No thanks, stay here.  

  We notice you are visiting from a U.S. Internet provider. Switch to our U.S. website.

Industry News

PCI SSC changes rules regarding audio recordings of payment processing data

By Kristen Lawrence

03/02/2010 - The PCI Security Standards Council has updated its FAQ section, changing the rules regarding payment processing information stored on audio recordings.

StorefrontBacktalk.com reported that the rules, which mostly apply to call centers, now require cardholder data contained on an audio record to be subject to the same rules used for cardholder data stored in written form.

The new FAQ reports that "it is a violation of PCI DSS requirement 3.2 to store any sensitive authentication data, including card validation codes and values, after authorization, even if encrypted," StorefrontBacktalk.com cited. "It is therefore prohibited to use any form of digital audio recording (using formats such as wav, mp3, etc.) for storing CAV2, CVC-2, CVV-2 or CID codes after authorization, as card data can easily be extracted using freely available software."

However, the website also reports that this would not solve the payment processing security threat of audio recording on the consumer side - one tactic hackers are using is to call a company with a long list of questions, record the call, and then play it back to catch credit card information being spoken by other call operators in the background. To combat this, companies may want to invest in sound-proof cubicle dividers.

The PCI DSS is a continually changing set of regulations - it is currently undergoing a major revision by the PCI Security Standards Council - so businesses with merchant accounts are advised to stay updated on its rules and guidelines.ADNFCR-2514-ID-19596313-ADNFCR

Related News - Security and Fraud

Visa announces new best practices for payment applications

26/08/2010

As part of its continued commitment to security, Visa has announced another set of global industry best practices for payment application vendors, integrators and resellers that employ payment-related systems such as credit-debit machines.

Full Article

Banks get creative to promote overdraft protection

29/07/2010

New regulations born of the financial reform bill may help cut costs for consumers who use point-of-sale terminals, yet banks are still searching for a way to recoup their potential losses.

Full Article

Tokenization can eliminate PCI compliance worries

27/07/2010

Retailers, payment processing companies and others are learning how to implement and accommodate new security practices to protect consumers and lessen their PCI compliance burden.

Full Article

Chip-and-pin technology has reduced fraud, but not interest rates

26/07/2010

With the introduction of credit card chip technology, consumers charging purchases at credit card machines were promised savings in interest rate charges, but have not seen them yet.

Full Article