Enterprise Recon 2.6.1
Dual-Tone Multi-Frequency Detection
Overview
Organizations that use Interactive Voice Response (IVR) systems may be unwittingly storing sensitive data resulting from the use of a call recording solution which may inadvertently record Dual-Tone Multi-Frequency (DTMF) identifiers that are keyed in using a telephone's numeric keypad during over-the-phone transactions.
Common examples of this use case include:
- When a patient keys in their social security number for verification before accessing a health report.
- When a banking customer enters their internet banking ID or bank account number as part of the telephone banking authentication process.
- When a buyer enters their credit card details (PAN) for payment purposes.
The above scenario can result in violation of varying data security and privacy standards including HIPAA for healthcare information, PCI DSS for payment card data or country-specific privacy laws for a citizen's general personal data.
Detection of DTMF Tones
ER2 understands common audio file formats and will recognize numeric data types that are entered using the telephone keypad (DTMF tones). The DTMF feature in ER2:
- Is enabled by default and does not require any special settings to be set in your scans.
- Can detect DTMF tones within supported MP3 and WAV audio file types.
- Can detect numeric-only data types (e.g. credit card numbers, social security numbers, bank account numbers, custom value lists, etc.)
Supported audio file formats for DTMF defection include MP3 and WAV PCM in 8-bit and 16-bit using audio sample rates of 8, 16 and 44 kHz.