CallMiner Receives PCI Certification and Introduces Data Redaction Functionality
CallMiner has received Payment Card Industry Data Security Standard (PCI DSS) certification. T3i, a leading provider of compliance and security solutions and a payment card industry compliance management qualified security assessor, performed the validation.
PCI DSS is the payment card industry security requirement for entities that store, process, or transmit cardholder data, and has been endorsed by all the major card brands – Visa, MasterCard, Discover, American Express, and Japan Credit Bureau (JCB). For certification, CallMiner had to demonstrate compliance by thoroughly reviewing its physical access controls, IT environment, and information security policies and procedures. Additionally, CallMiner passed an internal penetration test, which ensures adequate controls are in place for any person with access to the internal corporate LAN/WAN environment.
“The fact that CallMiner was extremely well organized and had a secure data infrastructure and environment already in place made CallMiner’s PCI certification process one of the smoothest T3i has ever conducted helping T3i to complete the assessment and report on certificate ahead of schedule,” said T3i CEO Jerry Wyble.
“Obtaining the PCIDSS certification is extremely important for many of our customers," said Kristen Mikovich, CallMiner’s chief operating officer and head of its global professional services organization. "Ensuring that their audio is secure is an integral component of CallMiner’s customer-centric DNA. The speed at which we were able to accomplish certification is a testament to how seriously we have always handled and treated sensitive data.
“We appreciate T3i's expertise and efficiency in assisting CallMiner meet compliance with the PCI DSS standard,” Mikovich said.
CallMiner's facilities, operations and policies concerning processing and storage of customer audio are fully PCI compliant. Compliance safeguards include:
- encrypted and fully protected storage of cardholder data;
- all transmissions of data are secure;
- strict access control measures restricting access to data;
- regular monitoring and testing of networks; and
- comprehensive information security policies.
To enhance the security of customer interactions relating to credit card transactions, CallMiner is introducing Data Redaction, a new speech analytics functionality that categorizes sensitive data with a fortified algorithm enabling full redaction of transcribed calls and audio playback. The new functionality includes the following components:
- PCI compliance;
- PII protection;
- transactional data protection; and
- account balance redaction.
When Eureka Data Redaction is implemented, agents and supervisors who regularly access calls for quality assurance purposes will be unable to access any sensitive data.
“Security is the ‘sine qua non’ prerequisite for our many enterprise customers, and we expect all of our global customers—retailers, financial institutions and other organizations—that rely heavily on credit card transactions will want to employ this new functionality immediately,” said Mikovich.