The Midwest’s Leading Supplier of Digital Recording Solutions for Voice, Video & Data

1. Exploring PCI And Customer Data Security Presented by: Gina R. George, MCSE, CBC Corporate Communications Director The Midwest’s Leading Supplier of Digital Recording Solutions for Voice, Video & Data Much of this presentation was created by Kristyn Emenecker, Director, Solutions Marketing, Verint Systems, Inc., and is used with her permission.

2. Founded in 1983 • Headquartered in Grove City, OH • Sales & Support Offices in IN and IL • Platinum Business Partner for Verint Systems and 2007 Verint Business Partner of the Year • Authorized Reseller for VIQ Solutions • Seller of SCI-DVR • Additional Lines: AMAG, Firetide, cNotify

4. Myth: The Call Center’s Not A High Risk Area

5. Customer Privacy Management

6. Data Intensive Environment + Transient/Offsite Staff = Perfect Storm

7. In The News Recently…

8. Call Recording: Key To Fraud Protection

9. Call Recording: A Double-Edged Sword

11. What Is PCI-DSS?

12. What Is PCI-DSS: A Second Opinion “The PCI Data Security Standard was launched in 2006 by private-sector organizations to improve the security of credit card data. But PCI has instead become a massive butt-covering exercise that extends from retailers to auditors to major credit card brands. Whether data is any safer remains to be seen.” Andrew Conry-Murray PCI And The Circle Of Blame Information Week February 23, 2008

13. Card Security Programs

14. 12 Primary Requirements of PCI-DSS

15. 12 Primary Requirements of PCI-DSS

16. Who Has To Worry About PCI?

17. What Does The Future Hold?

18. Data Security: More Than PCI

19. Where Do Call Recordings Fit In?

20. CVV2: A Special Concern

21. Call Recording & PCI: Possible Solutions • End-to-end encryption • Encrypt audio and screens at acquisition • Decrypt only at playback • Data avoidance • Pause recording while caller speaks sensitive information • Mute recording while caller speaks sensitive information • Tone over recording while caller speaks sensitive information • Data deletion • Delete part or all of the recording after the call is completed

22. Possible Solutions: Scenario #1 • Large catalog retailer • Records for QA only • Voice & Screens • Contact Center, Branch Office & Work-at-Home Agents • Compliance Methodology: Data Deletion • Agents use an applet on their workstations to tag credit card calls • Recording system does automatic sweep every two minutes and purges tagged calls • Calls can be manually tagged later by supervisor if missed by agent and found during QA review • Reports are generated and correlated to credit card authorization records to prevent system abuse

23. Possible Solutions: Scenario #2 • Large public utility • Records for QA and compliance • Voice & Screens • Contact Center, Branch Office & Work-at-Home Agents • Compliance Methodology: Data Deletion • Automated process scans call recording database for agent ID, date and time • Process compares result to similar scan of credit card transaction files • Upon finding a match, process deletes audio and screen files from call recorder

24. Where Do You Go From Here?

25. For more information visit:www.soundcommunications.com Or call: Toll-free (800) 556-8556, x 718 Local (614) 875-8500, x718 or (614) 317-9062 The Jackson Building 3440 Park Street Grove City, OH 43123