I am currently helping our compliance team with a PCI requirement for our new IVR. We need to ensure that the call recording is automatically paused whenever the customer is prompted to enter their credit card number. I am using the ‘Patch Call Recording’ action in Architect, but I am worried about the latency. Is there a chance that the first few digits of the credit card number could still be recorded before the pause takes effect?
Greetings! As the admin for our German organization, we have very strict privacy rules. The ‘Patch Call Recording’ action is asynchronous, which means there is a slight delay. If you want a one hundred percent guarantee that no digits are recorded, you should use a ‘Secure Flow’. When a call enters a secure flow, the recording is automatically paused at the telephony layer before the customer is even prompted for input. It is the only way to be fully compliant with GDPR and PCI standards in our region.
I have seen many ‘Secure Flow’ implementations. Nao82 is correct. The secure flow is much safer than using the ‘Patch’ action in a standard flow. One thing to keep in mind is that the agent will be disconnected from the audio while the customer is in the secure flow. Your dashboard will show this as ‘On Hold’ time, so make sure your reporting analysts understand why the hold times are spiking!