According to a survey done by a call recording technology organization, more than ninety-five percent—that is, nearly all—UK call centers have been known to capture credit card credentials and information in phone conversation recordings that outright break customer privacy laws. Veritape (a company that provides call recording services to the entire UK call center industry) claims that only 39% of the 133 call center managers they talked to knew about the industry standards regarding the storage of consumer information, while only 3% of them got rid of the credit card numbers found in phone call recordings.

Cameron Ross—Veritape's Managing Director—believes that the UK call center industry is being routinely careless and willfully ignorant of the global industry standard set by the PCI-DSS in regards to sensitive data and credential storage; the industry's lack of action is putting millions of people and their finances at risk of identity theft and embezzlement.

Veritape claims that the negligent practice of storing sensitive data on the unedited audio recordings of UK-based cell center phone calls has the potential of becoming a vast collection of hazardous financial information that can compromise a lot of user accounts. What's more, the dubious tradition directly breaks the worldwide industry standards (i.e., the PCI-DSS) set by the PCI-SSC. In turn, the PCI-DSS outlines the industry mandates that demonstrate how corporations should manage data, whether they're from call center sales operations, websites, or physical shops.

Veritape also noted that one clause of the PCI-DSS specifically prohibits the storage of the three-digit verification number found on the back of cards when undergoing remotely conducted transactions. The statement further footnotes that even if the data is encrypted, such critical information should never be stored in any place (recording or otherwise) after authorization.

The Veritape survey of 133 call center managers reveal that out of the 97% that does not follow the audio recording rule of avoiding credential storage, 6% were working to become compliant with the requirement, 11% were straightforwardly ignoring the matter, 18% believe that it would be too hard or costly to implement the stipulation, and a whopping 61% doesn't even know about the standard in the first place.