The Midwest’s Leading Supplier of Digital Recording Solutions forVoice, Video & Data

Much of this presentation was created by Kristyn Emenecker, Director, Solutions Marketing, Verint Systems, Inc., and is used with her permission.

Exploring PCIAnd

Customer Data Security

Presented by:Gina R. George, MCSE, CBC

Corporate Communications Director

• Founded in 1983

• Headquartered in Grove City, OH

• Sales & Support Offices in IN and IL

• Platinum Business Partner for Verint Systems and 2007 Verint Business Partner of the Year

• Authorized Reseller for VIQ Solutions

• Seller of SCI-DVR

• Additional Lines: AMAG, Firetide, cNotify

Myth: The Call Center’s Not A High Risk Area

Customer Privacy Management

Data Intensive Environment + Transient/Offsite Staff = Perfect Storm

In The News Recently…

Call Recording: Key To Fraud Protection

Call Recording: A Double-Edged Sword

What Is PCI-DSS?

What Is PCI-DSS: A Second Opinion

“The PCI Data Security Standard was launched in 2006 by private-sector organizations to improve the security of credit card data. But PCI has instead become a massive butt-covering exercise that extends from retailers to auditors to major credit card brands.

Whether data is any safer remains to be seen.”

Andrew Conry-MurrayPCI And The Circle Of Blame

Information WeekFebruary 23, 2008

Card Security Programs

12 Primary Requirements of PCI-DSS

12 Primary Requirements of PCI-DSS

Who Has To Worry About PCI?

What Does The Future Hold?

Data Security: More Than PCI

Where Do Call Recordings Fit In?

CVV2: A Special Concern

Call Recording & PCI: Possible Solutions

End-to-end encryption• Encrypt audio and screens

at acquisition• Decrypt only at playback

Data avoidance• Pause recording while caller

speaks sensitive information• Mute recording while caller

speaks sensitive information• Tone over recording while

caller speaks sensitive information

Data deletion• Delete part or all of the

recording after the call is completed

Possible Solutions: Scenario #1

Large catalog retailer• Records for QA only• Voice & Screens• Contact Center, Branch Office & Work-at-Home Agents

Compliance Methodology: Data Deletion• Agents use an applet on their workstations to tag credit card calls

• Recording system does automatic sweep every two minutes and purges tagged calls

• Calls can be manually tagged later by supervisor if missed by agent and found during QA review

• Reports are generated and correlated to credit card authorization records to prevent system abuse

Possible Solutions: Scenario #2

Large public utility• Records for QA and compliance• Voice & Screens• Contact Center, Branch Office & Work-at-Home Agents

Compliance Methodology: Data Deletion• Automated process scans call recording database for agent ID, date

and time

• Process compares result to similar scan of credit card transaction files

• Upon finding a match, process deletes audio and screen files from call recorder

Where Do You Go From Here?

For more information visit: www.soundcommunications.com

Or call:

Toll-free (800) 556-8556, x 718Local (614) 875-8500, x718 or

(614) 317-9062

The Jackson Building

3440 Park Street

Grove City, OH 43123