Companies often collect, store or otherwise process information concerning individuals in order to provide services and products. Many countries have enacted laws that regulate how such information is to be treated or may be used. In addition, some industry bodies prescribe codes of conduct and standards with which their members must comply. One such industry body is the Payment Card Industry (PCI) Security Standards Council. It administers the Data Security Standard (DSS), a framework for the secure handling of cardholder data. Compliance with the PCI DSS can place a considerable burden on companies, especially those who conduct commercial transactions on behalf of customers using call centre operations. This is because, on the one hand, such call centre operations may require access to cardholder data, but, on the other hand, the PCI DSS compliance requirements apply to all system components that are included in, or connected to, the cardholder data environment (i.e. that part of the network which stores, processes or transmits cardholder data), including network components, servers and applications.
Furthermore, there is a growing demand or expectation among individuals for the ability to protect their personal or financial information when conducting commercial transactions online with banks or other service providers.
Methods and apparatus are therefore needed that improve the manner in which such personal, confidential or otherwise sensitive information is handled.