PCI Compliance

The Payment Card Industry (PCI) Data Security Standards were created to protect the personal and financial data customers entrust to retailers, banks, service providers and credit card companies. Non-compliance with PCI requirements can put a company at risk of losing financial data and customer loyalty. Businesses that handle customer information such as credit card numbers must be able to provide additional security, including:

• Encryption
• Security Permissions
• Voice and Screen Masking
• Limited Access to Recordings
• Audit Trails

Qfiniti Enterprise's integrated security ensures businesses are compliant with PCI security standards and sufficiently protect the customer data that enters the organization through sales, reservations, account management and financial transactions. Features such as data encryption, audit logs and permission-based settings controlling view and access are built directly into the Qfiniti platform for centralized security and management.

Encryption

Qfiniti encrypts recordings using 256-bit AES encryption. This is a symmetric encryption algorithm, using keys generated and changed as needed by the administrator. Keys are protected by encrypting them with the RSA (asymmetric) encryption algorithm.

User Permissions

Qfiniti enables administrators to define a role for the user with each role containing a related set of permissions. When granted, the available permissions allow the user to perform permitted functions in Qfiniti, such as playing back or exporting a call recording.

Voice and Screen Masking

The Qfiniti Desktop can mask or mute out sensitive data from an audio or screen recording. The data, such as a credit card or social security number, is intelligently located by the system and, based on the needs of the business, that data can either be muted or masked for compliance or liability purposes. In the muting configuration, the sensitive portion of the recording is not recorded so there is no record of it in the organization. If the business requires financial or personal information to be captured for verification or compliance purposes, Qfiniti can record the entire call and then mask the sensitive data in the audio recording and on-screen during playback. Unlike muting, this setup allows the sensitive information to remain accessible to certain users based on their permission settings.

Limiting Physical Access to Data

Qfiniti Enterprise delivers secure access to recorded interactions. A user can access a recording by entering his or her personal user ID and password. The recording is played back in either the masked or un-masked format depending on the user's set permissions. Since most users access Qfiniti through Windows Authentication, username and password are only entered once at login.

Tracking Activity

Qfiniti's Audit Trails feature tracks all user activity in the system, including log-ins, log outs, and access to recordings and evaluations. The Audit Trails feature provides details on who updated, added, or deleted records, and when they performed the action. Qfiniti can also be equipped with a more comprehensive audit tool, IDOL ECHO, which gives users added benefit of a fully auditable and accountable information monitor. ECHO's capabilities enable the organization to account, track and trace every piece of data that enters, leaves, is created or deleted in the enterprise. ECHO follows the data throughout its lifecycle in the enterprise, including format changes and transmissions, and produces reports on who or what the data influenced.