Opinion Piece: Global data security standards now essential
By: Paul Fick, Divisional CEO at Jasco ICT Solutions, Enterprise Communication
If your organisation accepts client payment via credit cards, you are probably aware of the Payment Card Industry Data Security Standards (PCIDSS). If you are not complying, you are walking a thin line. As leading telephony and communication platforms begin to introduce compliance capabilities into recording and other applications within their suites, there is little excuse left for not securing your clients’ confidential data.
The PCIDSS were developed by the major credit card companies to regulate the management of credit card data, minimise fraud and protect customer privacy.
Among these regulations is the injunction that the three-digit Card Verification or Card Security Code, which is required for every credit card transaction, be very securely stored – whether it is recorded as a data or voice record. Placing the correct levels of security around voice recordings without hampering access to the recordings has, until now, been a difficult requirement.
To make it possible for organisations to achieve PCI compliance, flexible security features are being built into applications like the Avaya Aura Contact Recording solution to allow enterprises and contact centres to configure and operate the recording solution to meet requirements.
Key features include the following:
- A browser-based configuration and replay application enables contact centre administrators, supervisors, and/or auditors to access recorded data within internal networks or via secure connections, such as a Virtual Private Network.
- The recorder does not use services/protocols, which are commonly considered as insecure.
- There are no hardcoded passwords within the system, so vendor-supplied defaults for system passwords and other security parameters cannot be used.
- There is a licensed option to encrypt all the recorded audio data on any storage devices.
- And for enterprises with operations that involve sensitive authentication parameters such as Card Verification or Card Security Code and who wish to not record this sensitive data, there is an integration interface that allows users to instruct recorders to pause the audio and screen recordings while this information is spoken.
On a governance level, protecting client data throughout its lifecycle equates to protecting the business. To maintain their reputation and client base, organisations need to not only protect client data in general, but take the additional measures that will ensure clients are not made vulnerable at this level should disaster strike. And it’s no longer a nice to have – if South African businesses wish to partake in the increasingly globalised economy, worldwide standards like the PCIDSS need to be met.