According to a memo being circulated within the PCI Security Standards Council, the new rule is aimed at protecting card validation codes and values "received by call centers on audio recordings."
The problem is not necessarily with call center employees that might use the data improperly?as they could access such data in quite a few easy ways?but with outsourced companies that review the tapes for customer service purposes. Those tapes not only have credit card information, but Social Security, home address and many other details that could aid credit card fraud and identity theft.
This is another reason why security auditors argue that keying in confidential data is more secure than reading it to someone on the phone. This is triply crucial in a cubicle office environment, where co-workers can easily overhear such data discussions. Even worse, those co-workers might be on speakerphones in conference calls and overhead details can now be picked up in many more locations.