Sometimes agents need to take sensitive data over the phone and need to temporarily suspend the call recording for security reasons. Since there is not yet a means to redact information from the call recordings in order to comply with PCI DSS, are there any known workarounds?
For the moment we have a dependency on our infrastructure provider for this feature, so the timing is not entirely in our control. With the caveat that this is not a shortcut to PCI DSS Compliance, we can at least offer workaround that some other customers have used in the past to avoid recording credit card numbers and other sensitive data:
1) Agent tells customer "let me put you on hold and call you from a secure line to take your credit card number".
2) Agent clicks to transfer call, and types the name/number of the customer they are talking to.
3) Customer gets a call, puts 1st call on hold, answers 2nd call.
4) Agent takes credit card information during "warm" part of the transfer, which is not recorded, without clicking "Make Transfer".
5) If required, agent tells customer "let's go back to the other line to wrap things up," and cancels transfer to go back to the original call.
6) At the end of the call, the call will have been recorded before the transfer and after the transfer, but not during, which is when the credit card info was taken.