PCI-DSS Compliance for Your Business
This information is provided for the sole purpose of encouraging thought for a starting point discussion with your legal counsel, before recording telephone conversations. The information provided here is not legal advice, and it is in no way intended as a substitute for legal counsel. Always consult with a licensed attorney(s) in the relevant state(s) if you have questions about the legal implications of recording phone conversations.
PCI-DSS (Payment Card Industry Data Security Standard) compliance is a topic that requires specific knowledge and practices, especially as they may relate to calls (that may contain credit cardholder information) recorded by merchants or other businesses. In our opinion, there is probably no substitute for appropriate legal and operational guidance from experienced PCI-DSS experts.
In addition to getting started with PCI-DSS, the PCI Security Standards Council website provides a documentation library that includes the PCI-DSS standard itself, as well as a supplement directly related to call recording, entitled, “Protecting Telephone-based Payment Card Data“.