Skip to content

PCI-DSS Compliance Mode

Description

Provides a PCI-DSS compliant operating mode that pauses call recording when payment card data is being entered, masks sensitive DTMF tones in recordings and logs, and enforces data retention limits for cardholder data. Includes compliance reporting artefacts for PCI assessors.

Canonical use case

A payment processing company activates PCI-DSS mode so that recording is automatically suspended when a customer enters their card number via DTMF, ensuring cardholder data never appears in recording files or transcripts.

Open Items

  • [ ] Canon alignment — populate canon_axiom_refs or confirm no existing axiom applies
  • [ ] Dependency assessment — set dependencies_assessed: true once SA has reviewed the full chain
  • [ ] effort_estimate — replace 0 with rough engineering days (order of magnitude)
  • [ ] public_description — write the public-facing description before publishing