vicidial.org

I'm sure some of you are aware with PCI DSS and the struggle to not retain CVV2 data in call recordings if you are recording every call automatically. I was hoping to open up a thread to discuss ideas of how to get around this. Also, maybe someone out there has already conjured up a solution. My current thoughts are to maybe use MixMonitor and have some sort of interrupt functionality with StopMixMonitor and then use the append to the recording MixMonitor function. Also, the trigger will be an issue if an agent forgets to press a certain button but right now that's besides the point. A button solution would work for me right now. Anyway, I really hope that there are others out there experiencing these struggles so we can work together to provide a solution to make this wonderful product PCI DSS compliant!

This is why we added the Park IVR feature to svn/trunk. The customer is parked(sent) to an IVR where they enter in their CC details so the agent can't hear it and it is not recorded, after entering in their details they go back to the agent.

This was done this way because the client that sponsored the development has mostly at home agents and according to PCI those agents cannot collect CC details.

As for removing CC details from existing recordings, we have a client that is working on a solution for this, but it is not in production yet.

This is great news! I started checking out the feature from SVN. Is there an agi script that specifically deals with CC details or do I need to write my own based on park_call_IVR_example.agi? I don't mind writing my own by why redo work if it's already done and I can be pointed in the right direction. Thanks Matt!

park_call_IVR_example.agi is an AGI file that you can start from for this.

mflorell wrote:This is why we added the Park IVR feature to svn/trunk. The customer is parked(sent) to an IVR where they enter in their CC details so the agent can't hear it and it is not recorded, after entering in their details they go back to the agent.

This was done this way because the client that sponsored the development has mostly at home agents and according to PCI those agents cannot collect CC details.

As for removing CC details from existing recordings, we have a client that is working on a solution for this, but it is not in production yet.

Where can I get more info on how to use the Park IVR feature?

You have to program it, or have it programmed for your specific needs.

You can contact the ViciDial Group(http://www.vicidial.com) or another Vicidial consultant to assist you in this.

In regards to "removing CC details from existing recordings" did the customer who was trying this have any luck?

They said they would contact me when they got it working, that was 10 months ago, and I haven't heard that they were using it the last time I talked to them.