What is Call Recording?

What Is Call Recording?

Call recording is the practice of capturing and storing audio from telephone conversations. In a business context, it is most commonly used in contact centres to record interactions between agents and customers for purposes including quality assurance, training, dispute resolution, and regulatory compliance.

Almost every contact centre records calls. If you have ever heard the phrase "this call may be recorded for training and quality purposes" at the start of a phone call, you have encountered call recording in action. It is one of the most established technologies in the contact centre world, but its intersection with payment security and data protection regulations makes it surprisingly complex.

How Call Recording Works

Modern call recording systems capture audio at various points in the telephony infrastructure. The recording can happen at the agent's handset, at the PBX or ACD level, at the network level, or in the cloud platform (for cloud-based contact centres).

Recordings are typically stored as digital audio files, indexed with metadata such as the date and time, agent ID, caller number, call duration, and sometimes additional tags from the CRM or quality management system. This metadata makes it possible to find specific recordings later -- essential when you have thousands of calls per day.

Types of Call Recording

• Full-time recording captures every call in its entirety. This is the most common approach in regulated industries and large contact centres
• On-demand recording allows agents or supervisors to start and stop recording manually. This is sometimes used to avoid recording sensitive sections of a call, though it introduces compliance risks if agents forget to pause or resume
• Selective recording uses rules to determine which calls are recorded based on criteria such as agent, queue, call type, or random sampling
• Screen recording captures the agent's screen alongside the audio, showing exactly what the agent was looking at and doing during the call. This is increasingly used for compliance monitoring and training

Why Call Recording Matters for Businesses

Call recording serves multiple important business functions:

• Quality assurance Managers can review calls to assess agent performance, identify coaching opportunities, and ensure service standards are being met
• Training Real call recordings provide the most effective training material for new agents, far more useful than scripted role-plays
• Dispute resolution When a customer disputes what was said or agreed during a call, the recording provides a definitive record
• Regulatory compliance Many industries require call recording. Financial services firms, for example, must record calls that relate to transactions or orders under MiFID II regulations
• Liability protection Recordings protect both the business and the customer by providing an objective record of the conversation

The Call Recording and Payment Security Problem

Here is where call recording becomes complicated. If a customer provides their card details during a recorded call, the recording captures that payment data. This creates serious problems for PCI DSS compliance.

PCI DSS prohibits the storage of sensitive authentication data after authorisation. This includes the CVV/CVC code and, in many interpretations, the full card number if it can be extracted from the recording. A call recording that contains a customer reading out their card number, expiry date, and CVV is essentially an unencrypted store of payment card data -- exactly what PCI DSS is designed to prevent.

The traditional workarounds have significant drawbacks:

• Pause and resume The agent pauses the recording before the customer provides card details and resumes it afterwards. This relies on the agent remembering to pause and resume, creates gaps in the recording that undermine its value for quality assurance, and still leaves the agent hearing the card data
• Post-call redaction Software automatically identifies and removes card data from recordings after the call. This is better than nothing but means card data exists in unencrypted form between the time of recording and the time of redaction
• Not recording payment calls Some organisations stop recording calls that involve payments entirely. This eliminates the card data problem but loses all the business benefits of call recording for those interactions

Call Recording and DTMF Suppression

The most effective solution to the call recording and payment security problem is to prevent card data from entering the recording in the first place. DTMF suppression technology does exactly this by replacing the keypad tones with flat tones before they reach the recording system.

When a customer enters their card details using their phone keypad during a DTMF-suppressed payment, the recording captures flat tones instead of the actual digits. The full voice conversation is recorded -- the agent guiding the customer through the payment, the customer confirming the amount, the payment confirmation -- but the card data itself never appears in the audio.

This means businesses can maintain full-time call recording without any PCI DSS implications for the recording system. No pause and resume, no post-call redaction, no gaps in recordings, and no compliance risk.

Practical Considerations

• If you record calls and take payments, audit your recordings now. Check whether card data is being captured and take steps to address it if so
• Inform callers that the call is being recorded. This is a legal requirement in most jurisdictions and should be done at the start of every call
• Implement retention policies. Storing recordings indefinitely increases your data protection risk. Define how long recordings are kept and ensure they are securely deleted when that period expires
• Control access to recordings. Only authorised personnel should be able to listen to or download recorded calls, and access should be logged
• Consider GDPR implications. Call recordings contain personal data, and individuals have the right to request access to recordings of their calls and, in some circumstances, request deletion