When investigating which speech analytics solution is the best fit for their needs, prospects often inquire about PCI compliance. In order to be PCI compliant, an organization that processes, stores, or transmits credit card information must meet a set of requirements put forth by the Payment Card Industry Data Security Standard (PCI DSS) that are designed to ensure a secure environment. There are four PCI compliance levels that all merchants will fall into based on transaction volume. While PCI compliance is essential within certain industries, the telecom industry (including CallFinder speech analytics, who carries call traffic on a telco platform on behalf of customers) must adhere to CPNI/FCC Regulations, which are much stricter than PCI DSS requirements.
The FCC (Federal Communications Commission) imposes requirements about how the telecom industry can use Customer Proprietary Network Information (CPNI) and what must be done to protect it from disclosure. 800 Response Information Services (the parent company of CallFinder) is an FCC and state-registered telecom carrier, which means we are bound by this extensive body of federal and state requirements, including laws and regulations relating to the protection of customers’ privacy. 800response’s operations and business practices have been designed to ensure compliance with these regulations on accessing and being privy to private information contained within customer phone calls. We are obligated to file annual compliance reports with the FCC and since our inception, we have received no complaints, nor have we been the target of any regulatory enforcement actions alleging violation of the CPNI obligations.
Additional CallFinder security protocols to protect customer data include (but are not limited to):
Guarded Data Center
The platform is hosted at a world-class Verizon Business Systems Data Center that is controlled by guards at all times. The hardware is deployed in locked cabinets and external backups are stored under lock and key in a remote location.
Access is granted at the User level, each user is granted or denied privileges for certain platform features. Each time a User requests information, the platform automatically authenticates the User’s credentials and ensures that they’re authorized to see the information requested.
Mediated Audio Recording Playback
All requests to play audio recordings are mediated by a validation/authentication process and transmitted using transport layer security (HTTPS). Playback requests from IPs that have not been approved are blocked.
- Call recordings are maintained on a high-availability storage device in our data center, which affords physical and network security. Our application security model requires a valid user account and password to access the web application; access to recordings is further restricted based on each user’s specific application permissions and account scopes. All site and recording access are logged.
- Call recordings may be played via a web interface or downloaded directly to the user’s desktop. All access to the website and recordings, from login to playback/download, is performed through a secure connection via HTTPS using 2,048 bit RSA encryption.
Read more about the CallFinder network and security, and speak with an account manager who can share more details.