Stored telephone call recordings could impact PCI compliance for hoteliers

During the PCI London Conference last month, Aeriandi CEO Matthew Bryars spoke about the potential conflict with Payment Card Industry Data Security Standards (PCI DSS) if a company records customer calls.  When a customer calls a hotel to make a reservation for, or to make a payment on, a hotel stay, a hotel may request and receive the customer’s credit card information.  And the entire conversation may be recorded.  Bryars called these calls containing customers’ financial data “toxic” and asserted that they are being recorded and stored in possible violation of the PCI DSS requirements for payment card security.

 Hoteliers should develop a strong PCI compliance program that includes review of other company policies and procedures—such as those governing recorded phone calls—for potential PCI impact.

The Venza Group has partnered with Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards.  The Venza Group also is partnering with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues.

Link: http://www.pci-portal.com/event/pcilondonuk13july; http://news.techworld.com/security/3456100/one-billion-toxic-phone-call-recordings-are-hidden-security-risk-claims-aeriandi/