The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

Slides:

Advertisements

Similar presentations

The Right Choice for Call Recording OAISYS and Mitel: Call Recording Solution Configuration.

Advertisements

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

OAISYS Public Safety Solutions Safeguarding Mission-Critical Communications.

1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.

OAISYS Solutions Version 7.0 What’s New 1.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Jeff Williams Information Security Officer CSU, Sacramento

Information Security Policies and Standards

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Why Comply with PCI Security Standards?

Northern KY University Merchant Training

Payment Card Industry (PCI) Data Security Standard

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

The Right Choice for Call Recording OAISYS and ShoreTel: Call Recording Solution Configuration.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

PCI requirements in business language What can happen with the cardholder data?

PCI: As complicated as it sounds? Gerry Lawrence CTO

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Hands-On Microsoft Windows Server 2008

Managing Windows Server 2008 R2 Lesson 2. Objectives.

Introduction to Payment Card Industry Data Security Standard

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Efficiency and Compliance Voice Documentation for Financial Services.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

The Right Choice for Call Recording OAISYS and Toshiba: Call Recording Solution Configuration.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,

NETWORKING & SYSTEM UPDATES

PAYWARE MOBILE API – APP TO APP INTEGRATION. PAYWARE MOBILE API OVERVIEW VeriFone’s PAYware Mobile API provides iPhone developers the ability to easily.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

The Right Choice for Call Recording Voice Documentation for Healthcare HIPAA Compliant Communications Documentation.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Payment Card Industry (PCI) Rules and Standards

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

DATA SECURITY FOR MEDICAL RESEARCH

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

Internet Payment.

BY GAWARE S.R. DEPT.OF COMP.SCI

UGA Extension Credit Card Processing Training

Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions

Call Center System Software Solution

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Unit 27: Network Operating Systems

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Presentation transcript:

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions

The Right Choice for Call Recording What is PCI DSS? Payment Card Industry (PCI) Data Security Standard (DSS) Developed by the Credit Card Industry to encourage and enhance cardholder data security Covers Network Security, Password Protection, Storage, Encryption, Software Vulnerability, etc.

The Right Choice for Call Recording PCI Core Principles Implement Strong Access Control ◦ Restrict access to cardholder data by business need-to-know ◦ Assign a unique ID to each person with computer access ◦ Restrict physical access to cardholder data Regularly Monitor and Test Networks ◦ Track and monitor all access to network resources and data ◦ Regularly test security systems and processes Maintain an Information Security Policy ◦ Maintain a policy that address information security

The Right Choice for Call Recording Who is Impacted by PCI? ANY company that stores, processes, or transmits credit card information is impacted and should be aware of the standards ◦ Financial Services ◦ Collections ◦ Sales/Retail ◦ Charities/Donor Networks

The Right Choice for Call Recording Call Recording and PCI DSS NO call recording software can actually be deemed “PCI compliant” Only software used to accept and process payment cards, such as card readers and online payment card validation solutions, can be PCI compliant Call recording software properly designed and developed with respect to PCI DSS can help facilitate compliance with the guidelines

The Right Choice for Call Recording How OAISYS Solutions Address PCI DSS Permissions-Based User Accounts Call Segment Sharing User Security and Audits Data Transmission/Encryption Standards Data Storage/Encryption Standards Recording Blackouts

The Right Choice for Call Recording Permissions-Based User Accounts Only authorized users can access data Permissions can be based on user type or other criteria, such as: ◦ Outside Number ◦ Call Duration ◦ Extension ◦ ACD information

The Right Choice for Call Recording Call Segment Sharing OAISYS Portable Voice Document (PVD™) technology provides for selective sharing of specific call segments (both internal and external) Recipients can only hear selected segments of the call Permissions can limit the length of time that a recipient will have access, or whether it can be shared further

The Right Choice for Call Recording User Security and Audits The OAISYS solution provides an administrative interface that delivers activity tracking and reporting ◦ Date, time, and user associated with access of any call ◦ User authentication controls are granular, which allows provisioning of the minimum access level required for tasks Call recordings include a digital watermark ◦ Proves call has not been altered in any way ◦ Can verify that sensitive information was not included or recorded

The Right Choice for Call Recording Data Transmission Standards PCI requires use of strong cryptography (such as SSL or IPSEC) during transmission over open, public networks ◦ The Internet ◦ Wireless Technologies ◦ Global System for Mobile (GSM) If sharing/sending is done internally, this requirement does not apply

The Right Choice for Call Recording Data Transmission Standards If needed, strong encryption during transmission can be obtained when using a VPN with IP Security (IPSEC) and Triple Data Encryption Standard (TDES) ◦ IPSEC handles the connection to the outside network ◦ TDES encrypts the streaming data

The Right Choice for Call Recording Database Encryption Standards OAISYS can utilize file-level encryption if necessary Encryption is tied to the Operating System (Windows 7 or Server 2008) Advanced Encryption Standard (AES) calls for 128-bit encryption minimum ◦ Windows AES uses 256-bit key

The Right Choice for Call Recording Blackouts If you do not record the Primary Account Number (PAN), PCI requirements DO NOT APPLY PCI DSS requires that Card Verification Codes are NOT stored under any circumstance, even if encrypted If you do not record the PAN or Card Verification Codes, you can easily comply with PCI standards

The Right Choice for Call Recording Wait a second… You provide call recording and you’re telling me NOT to record?

The Right Choice for Call Recording Three Ways to NOT Record 1. Do not record stations collecting data requiring PCI adherence 2. Transfer calls to non-recorded stations when PCI data is collected 3. Stop recording of calls when obtaining data requiring PCI adherence, then start again after data is obtained – in other words, BLACKOUT the data

The Right Choice for Call Recording How can I blackout only during the period where I am capturing PCI sensitive information?

The Right Choice for Call Recording OAISYS Desktop Client – Manual Recording Stop User can manually click the start/stop button on the OAISYS Desktop Client Requires manual intervention, but allows for flexible start/stop Start/Stop Button

The Right Choice for Call Recording Desktop Client API – Automatically Start/Stop Desktop Client utilizes a COM (ActiveX) interface to accept client-to-client commands to automatically start/stop recording Start/Stop functionality can be engaged by placement of the cursor in the appropriate field on the client application

The Right Choice for Call Recording Desktop Client API – In Layman’s Terms Place your cursor in the credit card # field on the client software and it sends a trigger to the OAISYS software to STOP recording automatically Move your cursor to another field and the client software sends a follow up trigger to the OAISYS software to START recording again

The Right Choice for Call Recording Desktop Client API – Internet Explorer Plug-in OAISYS has developed a plug-in utilizing IE7 and the Desktop Client which can automatically start/stop based on the position of the cursor in the browser window Works for ANY website, not just client controlled addresses

The Right Choice for Call Recording Desktop Port API – Automatically Start/Stop Desktop Port API utilizes server-to-server commands to automatically start/stop recording Typically applies to systems like predictive dialers that have their own client access software Essentially provides same functionality as Desktop API, but for different types of applications

The Right Choice for Call Recording Questions? OAISYS Sales Engineering option 3