How does call recording work on the VoiceHost platform and what are the features?
- Complete Call Recording - Call recording is configurable per inbound number and/or per outbound hosted seat or SIP trunk. This allows the account holder to set recorded and non-recorded routes. If enabled, an optional warning prompt can be played to callers but inbound only.
- Legal Notice - VoiceHost offers a built-in recording notification to help you stay compliant with legal requirements and avoid litigation (available for both inbound and outbound call scenarios). The VoiceHost platform plays a recording announcement at the beginning of the conversation to notify the customers, that the call may be recorded.
- Flexible Retention - VoiceHost enables users to easily configure the retention period for call recordings. Different retention periods can be selected for different types of calls to keep storage costs down.
- Secure Storage and Transfer - VoiceHost can deliver call recordings via FTP or FTPS made nightly direct to the customer. Recordings are decrypted for FTP delivery otherwise playback would not be possible. Call recordings remain encrypted on network storage until the user-defined period has elapsed. Call recordings are then permanently deleted and cannot be recovered.
- Fine-grained privileged access - Access to data is password-protected and provided to authorised users only. Role-based access control allows defining user’s rights, such as playback, live monitoring, administration, resources access etc.
- File Watermarking - VoiceHost call recordings are admissible in court and VoiceHost can ensure that call recording remains intact and unaltered whilst within our network
MiFID (Markets in Financial Instruments Directive) - EU wide from 03/01/2018
MiFID I and II applies to businesses/persons offering financial advice/transactions and mandates as compulsory rather than best practice previously, that all calls incurring financial advice and/or subsequent transactions should be recorded and stored for a prescribed period of up to 7 years. MiFID II grants clients the right to receive copies of records and as such integrity and provenance will become a prominent evidential factor in firm-client disputes.
- VoiceHost ensures file integrity with cloud storage.
- Recording can be enabled on inbound numbers or outbound calls
- Dial-Through application available to enable any telephone call originating from any device and any network (See more on dial-through here)
- Mobile application for Android and iOS enabling all VoiceHost routed calls to be recorded.
PCI-DSS (Payment Card Industry Data Security Standard) - Worldwide and non-compulsory (last updated in 2016)
PCI-DSS is not compulsory and was introduced by payment providers (Card Companies) in a bid to curb credit card fraud. As far as call recording is concerned, there are particular sensitivities around the storage of private card details and the standard has required businesses to make “best endeavours” to ensure the three-digit CV2 security numbers are not recorded or are not identifiable on any call recordings.
VoiceHost can provide you with compensating controls to help negate the recording of CV2 codes. You can enable start/stop call recording via the control panel.
Admissable in court
Once a call is recorded, it is stored using 256-bit encryption and each recording has a unique key and modification hash (checksum) to ensure authenticity at the network generation level which makes the recording admissible in a court of law.
No archiving of call-recordings is allowed at a network level and once the defined call-recording storage period has elapsed, the recording is permanently deleted.
FTP and FTPS (File Transfer Protocol with optional encryption)
The delivery of call recordings via FTP or FTPS is available. Access to the VoiceHost edge is not permitted and delivery is made nightly via FTP to the customer. Recordings are decrypted for FTP delivery otherwise playback would not be possible. Call recordings will remain encrypted on network storage until the user-defined period has elapsed. Call recordings are then permanently deleted and cannot be recovered.
- Create an FTP server and user with read/write privileges
- Pass the user details to VoiceHost so that we may start sending you the call recordings each night.
Call recording name format after FTP push:
Call recordings are compressed using MPEG layer 3 encoding @ 24Kbps. 1GB of storage should accommodate 92.59 hours of audio recorded or approximately 10.8 MB per hour of audio recorded.
Other Legal Considerations
Call recordings are pursuant to the following legislation which is applicable in England and Wales.
- Regulation of Investigatory Powers Act 2000 ("RIPA")
- Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 ("LBP Regulations")
- Data Protection Act 1998 (Repealed by the General Data Protection Regulations GDPR 2018)
- Telecommunications (Data Protection and Privacy) Regulations 1999
- Human Rights Act 1998
- The Computer Misuse Act 1990
How do I ensure my telephony complies with PCI-DSS best practices and other regulations?
- Enable encryption
- Use call recordings with operator mute functionality if you are taking card payments over the telephone.
- Enable Call recording storage (VoiceHost storage is encrypted and kept is PCI-DSS compliant data centres).