◦
Windows AES uses 256-bit key
WWW.OAISYS.COM
The Right Choice for Call Recording
Blackouts
If you do not record the Primary Account
Number (PAN), PCI requirements DO NOT
APPLY
PCI DSS requires that Card Verification Codes are NOT stored under any circumstance, even if encrypted
If you do not record the PAN or Card
Verification Codes, you can easily comply with
PCI standards
WWW.OAISYS.COM
The Right Choice for Call Recording
WWW.OAISYS.COM
The Right Choice for Call Recording
Three Ways to NOT Record
1.
2.
3.
Do not record stations collecting data requiring PCI adherence
Transfer calls to non-recorded stations when PCI data is collected
Stop recording of calls when obtaining data requiring PCI adherence, then start again after data is obtained – in other words, BLACKOUT the data
WWW.OAISYS.COM
The Right Choice for Call Recording
WWW.OAISYS.COM
The Right Choice for Call Recording
OAISYS Desktop Client – Manual
Recording Stop
User can manually click the start/stop button on the OAISYS Desktop Client
Requires manual intervention, but allows for flexible start/stop
Start/Stop
Button
WWW.OAISYS.COM
The Right Choice for Call Recording
Desktop Client API – Automatically
Start/Stop
Desktop Client utilizes a COM (ActiveX) interface to accept client-to-client commands to automatically start/stop recording
Start/Stop functionality can be engaged by placement of the cursor in the appropriate field on the client application
WWW.OAISYS.COM
The Right Choice for Call Recording
Desktop Client API – In Layman’s Terms
Place your cursor in the credit card # field on the client software and it sends a trigger to the OAISYS software to STOP recording automatically
Move your cursor to another field and the client software sends a follow up trigger to the OAISYS software to START recording again
WWW.OAISYS.COM
The Right Choice for Call Recording
Desktop Client API – Internet Explorer
Plug-in
OAISYS has developed a plug-in utilizing
IE7 and the Desktop Client which can automatically start/stop based on the position of the cursor in the browser window
Works for ANY website, not just client controlled addresses
WWW.OAISYS.COM
The Right Choice for Call Recording
Desktop Port API – Automatically
Start/Stop
Desktop Port API utilizes server-to-server commands to automatically start/stop recording
Typically applies to systems like predictive dialers that have their own client access software
Essentially provides same functionality as
Desktop API, but for different types of applications
WWW.OAISYS.COM
The Right Choice for Call Recording
WWW.OAISYS.COM