We need to collect credit card numbers from customers over the phone for payment processing. Our compliance team requires that call recording pauses during the card number entry and a tone plays to indicate the secure segment has started.
I configured the Architect flow with a Secure Session block. Inside the Secure Session, I have a Collect Input block that asks for the card number via DTMF. The flow works - the agent is muted, the DTMF tones are suppressed from the recording, and the card number is captured correctly.
But the compliance team says there is no audible tone on the recording to indicate when the secure session started and ended. When they review recordings for PCI audits, they need a clear audio marker showing where the secure segment boundaries are.
I expected the Secure Session block to automatically insert a beep or tone on the recording. The Genesys Cloud documentation mentions a “secure pause indicator” but does not explain how to enable it.
Does anyone know how to configure the audible secure session indicator on call recordings?
The secure pause indicator is not enabled by default and the documentation is maddeningly vague about where to turn it on.
Go to Admin > Telephony > Trunk Settings (for your active trunk - either GC Voice or BYOC). Scroll down to the “Recording” section. There is a toggle called “Play secure pause tone” that defaults to OFF. Enable it.
Once enabled, the system inserts a 500ms 440Hz tone at the start of the secure session and a 500ms 880Hz tone at the end. These tones appear on the call recording but are NOT played live to the caller or agent - they are only injected into the recording stream.
If your compliance team needs the tones to be audible to the agent as well (so the agent knows the secure session is active), you need to add a Play Audio block inside the Secure Session flow that plays a custom prompt. The built-in tone is recording-only.
One more thing: the Secure Session block suppresses DTMF tones from the recording, but it does NOT suppress the agent’s voice. If the agent verbally reads back the card number during the secure session, that will still be on the recording. Train your agents to never read card numbers aloud during secure sessions.
This is really helpful! We are going through PCI compliance at our BPO right now and I did not know about the trunk-level toggle either.
One thing our compliance auditor flagged: the Secure Session block in Architect has two modes - “Agent Muted” and “Full Pause.” For PCI DSS compliance, you specifically need “Full Pause” mode, which stops the recording entirely during the secure segment. “Agent Muted” only mutes the agent audio but the recording continues to capture ambient sound from the customer side.
The mode is set in the Secure Session block properties in Architect under “Recording Behavior.” Make sure it is set to “Pause Recording” rather than “Mute Agent Audio Only.” Our auditor rejected our initial setup because the agent-mute mode technically still captured audio data during the card entry, even though the DTMF tones were suppressed.