Dubbed as toxic legacy call recordings and posing great threat to the UK financial sector, the recordings have the potential to severely affect large UK financial services organization from credit unions to insurance companies and consumer finance, a report highlights.
Speaking at the PCI London conference on 2 July 2013, security experts noted that due to unavailability of insufficient data security protocols, these card details can be accessed, downloaded and disposed of to the black market.
Failing to meet PCI-DSS standard and non-compliance or compromised payment card details attracts monetary penalty up to £500,000 per violation, while adversely damaging the reputation of financial services organization.
The Financial Conduct Authority (FCA) has mandated that financial services organizations must retain and protect call recordings, but such practice by the firms can easily fall in the hands of cyber-criminals, who can misuse them.
A statics released by the UK Cards Association points out Britons spend almost half a trillion pounds on plastic each year, with nearly 10 billion separate card transactions taking place.
Highlighting the risk associated, Aeriandi card security software specialists CEO Matthew Bryars said while the proportion of recorded calls that contain payment card data will vary, they could easily rise above 50% in contact centers processing large numbers of card not present (CNP) transactions.
"While it’s fine for most call recordings to be stored in any old storage system, any legacy toxic call recordings must be stored within PCI DSS requirements," Bryars added.
Aeriandi specializes in PCI-DSS compliance and implements technologies that take sensitive card data out of contact centers so they can meet FSA and PCI-DSS obligations.
