Gala Technology Limited
+44 (0) 1709 911 661   Email Us 

The problem with Pause and Resume

The problem with Pause and Resume

PCI-DSS compliance insists that sensitive payment card information must be protected. However this can cause businesses a headache if they record calls for training or monitoring purposes as the card data can be captured, causing a conflict with compliance.
To combat this problem and to avoid capturing sensitive authentication data (SAD) such as the 3 digit security number on the back of the card, many companies use the 'Pause and Resume' call recording method. This can either be a manually or automatic system.


This however, causes its own problem as it undermines the very reason calls are recorded.
The call recording is there to provide an unequivocal record of what conversations took place over the telephone. A gap in this record creates doubt. What was said during this time? If a customer is claiming a policy or product was mis-sold or they were misinformed in some way, a complete record to refute this claim no longer exists.

FCA Logo

This is especially relevant to financial services industry. The Financial Conduct Authority (FCA), the UK regulator for the financial services industry, demands that service providers keep sufficient detail of their transactions. The rules in COBS11.8 oblige firms to retain records of specific telephone conversations and electronic communications of client order services that relate to the reception, transmission and execution of client orders and proprietary trading.
In insurance contact centres, FCA recommendations are met by recording calls. So in order to comply with PCI-DSS regulations, some contact centres simply pause recordings while the while card information is read out, and resume recording once the payment process is complete. This again creates a window of uncertainly should a customer raise a complaint or concern.

Contact Centre

In addition a common myth is that 'Pause and Resume' call recording removes you from scope. On it's own it does not.

The call recording element is taken out of scope, but the rest of your environment remains in scope and must form part of your audit.

The PCI Security Standards Council do not regard Manually activated Pause and Resume methods as being compliant.

By using our SOTpay solution, no sensitive payment card information enters your environment, thus supporting full PCI DSS compliance and removing your contact centre from scope.

This means that the entire conversation can be recorded, complying with both PCI DSS and FCA guidelines and regulations and proving a useful tool in consumer disputes.
What makes it even better is that SOTpay is cloud based, which means that no expensive hardware or amendments to your current telephony solution are required.
Let's Talk
Our team of experts have many years of experience in payment solutions of all kinds, including PCI-DSS compliant card payments, direct debit and Open Banking. To book a free consultation to find out more about how we can help your business to accept smooth and easy payments, simply give us a call on 01709 911661, drop us an email here, or let us know which day is most convenient via the calendar below and we’ll be in touch when it suits you.

Armor Secure Hosting    DMARC - Email Protection    Data Protection People    PCI Compliant

Gala Technology Limited, Unit 10 Farfield Park, Manvers, Rotherham, South Yorkshire, S63 5DB
what3words location ///balance.buyers.shrug


Copyright © 2015 - 2021 Gala Technology Limited. All Rights Reserved.