We notice you are visiting from a U.S. Internet provider. 
03/02/2010 -
The PCI Security Standards Council has updated its FAQ section, changing the rules regarding payment processing information stored on audio recordings.StorefrontBacktalk.com reported that the rules, which mostly apply to call centers, now require cardholder data contained on an audio record to be subject to the same rules used for cardholder data stored in written form.
The new FAQ reports that "it is a violation of PCI DSS requirement 3.2 to store any sensitive authentication data, including card validation codes and values, after authorization, even if encrypted," StorefrontBacktalk.com cited. "It is therefore prohibited to use any form of digital audio recording (using formats such as wav, mp3, etc.) for storing CAV2, CVC-2, CVV-2 or CID codes after authorization, as card data can easily be extracted using freely available software."
However, the website also reports that this would not solve the payment processing security threat of audio recording on the consumer side - one tactic hackers are using is to call a company with a long list of questions, record the call, and then play it back to catch credit card information being spoken by other call operators in the background. To combat this, companies may want to invest in sound-proof cubicle dividers.
The PCI DSS is a continually changing set of regulations - it is currently undergoing a major revision by the PCI Security Standards Council - so businesses with merchant accounts are advised to stay updated on its rules and guidelines.
