We notice you are visiting from a U.S. Internet provider. 
18/02/2010 -
In its third revision since the beginning of 2010 - the previous being just weeks ago - the PCI Security Standards Council has revised its rules regarding audio recordings of payment processing data.The previous change had mandated that cardholder data stored in audio form - often seen with call centers - is subject to the same retention and protection requirements as payment processing data stored in written form.
The change, announced on Wednesday, mandated that payment processing data on audio recordings could be retained only "if that data can be queried," reported StorefrontBacktalk.com.
This update was prompted by merchant feedback - the majority of it criticism - but experts say the new rules are not necessarily any more clear or fair.
"What will they need to do to make sure their records 'cannot be data mined'?" PCI expert Walter Conway told StorefrontBacktalk.com columnist Evan Schuman. "Will this mean encryption? Maybe. Will it mean keeping it offline? Possibly. Restricting access? Plan on it. Can you isolate them behind a firewall? Again, possibly. In any event, your call center needs to look at its particular situation both for PCI compliance and to keep your organization out of the headlines."
Because the PCI DSS changes relatively frequently, merchants - whether or not they handle audio-based payment processing records - are encouraged to visit the PCI SSC website regularly for updates about the standard.
