PCI DETECTION
& REDACTION
VoiceBase Resource
How Automated Redaction Serves Compliance
2
PCI DETECTION & REDACTION
Without the dedicated monitoring of your
customer’s personal information and data, there
would be no way to protect your customers from
identity theft or worse. Your customers trust you
to follow strict policies and procedures when
collecting their information, as well as when
disposing of it. Making sure that your company is
PCI DSS compliant is the first step to establishing
and maintaining secure data practices.
Learn how VoiceBase Automated PCI Redaction
can serve your business needs in this resource.
PCI compliance minimizes
risk and maintains data
security across the entire
PCI DETECTION & REDACTION
|
3
VOICEBASE PCI REDACTION
The Payment Card Industry Data Security Standard (PCI DSS) was developed by a council of the major credit card companies to encourage and enhance cardholder data security. The PCI Data Security Standard requires any business that transmits, processes, or or handles payment card data to adhere to PCI compliance requirements. This includes vendors in that business ecosystem as well. PCI Certification requirements is determined by four levels, based on transaction volume per year.
A PCI DSS LEVEL 1 CERTIFICATION is the highest level of
certification for securing online electronic transactions. VoiceBase is PCI DSS Level 1 Certified, and partners with customers to successfully remove specific information from call audio and text transcripts.
Using machine learning and natural langupage processing (NLP), VoiceBase PCI Redaction allows you to automatically
detect and redact PCI data in your recordings, transcripts, and analytics. VoiceBase offers two specific features to handle PCI data; PCI detection and PCI redaction.
PCI Detection
PCI Detection is a feature which identifies the specific start and stop time (milliseconds) of the credit card information. This flagged section of the call is passed to the customer in the JSON results for client-side redaction.
What is PCI Certification?
LE V EL 1 LE V EL 2 LE V EL 3 LE V EL 4
>6,000,000
1,000,000-6,000,000
20,000-1,000,000
<20,000
PCI DETECTION & REDACTION
|
4
VOICEBASE PCI REDACTION
PCI Redaction
PCI redaction is a feature that identifies the specific start and stop time of the credit card information and then redacts that sensitive information from both the audio and transcript. For audio redaction, the API will return scrubbed recordings with flat tones where PCI info is detected, and for text redaction, we will replace the sensitive data with the term [redacted] (as show below).
Example of how VoiceBase’s software redacts the Customer’s credit card information during a call
By scrubbing and replacing sensitive information such as PCI or other PII (personally identifiable information), this allows organizations to continue to access their data in their preferred format while still maintaining PCI compliance. Without compromise to security, businesses can safely use analytics and business intelligence tools to continue monitoring agents and services provided.
Who needs to adhere to the requirements?
PCI DSS applies to all entities involved in payment card processing-including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
PCI DETECTION & REDACTION
|
5
The Standard for Compliance
The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.
GOAL
PCI DSS REQUIREMENTS
Build and Maintain a Secure Network and Systems
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business’ ‘need to know’
8. Identify and authenticate access to system components 9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information Security Policy
12. Maintain a policy that addresses information security for all personnel
PCI DETECTION & REDACTION
|
6
THE STANDARD FOR COMPLIANCE
The Standard for Compliance
Types of data on payment cards
Redacted Data
0000 1234 5678 9876
02/35
0205
CARDHOLDER
CID (AMEX) (Data on lines 1 + 2)Magnetic Stripe
CAV2/CID/CVC2/CVV2 (All other card brands) Chip
PAM Name
Expiration Date
According to the PCI DSS, all data on payment cards that is classified Sensistive Authentication Data which is the
full track data, CAV2/CVC2/CVV2/CID codes, and the PIN/ PIN block, must be redacted, and cannot be stored at all per Requirement 3.2.
There is some general Cardholder Data that may be redacted,
and is allowed storage in a secure site to be read by need-to-know parties only. That data includes the primary account number (PAN), cardholder name, service code, and expiration date. It is highly recommended to protect and redact this data, as hackers can use this information to take advantage of your customers.
Looking to secure your call center’s PCI /PII data?
