Speech Technology - October 2008 - (Page 30) LEGAL ISSUES WITH SPEECH equally to audio files stored electronically or on magnetic audiotapes, CDs, or DVDs. The standards also note that “it is a violation…to store any sensitive authentication data, including card validation codes and values, after transaction authorization.” “If commercially reasonable technology exists to delete these data elements, then these elements should be deleted,” the PCI Security Standards Council states on its Web site. Technological Solutions That technology does exist, and it’s called data redaction. This technology automatically blacks out all but the last four digits of a credit card number, for example, and limits access to the other data. “The idea is to limit access to people who need to know,” Fluss says. “If you’re using the recordings for analytics, that person does not need to know, so black them out of the recordings.” One company, Coordinated Systems, has taken the data redaction process to new levels. In August, it launched Virtual Observer Data Defender, a solution that automatically removes credit card transactions from recorded audio and screen captures. “Lights Out” functionality contained within the application detects the beginning and end of a credit card transaction, mutes the audio, and wipes out the screen images during the process. The application also provides 256-bit encryption for all recordings and screen captures; an audit trail that details every action users take and every piece of data they review, add, edit, or delete; and an application and data security level that allows call center managers to control every menu, program, and button, to pick and choose which users have access to specific features of the application, and to build secure filters that reduce the data a particular user is allowed to access and see. “It’s important for organizations to maintain a level of trust. We have to be able to ensure the security of private and confidential data, including credit card numbers, Social Security numbers, passwords, PINs, and other information,” Dan McGrail, vice president of product development at Coordinated Systems, said in a statement. So then the next question becomes how long to hold onto the recordings, and when they should be deleted entirely. Though the PCI standards do not set forth a prescribed timetable beyond “what is required for business, legal, and/or regulatory compliance, as documented in a company’s data retention policy,” the traditional approach was to keep recordings indefinitely. This practice is starting to change, though, mainly because of the growing need to manage ever-increasing data storage volumes. With the recording of a typical oneminute call requiring up to 100 kilobytes of storage, it’s easy to see how storing all calls forever can be impossible, especially given the number of calls many contact centers receive in a given day. Many companies, at least in the financial services sector, retain recordings “The idea is to limit access to people who need to know.” primarily to resolve disputes. This way, when a customer calls and says he did not tell the agent to sell a particular stock, the company can produce a recording to prove that he did, in fact, authorize the sale. But there are instances when those policies can change, as in the case of a loan that is repaid ahead of schedule or when a client closes out an account, making the associated call recordings eligible for deletion sooner than expected. The PCI standards have not yet been adopted into law by the U.S. government, but to encourage companies to comply, card issuer Visa, for example, implemented a strategy of financial incentives, education, and monthly noncompliance fines—ranging from $5,000 for midsize firms to $25,000 for large firms. According to information obtained from Visa, by the end of 2007 more than three-quarters (77 percent) of the largest U.S. firms and nearly two-thirds (62 percent) of midsize firms in the U.S. were PCI-compliant. But that doesn’t mean companies can let up. In fact, just the opposite is the case. “Security is an issue and will always be an issue,” Fluss states. “Companies invest a fortune on identifying and closing down schemes to get information, but there will always be a new [scheme] coming out.” Fighting such activity is a never-ending battle, and there is no surefire way to protect against it, she adds. “There is absolutely no way to ensure that a thief will never enter your organization.” The object is to make it as difficult as possible for information to be compromised. Fluss and other industry experts recommend that call centers adopt fully paperless operations so their agents cannot write down customer credit card information and go shopping. “Today most call centers are paperless environments,” she says. “Agents are not allowed to bring any paper in or out.” But in today’s digital age, precautions like that need to go a step further. It is important to restrict the devices, including digital recorders, MP3 players, CDs, USB thumb drives, and floppy disks, that agents are allowed to bring into the call centers. The ban should also include cameras and mobile devices that contain cameras that can be used to capture screen images. Software should be installed that prohibits the downloading of information to portable storage devices of any kind. Also tied into that is the need to hire the right employees, and to constantly keep on top of them to make sure they are not motivated to steal information. Not only should this include looking for instances of criminal activity, but also for drug and alcohol abuse, financial stress, and domestic issues. And when an employee retires, leaves the organization, or is fired, it is crucial that his network and building access be terminated immediately, the experts advise. “Do background checks. Put in a code of ethics and make sure all employees adhere to them,” Fluss says. “Then organizations should be paranoid and work with all the resources available to them.” 30 | Speech Technology OCTOBER 2008 www.speechtechmag.com http://www.speechtechmag.com
Table of Contents Feed for the Digital Edition of Speech Technology - October 2008 Speech Technology - October 2008 Contents Editor’s Letter Industry View Inside Outsourcing Interact Keynoter Highlights the Shrinking Technological World Former Hacker Tackles IVR and Biometrics ‘Press 1’ for Caller Thoughts Soundbytes Voice Vote A New Dragon Emerges Overheard/Underheard An Emotional Mess Emotional Intelligence The Case for Call Recording Unified in Care and Communications An Education in E-Learning Guest Column Standards Speech Solutions Voice Value Forward Thinking Speech Technology - October 2008 Speech Technology - October 2008 - Speech Technology - October 2008 (Page Cover1) Speech Technology - October 2008 - Speech Technology - October 2008 (Page Cover2) Speech Technology - October 2008 - Contents (Page 1) Speech Technology - October 2008 - Editor’s Letter (Page 2) Speech Technology - October 2008 - Editor’s Letter (Page 3) Speech Technology - October 2008 - Industry View (Page 4) Speech Technology - October 2008 - Industry View (Page 5) Speech Technology - October 2008 - Inside Outsourcing (Page 6) Speech Technology - October 2008 - Interact (Page 7) Speech Technology - October 2008 - Keynoter Highlights the Shrinking Technological World (Page 8) Speech Technology - October 2008 - ‘Press 1’ for Caller Thoughts (Page 9) Speech Technology - October 2008 - Soundbytes (Page 10) Speech Technology - October 2008 - Voice Vote (Page 11) Speech Technology - October 2008 - A New Dragon Emerges (Page 12) Speech Technology - October 2008 - Overheard/Underheard (Page 13) Speech Technology - October 2008 - An Emotional Mess (Page 14) Speech Technology - October 2008 - An Emotional Mess (Page 15) Speech Technology - October 2008 - An Emotional Mess (Page 16) Speech Technology - October 2008 - An Emotional Mess (Page 17) Speech Technology - October 2008 - An Emotional Mess (Page 18) Speech Technology - October 2008 - An Emotional Mess (Page 19) Speech Technology - October 2008 - Emotional Intelligence (Page 20) Speech Technology - October 2008 - Emotional Intelligence (Page 21) Speech Technology - October 2008 - Emotional Intelligence (Page 22) Speech Technology - October 2008 - Emotional Intelligence (Page 23) Speech Technology - October 2008 - Emotional Intelligence (Page 24) Speech Technology - October 2008 - Emotional Intelligence (Page 25) Speech Technology - October 2008 - The Case for Call Recording (Page 26) Speech Technology - October 2008 - The Case for Call Recording (Page 27) Speech Technology - October 2008 - The Case for Call Recording (Page 28) Speech Technology - October 2008 - The Case for Call Recording (Page 29) Speech Technology - October 2008 - The Case for Call Recording (Page 30) Speech Technology - October 2008 - The Case for Call Recording (Page 31) Speech Technology - October 2008 - The Case for Call Recording (Page 32) Speech Technology - October 2008 - The Case for Call Recording (Page 33) Speech Technology - October 2008 - Unified in Care and Communications (Page 34) Speech Technology - October 2008 - Unified in Care and Communications (Page 35) Speech Technology - October 2008 - An Education in E-Learning (Page 36) Speech Technology - October 2008 - An Education in E-Learning (Page 37) Speech Technology - October 2008 - Guest Column (Page 38) Speech Technology - October 2008 - Guest Column (Page 39) Speech Technology - October 2008 - Standards (Page 40) Speech Technology - October 2008 - Speech Solutions (Page 41) Speech Technology - October 2008 - Voice Value (Page 42) Speech Technology - October 2008 - Voice Value (Page 43) Speech Technology - October 2008 - Forward Thinking (Page 44) Speech Technology - October 2008 - Forward Thinking (Page Cover3) Speech Technology - October 2008 - Forward Thinking (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.