Barclays uses cookies on this website. Some cookies are essential to provide our services to you. Other cookies help us to analyse how you use the site, so we can improve your experience on our site. Cookies are stored locally on your computer or mobile device. Please select 'Accept all' to consent to cookies, or select ‘Reject all’ to reject all but essential cookies’, or select 'Manage cookies' to change your preferences. For more information visit our cookie policy.

What are the guidelines surrounding PCI DSS and the storing of voice recordings?

If the data is recorded in an analogue format (on tape) and there is no way to access this data other than by manually searching through it, then the tapes must be subject to the same level of security as normal paper transaction records – access must be restricted and tracked through user IDs, etc.. If this data is stored electronically and can be searched using any data mining or other automated means, then the same access controls methods would need to be adopted as for any storage of digital media. This must include the removal of the CVV2 digits after authorisation, and will involve rendering the PAN unreadable using any of the accepted techniques.