PCI DSS and the FSA

Semafone

The FSA requires that some types of calls taken by financial services companies be recorded. This is to ensure that customers are treated fairly and consistently and are given the correct information and advice.

This has recently been extended to all calls dealing with mortgages in arrears, with the FSA stating:

“The Payment Card Industry Security Standards Council (PCI SSC) has confirmed that the recording of calls is permitted. However, firms are required to have robust systems and controls to ensure the adequate security of this data.”

Therefore, all mortgage firm call recordings need to achieve PCI DSS compliance and must not contain any Sensitive Authentication Data.

This causes a real problem for financial services call centres, which have to record calls to comply with FSA requirements, but cannot record or store sensitive information in order to comply with the PCI DSS.

Semafone can resolve this problem because it allows the entire call to be recorded, but does not include sensitive authentication data, as this is inputted on the telephone keypad. This means the information is not stored on the recording. Find out more about the Semafone solution or watch a demonstration here.

View the Demonstration

Clients