Great Place to Work - Certified

Setting up Call Recording? Time to Consider these Laws



Call recording is a usual practice for call centers. If your call center is driving revenues through customer satisfaction then call recording is one of most viable options.

However, before setting up call recording, you should carefully consider a number of laws that are in place to ensure maximum compliance. Violating any rule can make your call center face consequences which include penalties and legal actions. While call recording, holds are a legal concern, the agents and managers should be aware of all its rules and laws. However, every industry does not have same compliance of rules for their call centers. Different business has different legislations.

In order to know them all, follow the blog post below:

1) Payment Card Industry Data Security Standard (PCI-DSS):

In order to minimize the risk of card data loss or evict any fraud, the payment card industry which consists of American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, established PCI Security Standards Council in 2006.  This law came into force for the merchants and service providers who must comply with it in order to accept any credit card or debit card payment. Merchants and service providers who fail to comply have to face the termination of card acceptance privileges. The PCI-DSS regulation strictly forbids recording unencrypted credit card numbers, PIN numbers, card validation code and other specified identifiers.

While we know that the standard is uniquely set for cardholder’s information, contact centers can be easily involved in suspecting activities. Agents collect and enter customer information into entry and data recording systems. Unless agents are authorized to view the information, it is a violation of PCI-DSS act.

These are the best practices of PCI-DSS:

· Limit the amount of time on CRM and quality assurance, to hold any card related information.

· Implement strict authentication controls for call center agents.

· Use a data processing system that covers the PAN details and show star ratings instead when displayed on the screen.

2) Telemarketing Sales Rule (TSR):

It is the most comprehensive federal legislation that aims directly at contact centers. The purpose of implementing TSR is to avoid frauds. However,  any call center that makes calls to customers with the intention to offer them any product or service in exchange of payment through cards must comply the rules.

When payments are made by other than a credit/debit card, the seller requires obtaining “Express Verifiable Authorization” (EVA) from the buyer. EVA is considered to be secured in one of three ways: advance written authorization from the consumer, written confirmation from the seller before the transaction is submitted for payment, or an audio recording in the customer’s voice confirming the order. Call recording is the most convenient and reliable, available verification method.

The provision that says ‘Do Not Call’ restricts the call center agents from calling numbers that are on the ‘Do Not Call’ Registry.

Best practices for Telemarketing Sales Rules are:

· Create scripts for agents, so they disclose all necessary information to the customers

· Record all voice and screen interactions that involve phone sales or sales attempts

· Prohibit pre-recorded sales messages.

 3) Health Insurance Portability and Accountability Act (HIPAA):

To evict risk and to protect people from fraud covered by health insurance, HIPAA was enacted in 1996. The most important part of HIPAA that affects contact centers is the Standards for Privacy of Individually Identifiable Health Information, also known as the Privacy Rule. The Privacy Rule protects an individual’s health information. This includes name, date of birth, health status, social security number, address, and billing information.

To understand better as how call center can best implement HIPAA, follow the best practices here:

· Implement strict prohibition over customer data information to employees.

· Use call recording to record and monitor the interactions for compliance.

· Introduce software to the contact centers which can automatically cover the confidential information of the customers.

Each industry complies its own set of rules, regulations, and standards. But while the details are best left to a knowledgeable legal team, it’s a good idea to have an utmost understanding of this complex laws and regulations to save your contact center from any controversy and legal issues.




Interesting Insights