News

03:20 PM
Connect Directly
RSS
E-Mail
50%
50%

PCI Council Issues Advice for Securing Card Data in Call Centers

Rule #1: If you don't need it, don't store it.

The PCI Security Standards Council has come out with recommendations for how to protect credit card information given over the phone in a call center.

Why focus on card data transmitted by phone now? According to Jeremy King, European director of the Security Council, call centers are a prime target for credit card theft. "We've seen the card-not-present space is one of those fraud areas that's growing," he says. "The criminals are targeting this because they can use some of the data they obtain through other measures in the card not present space." The Council's board of advisors and particular BarclayCard helped put the guidance together.

One key takeaway for bank call centers: "If you don't need it, don't store it," King says. Certain data, such as CVC codes, should never be stored. Sometimes banks face a conflict between needing to record conversations with cardholders for quality purposes and complying with PCI data security standards that demand cardholder data be secure at all times. Call recording technology exists that can automatically block sensitive cardholder data from being recorded as it's being spoken or entered, King says. [We found one company, VPI, that says it uses analytics to identify sensitive authentication and account information and delete that information from the recording.]

Asked about standards for protecting mobile payment data -- a hot topic as Visa, MasterCard, PayPal, mobile carriers, Apple, Google and others push to get their versions of mobile payment technology accepted in the market -- King says the PCI Council is looking at these new technologies carefully. But the technology proposals change all the time and mobile payment pilots come and go.

"Call centers are an area we know criminals are targeting," King says.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.