One billion 'toxic phone call recordings' are hidden security risk, claims Aeriandi

Not stored to PCI DSS standards

UK merchants that have yet to make themselves compliant with PCI DSS regulations could be sitting on up to one billion 'toxic legacy call recordings' containing financial data, payments security firm Aeriandi has claimed.

The company didn't offer any evidence beyond anecdote to back up the assertion during its presentation at the PCI London Conference this week but said it was convinced that the data held in these calls -- usually generated when consumers buy goods over the phone -- could present a significant security risk.

Merchants record the calls as they are required to by the Financial Conduct Authority (FCA) for use in the event of a dispute between the two parties.

Despite a lack of protocols for securing the calls, some firms had stored them going back up to seven years, creating an inadvertent conflict with the Payment Card Industry Data Security Standards (PCI DSS).

"We believe up to one billion call recordings containing toxic legacy data now exist in the UK as a subset of the tens of billions of overall call recordings made over the past seven years," said Aeriandi's CEO of card security, Matthew Bryars."While it's fine for most call recordings to be stored in any old storage system, any legacy toxic call recordings must be stored within PCI DSS requirements," he said.

One brand name firm found it had 140 million old calls, a third of which contained financial data, he said.

" In most cases toxic legacy data is an issue that most business leaders either don't know exists, or have yet to address," said Bryars.

Few firms had yet to migrate this 'toxic data' into a secure format, he said. "These merchants have an obligation to wake up to the issue of legacy toxic call recordings, and take urgent steps to deal with it," he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Aeriandi

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts