As more and more customers purchase goods and services through digital channels and share payment information with agents, contact center operators are increasingly focused on minimizing risks associated with the collection of payment card information. To better control the capture of cardholder data and reduce the risk of credit card fraud, the PCI Security Standards Council created the Payment Card Industry Data Security Standard (PCI DSS).

Zoom Contact Center admins can leverage several features that help limit storing customer payment information and improve conformance with their organization’s requirements. Please contact your sales representative or support team about the role these features can play in meeting your PCI DSS compliance needs.

This article covers:

• Voice and video recordings settings to avoid capture of payment card information
• Masking payment card information on display
• Blocking receipt of payment card information

Voice and video recordings settings to avoid capture of payment card information

• Admins can limit which queues have recording enabled. For queues where payment information might be collected, admins can leverage queue settings to disable recordings to avoid inadvertently storing payment card information.
• Admins can also control access permissions determining whether authorized users can view, play, download, or delete recordings.
• When enabling automatic call recording, which means every call will be recorded, admins can also configure recording settings that would allow agents to pause or stop call recording, for example, when payment card information or other sensitive data is shared.

  Note: When recording is paused, the recording service is still active but it is cut off from the media stream so that nothing (i.e., silence) is recorded during the period of the pause. When recording is stopped, the recording services will terminate. If recording is stopped and restarted instead of paused, a new recording file is generated upon restart.

  • Admins can elect to redact payment card information, including credit or debit card numbers, CVV, and expiration date, from recordings and transcripts. If redaction is enabled, an unredacted transcript will not be available to users. (As of March 2023, this feature is currently in beta.)

Masking payment card information on display

• Admins can choose to mask the display of personal information in an active or closed engagement or give that role the ability to hide or unhide data.
• Data elements that can be masked include display name, phone number, email, location or address, social security number, credit or debit card number, and date of birth.

Blocking receipt of payment card information

• Admins can configure blocking of credit or debit card numbers using regular expression so that agents aren’t permitted to receive them in web chat, in-app chat, or SMS engagements.

This article is not intended as legal advice. We encourage all customers to seek counsel on what their requirements are under applicable law in the jurisdictions in which they are using Zoom Contact Center.