Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

INDUSTRY INSIGHT: From Today, PCI DSS v4.0 Compliance is Mandatory. Here’s What You Need to Know.

Who Should Read This?

This paper is for security leaders, compliance officers, contact centre managers, and risk professionals accountable for protecting customer data, responding to compliance audits, and mitigating fraud risks.

Introduction

As businesses navigate the evolving landscape of PCI DSS (Payment Card Industry Data Security Standard) compliance, the traditional approach of pausing and resuming call recordings is no longer satisfactory. This report explores the inherent risks of this method and presents a more robust, future-proof alternative.

Why Pause and Resume No Longer Fits the Bill

Under PCI DSS v4.0, mandatory from 1st April 2025, the method of manually pausing and resuming call recordings for PCI compliance is no longer an effective fraud mitigation strategy. Businesses relying on this method face significant risks due to the following limitations:

1.     Human Error is Unavoidable

Even with training and best practices, contact centre agents can forget to pause or resume recordings, leading to unintended capture of sensitive cardholder data. This increases compliance exposure and the risk of penalties.

2.     Insider Threats and Malicious Activity

Malicious actors within an organisation can intentionally bypass the pause-and-resume process, putting customer data at risk. Insider threats remain one of the biggest security challenges for businesses handling sensitive data.

3.     Post-Call Redaction is Too Late

Attempting to redact credit card data after a call has been recorded does not eliminate the compliance risk. Once cardholder data has passed through the merchant’s infrastructure, it is exposed to threats. Additionally, PCI DSS v4.0 requires stringent daily log checks (Requirements 10.6 and 10.7) to ensure no anomalies occur—a highly burdensome task.

 4.       Business Disruption and Operational Challenges

Businesses rely on call recordings for multiple purposes, including:

  • Compliance and legal documentation
  • Dispute resolution
  • Agent training and quality assurance
  • AI-driven analytics and customer insights

The pause-and-resume method disrupts these critical business functions, making it an impractical long-term solution.

Real-World Case Study: Transport Industry Compliance Pitfalls

A transport logistics company faced a severe compliance crisis when it was discovered that call recordings contained unredacted credit card data. As a result, they were forced to delete all recordings, leading to:

  • Loss of legally required verbal contracts
  • Inability to use recordings for training and coaching
  • Loss of key customer satisfaction metrics and KPIs
  • Disruption to AI model training for customer service applications
A Smarter Approach to PCI Compliance

SecurePII is a newly established product suite designed to provide businesses with a comprehensive, cost-effective solution for securing personal data. It offers full compliance with PCI DSS v4.0 while maintaining business operations.

Key Benefits of SecurePII
  • PCI compliance without disruption – No need to pause or redact call recordings; SecurePII ensures that sensitive data is removed before being captured.
  • Complete and secure call recordings – Businesses can maintain full call archives for compliance, training, and AI development.
  • AI-friendly and PCI-compliant data – SecurePII ensures that recorded conversations remain compliant while still being usable for analytics and large language model (LLM) training.
Urgent Action Required: PCI DSS 4.0 Enforced from April 1, 2025

With PCI DSS v4.0 enforcement beginning 1st April 2025, organisations must act now to ensure compliance. Relying on pause and resume is no longer sufficient and does not guarantee compliance when processing phone-based payments.

Take Action Today

Don’t wait until it’s too late. Let us show you how SecurePII can help your organisation remain PCI-compliant while keeping call recording intact. Ensure your compliance strategy is resilient, effective, and ready for the future.

Connect with us
Visit the website
Download this report

About BroadSource

BroadSource is a global leader in software development and telecommunications engineering, specialising in cloud communications solutions. With a strong commitment to security and regulatory compliance, BroadSource designs and delivers innovative products that empower businesses to safeguard sensitive customer data. By integrating cutting-edge security measures with seamless digital transformation strategies, BroadSource enables organisations to navigate evolving industry challenges while maintaining trust, compliance, and operational efficiency.

For media enquiries, contact Jacqueline Thals marketing@broadsource.com.au