Feeds

Survey: Call centre data standards 'routinely ignored'

Poor practice creates 'vast reservoir of sensitive data'

Remote control for virtualized desktops

More than 95% of call centres were found to store customers' credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company.

Veritape said that when it talked to 133 call centre managers, only 39% of them knew about industry rules against the storing of the information and just 3% of them wiped credit card numbers from recordings of phone calls. Veritape provides call recording services to the call centre industry.

"The routine practice of storing unedited audio recordings of calls is creating a vast reservoir of sensitive data on the servers of call centres across the UK, in direct breach of global industry standards drawn up by the Payment Card Industry Data Security Council," said a Veritape statement.

The industry guidelines are contained in the Payment Card Industry Data Security Standard (PCI DSS), which governs how companies should treat data, whether they be physical shops, websites or call centre sales operations.

Veritape pointed out that one clause of the Standard forbids the storing of the three digit verification number on the back of cards in transactions conducted remotely. "Sensitive authentication data must not be stored after authorization (even if encrypted)," says a footnote to the Standard highlighted by Veritape.

Veritape said that its survey of 133 call centre managers found that of the 97% who did not comply with this rule in relation to audio recordings, 61% did not know of the rule, 18% said it would be too difficult or expensive to comply, 11% were ignoring the issue and 6% were working to become compliant.

“What we have is a global industry standard that is routinely ignored by call centres throughout the UK,” said Cameron Ross, managing director of Veritape. “The storage of this actionable data creates a huge reservoir of sensitive information that is putting the financial resources of millions of people at risk."

Veritape said that its software records phone calls and can process data contained within calls, acting, it said, "as a powerful telephone search engine".

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Remote control for virtualized desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.