Invoca

Contents of this Article

• Compliance Requirements
• Understanding PCI DSS and Invoca's Role in Protecting your Data
• Invoca’s PCI Certification
• How Invoca Protects Your Data: Redaction
• Redaction Sensitivity Levels

Compliance Requirements

Redaction levels at Invoca are SOC 2 Type 2 Certified, ISO 27001 Compliant, HIPAA Compliant, PCI DSS Certified, GDPR. Visit this resource for a more in-depth overview of the Security, Compliance, and Data Privacy policies at Invoca.

Note: Redaction is available in the USA and UK networks.

Understanding PCI DSS and Invoca’s Role in Protecting Your Data

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard designed to protect credit card information and prevent fraud. If a company handles payment and cardholder data—whether it's storing, processing, or transmitting this information—they must follow PCI DSS rules. This applies to major credit card brands like Visa, MasterCard, American Express, Discover, and JCB.

Invoca's PCI Certification

Invoca is PCI certified, meaning we meet and adhere to the strict security standards required by PCI DSS. Every year, an approved auditor checks our security systems to ensure we’re protecting customer data at all levels, from our infrastructure to our services.

This certification covers all aspects of credit card processing, including phone calls where customers may share their payment details. If these calls are recorded or transcribed, the system must be PCI certified; otherwise, neither the system nor the businesses using it are compliant with PCI DSS.

How Invoca Protects Your Data: Redaction

One key part of Invoca’s PCI certification is our redaction service. This service automatically removes sensitive information such as credit card numbers, expiration dates, CVV codes, Social Security numbers, and passwords from the audio and text of recorded calls. 

Note: Reach out to your Invoca CSM or success@invoca.com to inquire about call recording and transcript redaction [PCI-DSS compliance] within your package.

Redaction Sensitivity Levels

We offer three levels of redaction. If a customer has call recording and transcript redaction [PCI-DSS compliance] enabled they will initially be assigned to the standard level. However, you can submit a request to adjust your redaction levels in accordance with the following options:

1. Least Sensitivity: Removes only the most sensitive numerical data while keeping most other information intact for business use. Examples include:
   1. Credit card details
   2. Social Security numbers
      
      
2. Standard Sensitivity: This is the default setting customers are placed on if they sign up for redaction. It offers a balance by removing more sensitive numeric data, including cases where numbers might be spoken in the context of private information, while still preserving important business details. Examples include:
   1. Credit Card details
   2. Social security numbers
   3. National insurance number (UK)
   4. Password
   5. Driver License Number
   6. Birthday
      
      
3. High Sensitivity: Provides the highest level of protection by removing nearly all numeric data. The following items are examples of numeric details in a call that are likely to be redacted at this sensitivity level, in addition to the aforementioned items mentioned in the sections above. Examples include:
   1. Age
   2. Prices
   3. Phone Numbers
   4. Times
   5. Routing numbers

For more information on Invoca’s security and data privacy practices, visit our security page.