Training for Call Center Compliance; 7 Regulations Managers Need to Know
1. Call Centers Cannot Record the CVV2 Number on Credit Cards
According to the Payment Card Industry Data Security Standard (PCI-DSS), all call centers are prohibited from recording CVV2 numbers along with other sensitive data such as full magnetic stripe data and pin numbers.
This rule applies to written information along with recorded calls or other forms of communication.
If a call center records customer calls, it runs the risk of storing this highly sensitive information. To stop this from happening, call centers should use some sort of API fix that automatically stops the recording when the call center agent enters the credit card information and resumes recording when they’re finished.
2. Call Centers Need Consent from Both Agents and Customers to Record Their Conversations
Most states in America require consent from both parties in order to record communications between them.
Call centers need to be aware of their state’s laws and implement policies for gaining consent before initiating conversations with customers.
Many call centers tell incoming callers that their calls will be recorded, but agents don’t always say it when dialing outgoing calls as they should.
Also, call centers should never assume that just because they tell the caller that they’re recording, it’s enough to show consent in the rare case that a caller sues the call center. Some courts won’t uphold it.
Instead, call centers ought to tell callers how they can opt out of the call before the conversation continues.
3. Track All Agents in the Call Center Who Access Sensitive Information
Another PCI-DSS standard is all agents working on a computer must be assigned a unique ID.
The purpose of the ID is so that in the case of leaked, stolen, or corrupted information, it can easily be traced to a specific employee or someone else with an access ID.
Of course, call centers can and should use 2-factor authentication, especially when allowing remote agents to access the network.
4. All Agents Should Be Trained Annually to Remain Compliant
It’s not practical to train agents once and expect them to retain everything. Call center agents need to keep their knowledge of policies and procedures fresh and updated.
That means every year, call centers should conduct agent training that covers the regulations issued by TCPA, HIPAA, PCI-DSS, and other organizations.
This helps call center agents remember the information that keeps their employer out of trouble, but most of all, it keeps customers and themselves safe and secure.
5. Agents Can’t Threaten Customers to Pay Their Bills
This should come as no surprise but it bears repeating:
According to the Fair Debt Collection Practices Act (FDCPA), Section 806:
“A debt collector may not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of a debt.”
Call centers should make sure that their agents know how to speak calmly and use nonviolent language when talking to callers.
We know managers and most agents know better, but agents can often put pressure on themselves to perform – and that pressure can lead to choices that hurt themselves and the business. Be clear that this is never an option and that metrics aren’t an excuse for illegal or unethical behavior.
6. Call Centers Should Assume They’re Under GDPR Regulations
The General Data Protection Regulation (GDPR) issued by the EU can affect call centers that do business with European companies or accepts and records information from EU residents.
Call centers should take appropriate steps to ensure they’re complying with GDPR, such as:
- If call centers record personal data, customers must be able to retrieve this data if requested for no charge. And it must be easily accessible.
- Call centers must present compelling reasons why they record calls and store customer interactions. The reasons presented can range from legal requirements to contract fulfillment.
- Call centers must receive consent before recording a call.
7. Call Centers Can’t Share Customers’ Health Information
The Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted for a number of reasons, but the primary one is the privacy and security of patient health information.
HIPPA mandates that the following information is protected and must be reasonably safeguarded:
- Social Security numbers
- IP addresses
- Full face or any comparable photographic images
- Geographical identifiers
- Account numbers
- And more
How Call Centers Can Stay Compliant with the Most Important Regulation: The TCPA
There’s no doubt that TCPA compliance is the one most call centers worry about. It’s certainly the most relevant.
But it’s difficult to find an all-in-one guide that walks you through each regulation step-by-step and helps call centers implement the correct policies to remain compliant.
Which is why we created The Complete Guide to TCPA and included a Compliance Checklist for call centers. Go ahead and download your free copy of these resources today.