PCI-DSS Compliance and the ZOOM QM Suite
PCI–DSS stands for "Payment Card Industry Data Security Standard" and is a set of requirements developed by the PCI Security Standards Council, an organization established by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International.
These requirements are mandatory for companies in the credit card payment processing industry to protect sensitive customer data and contact centers have the legal obligation to comply with the requirements set by this standard. Contact centers need to make sure that not only the required organizational policies are enforced but also that implemented solutions for their quality management and recording fully comply with this standard.
The ZOOM QM Suite is your solution to meet PCI–DSS compliance.
Is your contact center
PCI–DSS compliant ?
Learn more about how important it is for your organization to comply with PCI–DSS and other security standards and how the ZOOM QM Suite will help you to fullfil your compliancy needs.
Contact ZOOM today!
ZOOM QM Suite PCI–DSS Compliance Features
The ZOOM QM Suite "PCI–DSS Compliance Option" is a set of features which enables customers using ZOOM QM Suite to meet their PCI–DSS requirements. Use the PCI–DSS overview to see if all required policies are enforced, manage your encryption keys, audit all user actions with detailed information, pause call or screen recording to prevent storage of sensitive data and manage your user password policies.
Pause and Resume Support
To comply with PCI–DSS, the recording system used may not record or store any cardholder data such as the CVV code. This requires the ability to pause and resume voice and screen recording on the moments when a customer is providing this type of sensitive data.
The pause and resume feature is available for both SPAN and SPANless recorders as well as for ScreenREC. To trigger a pause or resume action, the third party application needs to connect using the CallREC API. The API provides a list of recorded calls and based on unique identification (extension number or any external data) the connected application may request the pause or resume action which will automatically apply to all active voice and screen recorders.
All system user accounts must be secured with passwords that are strong enough and changed on a regular basis. In addition the system must be resistant to repeated login attempts with random passwords.
Password security is ensured by the following features:
- Minimum required password complexity – minimum password length and a minimum number of upper/lower case characters, numbers, or non–alphanumeric characters in the password.
- Password expiration – a user must change the password after a specified number of days and the new password may not be the same passwords previusly used.
- User access lockout– after a defined number of unsuccessful login attempts, the account is locked for specified number of minutes.
PCI–DSS Compliance View
PCI–DSS Status Overview
Providing administrators with the ensurance that the system is configured correctly to fully comply with PCI–DSS requirements.
This informative page displays if all the required PCI–DSS related product features have been enabled and if all the required policies have been configured in accordance.
Call Encryption with Integrated Key Manager
The ZOOM QM Suite provides a full featured built–in key manager which supports:
- Several Public–Key Cryptography Standards for key store (PKCS12, JKS, JCEKS)
- Several industry standard encryption algorithms (AES, DES, Blowfish)
- Encryption of both calls and captured screens
- Support for more keys with random usage (If one of the keys gets compromised, only the corresponding part of the recordings must be re–encrypted)
- Re–encryption process in case that any of the keys gets compromised
Every database entry contains the UUID of the key that was used for encryption and the MD5 (or SHA–1) hash of the encrypted file so that encrypted media can be easily verified or re–encrypted in case the used keys expire or get compromised.
Logging of User Actions in Audit Log
The audit log provides tracking of all the actions performed by every user, including call replay, recording rule management or any other related action. PCI–DSS requires tracking of all details about users attempting to log in. All the successful and unsuccessful login attempts as well as expired sessions are logged together with IP address of the user's workstation.
Contact ZOOM today to learn more about how you can meet your PCI–DSS compliance requirements.