Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Implemented PCI compliancy for call recordings

Discussion in 'Ideas' started by hagel, Nov 6, 2015.

Implemented PCI compliancy for call recordings 4.6 5 10votes
4.6/5, 10 votes

  1. hagel

    Joined:
    Oct 25, 2010
    Messages:
    5
    Likes Received:
    9
    In a call center, customers read their credit card information, CVV codes, and expiration dates to call center agents. If you handle such credit card data, you fall within the scope of the Payment Card Industry’s Data Security Standard (PCI DSS). The PCI DSS is a proprietary information security standard. You find more details on this here (https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) and here (https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf). In short they do not want you to save credit card information in a call recording.

    As far as I found out, there are three PCI compliance solutions:
    • Pause and resume of call recording - there are a variety of different ways to trigger the pausing and resuming of call recording. Some of these use a resident desktop analytics capability; others intercept the payment application messaging to increase the reliability of the pause and resume mechanism.
    • Automated payments - the use of IVR both as a self-service function selected by the caller, or as an agent tool where at the point of payment the call is transferred to an automated system. The automated system is made aware of all of the core details, such as the customer's account and how much to pay, and simply collects the card details and executes the payment.
    • DTMF clamping – a system that sits between the public telephone network and the contact centre. The agent remains in full voice contact with the caller throughout the transaction, however the caller is obliged to enter card details using a keypad.

    It would be great if 3CX implements at list one of the three solutions.
     
  2. Nick Galea

    Nick Galea Site Admin

    Joined:
    Jun 6, 2006
    Messages:
    1,971
    Likes Received:
    278
    Re: PCI compliancy for call recordings

    Thanks for the feedback.

    Yes, these are in consideration / development. The automated payments can be done today using a VAD script and the pause and resume of recording is on our to do list....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ongc

    Joined:
    Jun 23, 2009
    Messages:
    3
    Likes Received:
    2
    Re: PCI compliancy for call recordings - IN CONSIDERATION

    Hi Nick and Team,

    Has there been any progress with this? I see this post was from some time ago now. I posted separately about this yesterday (I didn't notice it had already been requested). This is becoming increasingly more important as the PCI compliance is more regularly imposed. I have a number of opportunities which require this feature.

    Any feedback is appreciated.

    Many thanks
     
  4. Nick Galea

    Nick Galea Site Admin

    Joined:
    Jun 6, 2006
    Messages:
    1,971
    Likes Received:
    278
    Hi,

    Yes we are working on this. It will be via DTMF code and so you can assign it to a hotkey. That will allow you to pause and resume. The other things can be done via the VAD which will soon be much more powerful and allow you to build such applications as online payment....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. support@windstartech.com

    Joined:
    Jun 28, 2012
    Messages:
    2
    Likes Received:
    0
    Good Day,
    Has there been any progress on this feature? Was hoping to implement it for a client currently in need of this feature.

    Thank you.
     
  6. JPrentice

    Joined:
    May 15, 2017
    Messages:
    3
    Likes Received:
    1
    Hi Nick and Team,
    Hoping you can give us a progress update on this feature - do not want to invest in a 3rd party solution if it progressing well, but having to hold off deploying as PCI compliance is a critical requirement.

    Many thanks

    John
     
  7. agp

    agp 3CX Team

    Joined:
    Aug 19, 2015
    Messages:
    151
    Likes Received:
    22
    This is now available in V15.5 :)
     
    JPrentice likes this.
  8. JPrentice

    Joined:
    May 15, 2017
    Messages:
    3
    Likes Received:
    1
    Great to hear - is there anything in the release notes that describes this feature at all?
     
    icns01 likes this.
  9. SniffwareInc

    Joined:
    Mar 23, 2017
    Messages:
    1
    Likes Received:
    0
    Please advise on this matter, i really want to implement this option for my End user
     
  10. GBC_James

    Joined:
    Feb 3, 2017
    Messages:
    66
    Likes Received:
    7
    Hi
    We have updated to v15.5 but cannot find any info relating to pausing call recordings.
    We too have users who take credit card payments and really need this.
    Thanks
     
    icns01 likes this.
  11. GBC_James

    Joined:
    Feb 3, 2017
    Messages:
    66
    Likes Received:
    7
    Just tried out the browser based softphone (using Chrome) and you CAN pause/resume call recording by clicking the REC button.
    however this feature doesn't work in the 3CXphone for WIndows. So looks like the issue is there

    (As an aside, in the browser based phone, we were unable to answer the call by clicking "Answer" on screen but that's a whole other issue)
     
    icns01 likes this.