This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
5184members
1542posts
This is a verified product documentation article. For case-based resolutions articles, please reference the Knowledge Base section of Invoca Community.

Security & Redaction Overview

Jacaselon
Community Manager
Community Manager

‎08-21-2024 09:00 AM - edited ‎10-14-2025 12:47 PM

Contents of this Article

Compliance Requirements

Redaction at Invoca is SOC 2 Type 2 Certified, ISO 27001 Compliant, HIPAA Compliant, PCI DSS Certified, and adheres to GDPR. Visit this resource for a more in-depth overview of Invoca’s Security, Compliance, and Data Privacy policies.

Note: Redaction is available in the USA and UK networks.

Understanding PCI DSS and Invoca’s Role in Protecting Your Data

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard designed to protect credit card information and prevent fraud. If a company handles payment and cardholder data—whether it's storing, processing, or transmitting this information—they must follow PCI DSS rules. This applies to major credit card brands like Visa, MasterCard, American Express, Discover, and JCB.

Invoca's PCI Certification

Invoca is PCI certified, meaning we meet and adhere to the strict security standards required by PCI DSS. Every year, an approved auditor checks our security systems to ensure we’re protecting customer data at all levels, from our infrastructure to our services.

This certification covers all aspects of credit card processing, including phone calls where customers may share their payment details. If these calls are recorded or transcribed, the system must be PCI certified; otherwise, neither the system nor the businesses using it are compliant with PCI DSS.

How Invoca Protects Your Data: Redaction

One key part of Invoca’s PCI certification is our redaction service. This service automatically removes sensitive information such as credit card numbers, expiration dates, CVV codes, Social Security numbers, and passwords from the audio and text of recorded calls. 

Note: Reach out to your Invoca CSM or success@invoca.com to inquire about call recording and transcript redaction [PCI-DSS compliance] within your package.

Redaction

When a call is recorded in Invoca, sensitive data is automatically redacted from both the audio recording and the transcript before any data is stored or processed further.

Note: This standard redaction level is being made mandatory for all new customers and will be deployed across all networks. At the moment, redaction cannot be disabled or customized to capture partial entities.

Fields Included in Standard Redaction

The following sensitive information is always redacted:

Personally Identifiable Information (PII):

  • Date of Birth (DOB)
  • Driver’s License Number
  • Passport Number
  • Social Security Number (SSN)
  • Passwords

Payment Card Information (PCI):

  • Credit Card Number
  • Expiration Date
  • CCV (Security Code)
  • Bank Account Number
  • Routing Number

Viewing Redaction Settings in your Network

Note: Redaction Settings are defined at the Network not the Profile level.

To see which fields are being redacted in your network:

  1. Navigate to and click Settings located in the left menu bar.

    Transcription 01.png

  2. Click Redaction.

    Transcription 02.png

  3. You will be taken to a read-only page displaying all fields currently redacted.

    Transcription 03.png

For more information on Invoca’s security and data privacy practices, visit our security page.

0 Kudos
Need more help?

Don't see what you are looking for? You can ask the Community or contact support.

Copyright © 2025 Khoros, LLC