-

What are the guidelines surrounding PCI DSS and the storing of voice recordings?

If the data is recorded in an analogue format (on tape) and there is no way to access this data other than by manually searching through it, then the tapes must be subject to the same level of security as normal paper transaction records – access must be restricted and tracked through user IDs, etc.. If this data is stored electronically and can be searched using any data mining or other automated means, then the same access controls methods would need to be adopted as for any storage of digital media. This must include the removal of the CVV2 digits after authorisation, and will involve rendering the PAN unreadable using any of the accepted techniques.