“Toxic legacy call recordings” are being illegally stored according to Regulation .
In order to secure the personal details of end-users to keep fraud at bay, Payment Card Industry regulation forbids merchants from storing payment related phone-calls containing customer card details. These “toxic legacy call recordings”, have been discovered in the billions, and disobedient UK merchants may have to cough up, up to half a million pounds each to pay for a breach of this kind.
The Risk
Unless merchants are PCI certified, with the appropriate security facilities systematically in place (which most merchants are not), fraud can easily take place by using speech Analytics software to mine and sell the data. This is a dangerous situation for consumers and for the merchants themselves who risk fines, brand notoriety and the loss of business.
The Reason
PCI regulation is bumping heads with FCA (Financial Conduct Authority) requirements, which expects calls to be recorded for damage control and regulation. But, unless there is a legitimate reason to hold onto the data, or the merchant is in-fact PCI certified and thus equipped to provide the necessary security for this procedure, it is deemed unsafe and the penalty is severe.
The Reality
Even though, with new adaptive technology in telephone recording, many merchants are no longer, illegally storing the data, an estimated billion call recordings with “toxic legacy data” exists from past recording and are vulnerable in the hands of UK merchants.