The Payment Card Industry (consisting of American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) established the PCI Security Standards Council (PCI SCC) in 2006 in order to create a set of rules for merchants and service providers that accept credit and debit card payments that would minimize payment card data loss (whether malicious or otherwise). It followed this with the Data Security Standard (PCI DSS), which details the security requirements for anyone processing, storing or transmitting cardholder data.
What this means is that if your organization accepts credit or debit cards, it must do so in accordance with the latest standards. And while compliance isn’t a legal requirement, merchants and service providers that don’t comply are in breach or their contract and could have their card acceptance privileges terminated, resulting in likely business losses.
Simply put, according to PCI-DSS, no cardholder data (cardholder name, expiration date, PAN, etc.) should ever be stored unless it’s necessary to meet the needs of your business, and no sensitive authentication data (SAD), which includes card validation codes (CVV2, CVC2, CID, or CAV2), personal identification numbers and/or full magnetic stripe data, may be stored in a digital, audio or video format (such as WAV or MP3) after authorization, even if encrypted.
Fortunately, Oreka TR will pause both screen and audio via API or web user interface while credit card numbers are being received over the phone. This way, no numbers are stored anywhere on the recording system.
For more information, please visit here.
Resource: PCI FAQs and Myths
The Health Insurance Portability and Accountability Act (HIPAA) is designed to protect sensitive patient information. In short, it requires organizations to comply with minimum security and privacy standards for health data. According to the Act, healthcare organizations must “Secure patient records containing individually identifiable health information so that they are not readily available to those who do not need them and are not authorized to view them.”
Oreka TR helps protect your organization and your patients from inadvertently sharing personally identifiable health information that shouldn’t be shared. With Oreka TR you can restrict access to sensitive data, assign user roles with set permissions and be able to quickly and easily retrieve any call you want within seconds when necessary.
Together, along with audit trail capabilities and time stamping, Oreka TR helps you stay HIPAA compliant.