{"id":11423,"date":"2017-12-20T09:00:21","date_gmt":"2017-12-20T08:00:21","guid":{"rendered":"https:\/\/www.imagicle.com\/cpt_blog\/worried-about-pci-dss\/"},"modified":"2025-04-15T17:40:23","modified_gmt":"2025-04-15T15:40:23","slug":"worried-about-pci-dss","status":"publish","type":"cpt_blog","link":"https:\/\/www.imagicle.com\/en\/blog\/o\/security-compliance\/worried-about-pci-dss\/","title":{"rendered":"Worried about PCI DSS?"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;4.9.10&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;]<\/p>\n<p>Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data \u2013 with guidance for software developers and manufacturers of applications and devices used in those transactions. First and foremost, companies need an order processing and recording system that <strong>masks, mutes and encrypts customer and card data. Strict authentication controls<\/strong> for all employees are needed and implement strict processes to prevent agents from, for example, writing card numbers on note pads for later entry. Finally, maintain <strong>secure configuration standards<\/strong> and regularly <strong>test them for vulnerabilities<\/strong>.<\/p>\n<p>Related to call recording, systems, these are requirements:<\/p>\n<ul>\n<li><strong>Skip recording of card info<\/strong> \u2013 The standard requires that card security codes (CID, CAV2, CVC2, CVV2) are not stored.<\/li>\n<li><strong>Cardholder data protection<\/strong> \u2013 Access to recordings protected and available with a multi-level access, with recordings encrypted and not alterable.<\/li>\n<li><strong>Network security<\/strong> \u2013 TLS 1.1\/1.2 are required as of 30th of June 2018<\/li>\n<li><strong>Audit trail<\/strong> &#8211; Implement strong access control measures<\/li>\n<\/ul>\n<h2>How Imagicle can help<\/h2>\n<p><a href=\"https:\/\/www.imagicle.com\/Products\/Call-Recording\">Imagicle Call Recording<\/a> will be fully supporting PCI-DSS as of Spring\u201918 release, expected within end of March\u201918. The release will support <strong>Pause\/Resume button<\/strong> via the user web UI and directly within the gadget for Cisco Jabber and Cisco Finesse, to avoid recording of credit card info. Imagicle Call Recording already provides role-based access to recordings to protect access, with <strong>recording encrypted with AES<\/strong> algorithm and with <strong>tampering attempts detection<\/strong>. Moreover, both recording engine and access to web and gadget UI are <strong>securely available via TLS<\/strong> 1.2, providing the maximum security level. With the <strong>audit trail<\/strong> support, as of Winter\u201918, it will be possible to determine who has accessed any recording in the system for playback, export and attempts to download and delete.<\/p>\n<p>[\/et_pb_text][et_pb_comments show_count=&#8221;off&#8221; module_id=&#8221;imaPostComments&#8221; _builder_version=&#8221;3.16&#8243; header_level=&#8221;h2&#8243; header_text_color=&#8221;#97989a&#8221; form_field_text_align=&#8221;left&#8221; form_field_font_size=&#8221;14px&#8221; custom_button=&#8221;on&#8221; button_text_size=&#8221;12px&#8221; button_text_color=&#8221;#ffffff&#8221; button_bg_color=&#8221;#1bbbe9&#8243; button_border_width=&#8221;0px&#8221; button_border_radius=&#8221;0px&#8221; button_letter_spacing=&#8221;1px&#8221; button_font=&#8221;VAGRoundedStd-Light|||on|||||&#8221; button_use_icon=&#8221;off&#8221; button_alignment=&#8221;left&#8221; text_orientation=&#8221;left&#8221; max_width=&#8221;90%&#8221; max_width_tablet=&#8221;&#8221; max_width_phone=&#8221;&#8221; max_width_last_edited=&#8221;on|desktop&#8221; module_alignment=&#8221;center&#8221; custom_margin=&#8221;50px||0px|&#8221; custom_margin_tablet=&#8221;&#8221; custom_margin_phone=&#8221;&#8221; custom_margin_last_edited=&#8221;on|desktop&#8221; custom_padding=&#8221;0px||0px|&#8221; header_font_size_tablet=&#8221;51&#8243; header_line_height_tablet=&#8221;2&#8243; custom_css_submit_button=&#8221;padding:6px 30px 4px 30px!important;||&#8221; button_border_color_hover=&#8221;#ffffff&#8221; button_border_radius_hover=&#8221;0px&#8221; button_bg_color_hover=&#8221;#00b996&#8243; saved_tabs=&#8221;all&#8221; button_text_size__hover_enabled=&#8221;off&#8221; button_one_text_size__hover_enabled=&#8221;off&#8221; button_two_text_size__hover_enabled=&#8221;off&#8221; button_text_color__hover_enabled=&#8221;off&#8221; button_one_text_color__hover_enabled=&#8221;off&#8221; button_two_text_color__hover_enabled=&#8221;off&#8221; button_border_width__hover_enabled=&#8221;off&#8221; button_one_border_width__hover_enabled=&#8221;off&#8221; button_two_border_width__hover_enabled=&#8221;off&#8221; button_border_color__hover_enabled=&#8221;on&#8221; button_border_color__hover=&#8221;#ffffff&#8221; button_one_border_color__hover_enabled=&#8221;off&#8221; button_two_border_color__hover_enabled=&#8221;off&#8221; button_border_radius__hover_enabled=&#8221;on&#8221; button_border_radius__hover=&#8221;0px&#8221; button_one_border_radius__hover_enabled=&#8221;off&#8221; button_two_border_radius__hover_enabled=&#8221;off&#8221; button_letter_spacing__hover_enabled=&#8221;off&#8221; button_one_letter_spacing__hover_enabled=&#8221;off&#8221; button_two_letter_spacing__hover_enabled=&#8221;off&#8221; button_bg_color__hover_enabled=&#8221;on&#8221; button_bg_color__hover=&#8221;#00b996&#8243; button_one_bg_color__hover_enabled=&#8221;off&#8221; button_two_bg_color__hover_enabled=&#8221;off&#8221;][\/et_pb_comments][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The standard apply to all organizations that store, process or transmit cardholder data \u2013 with guidance for software developers and manufacturers of applications and devices used in those transactions.<\/p>\n","protected":false},"author":15,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_et_pb_use_builder":"on","_et_pb_old_content":"<p>Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data \u2013 with guidance for software developers and manufacturers of applications and devices used in those transactions. First and foremost, companies need an order processing and recording system that <strong>masks, mutes and encrypts customer and card data. Strict authentication controls<\/strong> for all employees are needed and implement strict processes to prevent agents from, for example, writing card numbers on note pads for later entry. Finally, maintain <strong>secure configuration standards<\/strong> and regularly <strong>test them for vulnerabilities<\/strong>.<\/p><p>Related to call recording, systems, these are requirements:<\/p><ul><li><strong>Skip recording of card info<\/strong> \u2013 The standard requires that card security codes (CID, CAV2, CVC2, CVV2) are not stored.<\/li><li><strong>Cardholder data protection<\/strong> \u2013 Access to recordings protected and available with a multi-level access, with recordings encrypted and not alterable.<\/li><li><strong>Network security<\/strong> \u2013 TLS 1.1\/1.2 are required as of 30th of June 2018<\/li><li><strong>Audit trail<\/strong> - Implement strong access control measures<\/li><\/ul><h2>How Imagicle can help<\/h2><p><a href=\"https:\/\/www.imagicle.com\/Products\/Call-Recording\">Imagicle Call Recording<\/a> will be fully supporting PCI-DSS as of Spring\u201918 release, expected within end of March\u201918. The release will support <strong>Pause\/Resume button<\/strong> via the user web UI and directly within the gadget for Cisco Jabber and Cisco Finesse, to avoid recording of credit card info. Imagicle Call Recording already provides role-based access to recordings to protect access, with <strong>recording encrypted with AES<\/strong> algorithm and with <strong>tampering attempts detection<\/strong>. Moreover, both recording engine and access to web and gadget UI are <strong>securely available via TLS<\/strong> 1.2, providing the maximum security level. With the <strong>audit trail<\/strong> support, as of Winter\u201918, it will be possible to determine who has accessed any recording in the system for playback, export and attempts to download and delete.<\/p><p>[\/et_pb_text][et_pb_sidebar area=\"et_pb_widget_area_2\" _builder_version=\"3.0.92\" custom_margin=\"0px|||\" custom_padding=\"0px|||\"]<\/p><p>\u00a0<\/p><p>[\/et_pb_sidebar][et_pb_comments show_count=\"off\" module_id=\"imaPostComments\" _builder_version=\"3.0.92\" header_level=\"h2\" header_font_size_tablet=\"51\" header_text_color=\"#97989a\" header_line_height_tablet=\"2\" form_field_text_align=\"left\" form_field_font_size=\"14px\" text_orientation=\"left\" max_width=\"90%\" max_width_last_edited=\"on|desktop\" module_alignment=\"center\" custom_margin=\"50px||0px|\" custom_margin_last_edited=\"on|desktop\" custom_padding=\"0px||0px|\" custom_button=\"on\" button_text_size=\"12px\" button_text_color=\"#ffffff\" button_bg_color=\"#1bbbe9\" button_border_width=\"0px\" button_border_radius=\"0px\" button_letter_spacing=\"1px\" button_font=\"VAGRoundedStd-Light|||on|||||\" button_use_icon=\"off\" button_bg_color_hover=\"#00b996\" button_border_color_hover=\"#ffffff\" button_border_radius_hover=\"0px\" button_alignment=\"left\" custom_css_submit_button=\"padding:6px 30px 4px 30px!important;||\" global_module=\"1244\" saved_tabs=\"all\"]<br \/>[\/et_pb_comments][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>","_et_gb_content_width":"","inline_featured_image":false},"categories":[7053],"tags":[],"tax_people":[],"tax_blog":[89],"tax_labels":[547],"class_list":["post-11423","cpt_blog","type-cpt_blog","status-publish","hentry","category-security-compliance","tax_blog-call-recording","tax_labels-security-it"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/cpt_blog\/11423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/cpt_blog"}],"about":[{"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/types\/cpt_blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/users\/15"}],"wp:attachment":[{"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/media?parent=11423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/categories?post=11423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/tags?post=11423"},{"taxonomy":"tax_people","embeddable":true,"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/tax_people?post=11423"},{"taxonomy":"tax_blog","embeddable":true,"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/tax_blog?post=11423"},{"taxonomy":"tax_labels","embeddable":true,"href":"https:\/\/www.imagicle.com\/en\/wp-json\/wp\/v2\/tax_labels?post=11423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}