PCI Compliance

Ensuring compliance with PCI DSS requires eliminating sensitive credit card information in recorded interactions. Not conforming to the policies of the DSS can lead to heavy penalties, fines and even revoked privileges from taking credit cards for payment. 

Strategies for PCI Compliance

Envision's recording solutions provide multiple options to help you stay in compliance with PCI DSS. From encryption of data in transit and at rest to eliminating the storage of sensitive consumer credit card data altogether.

Here are some strategies to consider for meeting PCI DSS compliance requirements:

  • Ensure credit card collection by agents is in a discreet area of your CRM application
  • Don't ever store the CVV (3 digits on the back of a credit card) in your CRM or call recordings
  • Count on 256-bit encryption with Envision's recorder both in transit and at rest
  • Leverage Envision's automatic password expiration feature to renew passwords every 30 days
  • Use our audit reports and alerts to track attempted unauthorized user access
  • Visit the PCI DSS site https://www.pcisecuritystandards.org/pci_security/ for the latest guidelines and requirements 

Read on below to learn more specific areas our products can help with PCI compliance.

Capturing Interactions

Recording without PCI sensitive data

Envision's interaction recording products support multiple methods to eliminate recording sensitive information in interaction recordings, such as, the CVV code for credit cards. In all circumstances our solutions allow you to pause recording both voice and screen capture during entry of the sensitive information, and then resume recording once that information is no longer visible. 

Pause/Resume API

Integrate pause/resume directly into your application

For customers who have built their own CRM applications and have access to source code, you can use Envision's application programming interface (API) to call pause recording of voice and screen during collection of sensitive information, then resume when you know the agent is out of the sensitive data area. This provides direct control from the workflow within your application to meet PCI compliance measures.

Workflow Driven

Automated pause/resume

Another method that may be supported within your environment to implement pause and resume is using our patent pending D5 technology which includes capabilities to pause recording voice and screen based on the workflow of an agent that D5 detects. For example, if an agent takes sensitive information on a particular screen and D5 can detect when that screen is active, we can pause when that screen is active and resume when the screen is not. This method does not require any coding or API integration thus reducing strain on your IT resources.

Manual Capabilities

Agent initiated pause/resume

If you are unable to leverage our API or the D5 workflow methods to automatically pause and resume recording, you can enable your agents to do so by providing them with a button in the system tray or floating on top of their desktop. While not considered the ideal approach because of potential for human error, it does allow you to meet PCI DSS compliance when other options are not available or you need a temporary solution until IT resources become available.

Ready for a demo?

On-Premise and Cloud Enabled

From 3 to 1000+ agents, use Click2Coach to securely record, evaluate and create coachable moments for agents.

With Click2Coach, you have the very best workforce optimization solution available on-premise in your own data center, or in our secure Click2Coach Cloud hosted in Microsoft Azure. We also offer the path to start on-premise and migrate to the cloud later, which gives you the flexibility and assurance that your data will follow once ready. Flexibility, security and best in class features and performance is our customer promise.