Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:20 PM
Connect Directly

PCI Council Issues Advice for Securing Card Data in Call Centers

Rule #1: If you don't need it, don't store it.

The PCI Security Standards Council has come out with recommendations for how to protect credit card information given over the phone in a call center.

Why focus on card data transmitted by phone now? According to Jeremy King, European director of the Security Council, call centers are a prime target for credit card theft. "We've seen the card-not-present space is one of those fraud areas that's growing," he says. "The criminals are targeting this because they can use some of the data they obtain through other measures in the card not present space." The Council's board of advisors and particular BarclayCard helped put the guidance together.

One key takeaway for bank call centers: "If you don't need it, don't store it," King says. Certain data, such as CVC codes, should never be stored. Sometimes banks face a conflict between needing to record conversations with cardholders for quality purposes and complying with PCI data security standards that demand cardholder data be secure at all times. Call recording technology exists that can automatically block sensitive cardholder data from being recorded as it's being spoken or entered, King says. [We found one company, VPI, that says it uses analytics to identify sensitive authentication and account information and delete that information from the recording.]

Asked about standards for protecting mobile payment data -- a hot topic as Visa, MasterCard, PayPal, mobile carriers, Apple, Google and others push to get their versions of mobile payment technology accepted in the market -- King says the PCI Council is looking at these new technologies carefully. But the technology proposals change all the time and mobile payment pilots come and go.

"Call centers are an area we know criminals are targeting," King says.

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.