Michael Wise
Enjoying this article?
Share it with the world!
* The compliance risks and mitigation steps referenced in this article are for informational purposes only and should not be taken as a legal advice. Please consult with your own legal counsel and compliance officer to determine risks and mitigation steps.
Operating call centers that record calls and store recorded audio files, especially those containing personal and private data like social security numbers or credit card numbers, poses several risks to companies. These risks can be broadly categorized into legal, security, and reputational risks.
Because the sensitive data a cybercriminal would be looking for is stored on individual audio files, the risk of a large-scale data breach is low. If hackers wanted to work that hard they’d have real jobs.
With that in mind, we’ll focus on the highest, most-likely risks and repercussions.
Fines, Penalties, and Increased Transaction Fees from Credit Card Companies
The Payment Card Industry Data Security Standard (PCI DSS) sets the requirements for organizations and merchants to securely process, store, and transmit credit card information to prevent fraud and data breaches.
As a merchant, you’re required to comply with PCI-DSS standards and must complete a PCI audit or attest in writing that you do. Non-compliance with PCI-DSS requirements, or falsely filling out PCI self-attestation forms, can lead to several serious repercussions for merchants, including:
Call centers can incur substantial fines from payment processors and banks for failing to comply with PCI DSS standards. These fines are imposed to penalize and encourage remediation of compliance failures, especially regarding the storage of unencrypted/unredacted cardholder data within call recordings.
Non-compliance may lead to higher transaction fees imposed by payment processors. For call centers, where transactions are often processed as “card not present” transactions, these increased fees can significantly affect operational costs.
Severe non-compliance issues might result in the call center losing its ability to process credit card payments, which could cripple its operations, especially if alternative payment methods are not viable.
A call center found non-compliant may be subjected to more rigorous audits and assessments by QSAs, increasing the burden of compliance and the costs associated with audits and security measures.
Storing call recordings with sensitive financial and personally-identifiable data is prohibited in many SLAs. Particularly, in EBOs and first-party collections where your call center is calling customers or patients on behalf of, or in reference to, that entity.
Even if a redaction requirement is not specifically mentioned in an SLA, your clients may assume they are, or find out through a consumer complaint or during a request to listen to a series of calls for QA oversight.
Although litigation and court cases directly related to a failure to redact sensitive data from audio recordings are rare, the costs should they be brought are significant and are worth mentioning.
In the event of a data breach involving unredacted call recordings, call centers may be responsible for covering fraud losses, card replacement costs, and the expenses of forensic investigations to identify the breach's scope and source.
Call centers could face lawsuits from customers whose personal information was compromised. Legal proceedings and settlements can be financially draining and damage the call center's reputation and client relationships.
Call centers could face lawsuits from customers whose personal information was compromised. Legal proceedings and settlements can be financially draining and damage the call center's reputation and client relationships.
To achieve compliance, call centers will need to invest in technologies and processes to redact sensitive information from call recordings, alongside potentially upgrading their data security infrastructure. This might include implementing speech analytics software capable of automatically detecting and redacting sensitive data from audio recordings.
Implementing the necessary changes to achieve compliance can cause operational disruptions. Training staff, modifying procedures, and integrating new technologies require time and resources, potentially affecting the call center's efficiency temporarily.
Ensuring all call recordings are processed through technologies that redact sensitive information.
Regularly reviewing and updating data protection policies and practices.
Training staff on the importance of data security and compliance requirements.
Engaging with qualified security professionals to assess and improve data handling processes.
Effective goal setting in contact centers, guided by the SMART criteria, is a strategic approach that enhances agent performance, customer satisfaction, and overall operational efficiency. By focusing on these elements, contact centers can transform their work environments, leading to higher employee satisfaction, better customer service, and overall organizational success.
Most Recent
Regulation F
Healthcare Billing
P2PE (Point-To-Point Encryption)Auto & Predictive Dialing
Stealth Voicemail
Statements & LettersPayment Portals
Make the switch to Intelligent Contacts and we'll include PCI redaction, speech analytics, and automated QA scorecards at NO EXTRA CHARGE! Give your agents and operation leaders the competitive advantage of the most advanced AI-powered, omnichannel communication platform available!
Get instant access and explore the platform at your own pace
