Overview
TIM Plus and TIM Enterprise offers offer the ability to obfuscate (mask out) one or more sections of the audio of a telephone call with an a customisable audible tone, preventing the listener from hearing the original speech when played back.
This is normally required for compliance in certain industries where regulations dictate that certain spoken information be masked out, e.g. the Payment Card Industry - Data Security Standard (PCI-DSS).
...
As an example, we will adopt the PCI-DSS example
...
where telephone calls that contain spoken credit card information need to be masked out by an audible tone, but only during those parts of the call when the card details are actually being spoken, leaving intact the rest of the call audio.
In this scenario, we'll assume that agents (employees that make or receive telephone calls) utilise an in-house or third-party data entry system into which credit card detailed are entered using a computer.
How it works
Considering TIM Plus and TIM Enterprise (in conjunction with one or more Magic boxes) records the call audio at strategic boundaries in your telecom infrastructure - usually your organisation's telephone lines, rather than each user's telephone handset - some reconciliation is normally required between those boundaries and the actual agent that handled the call.
By default, this reconciliation occurs automatically in TIM Plus and TIM Enterprise, which is how the agent-centric calls that you see in call reports are able to be associated (matched) with each call, as seen from the point of view of a telephone line which delivers calls to many agents.
During obfuscation, it is necessary that a user or device sends at least two signals to TIM Plus or TIM Enterprise. Together, these two signals allow our software to mask out the audio between the two points in time that each signal was received.
Screenshotmacro | ||||
---|---|---|---|---|
|
At the point in time during an agent's call when obfuscation is necessary - e.g. "Can I have your CVV number please?" is spoken by the agent - a signal is sent by the agent to TIM Plus or Enterprise, which records the event along with the exact time it was sent. Similarly, when the sensitive part of the call is finished, a further signal is sent, which is also being recorded.
A single telephone call can contain more than one obfuscation and the number of signals required is always twice the amount of obfuscations in a call.
Assumptions
This guide assumes the following statements are true:
- You have a licensed copy of TIM Plus or TIM Enterprise that includes voice recording
- Your installation is at least version 3.0.0.55
Common solutions
Taking the example of masking out some digits of a phone call when a credit card number is being quoted, most solution providers modify the data entry system that an agent uses.
Implementation
HTTP request
To send a start or stop signal, a simple
Referencemacro | ||
---|---|---|
|
Every request to the web server requires authentication, so ensure that the relevant HTTP authentication headers are sent with your request and that the username and password combination match an existing web user object in the Directory.
The response status code will indicate success or failure.
Request format
The request should be a
Referencemacro | ||
---|---|---|
|
Code Block |
---|
http://192.168.0.1/signal.js?cmd=set&cat=4&type=1&objtype.... |
Valid parameters are described in the table below:
Parameter | Description |
---|---|
cat | Signal category. For audio masking, this value is always 0x04 |
type | The type of signal. Valid values for 0x04-categorysignals are:
|
objtype | The type of object that this signal relates to. This can be one of two values:
|
objid | The unique ID of the object type as specified by the objtypeparameter (above). This is used to locate the object in the Directory The region of the Directory to search in is specified by the key parameter (below) and governed by the access implied by the placement of the web user whose credentials are used to effect the web request |
key | Specifies the key relating to a container object in the directory (or blank, implying the whole directory) whereby a search on the object specified by objtype and objid is performed below |
Return values are specified as
Referencemacro | ||
---|---|---|
|
Valid status codes are as follows:
Parameter | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
200 | The signal was received and stored successfully | ||||||||
400 | The request was not acceptable for one of the following reasons:
| ||||||||
404 | The object specified by the combination of the objtype and objid parameters - and optionally the key parameter - could not be found | ||||||||
500 |
|
Echo Obfusactor plug-in
We publish, free of charge, a browser plug-in for Google Chrome that automates the obfuscation process when visiting specific website URLs.
Programmatic obfuscation
Our TIM Plus and TIM Enterprise products provide an API to integrate call obfuscation functionality into your in-house or third-party data entry systems into which credit card detailed are entered using a computer.
Official PCI Security Standards
There is a set of established rules to protect customer card data. It is called the Payment Card Industry Data Security Standard (PCI DSS). It's governed by the Payment Card Industry Security Standards Council (PCI SSC). These rules are better known in our business vernacular as PCI compliance.
For full details, click below: