February 11, 2021

TCPA Call Center Compliance Training – 7 Easy Points

There are a lot of compliance issues that you will need to address when working in or running a call center. However, which of those compliances largely depends on which sector you are working within your center. In this article, we are going to look at some of the most common call center TCPA compliance training issues that you can face in most sectors.
TCPA is one of the most prevalent regulations that call centers need to abide by at all times. If they do not, they can get into a lot of problems that they would rather not.  That is why we have those most common compliance issues in this article:

  • Agent Identification
  • Conversation Recording
  • Behavior
  • CVV2 Numbers
  • GDPR Assumptions
  • Information Safeguarding
  • Compliance Training

Call Center Compliance Training

We are now going to look at each of the above compliance issues in a little more detail. What it is, and what they mean to you. The majority of the problems are valid in most call centers, and they should be checked regularly to ensure compliance. Also, when you have a new client as a call center, you need to ensure that the clients are aware of your duties and do not try to put you as a call center in any compromising situations by asking you to do anything that is listed here.

Agent Identification

PCI-DSS (Payment Card Industry – Data Security Standard) is an information security standard for companies that handle credit cards from the major card brands. Within these security standards, it states that all agents that use computers to input or access any card information must be assigned a unique agent ID.
This identification requirement is to trace any leaked or stolen information to a specific employee that had access to that information. In all call centers, this is sometimes even more prevalent, and all agents should use 2-factor authentication to minimize the risk even more and also to pinpoint any issues easier.
The use of two-factor authentication is a little bit more of a requirement if you have remote call center agents that are allowed access to the information stored on the companies network. That is because it is more likely that there is someone else in the vicinity of the agent that may not have the privileges to access that information.

Conversation Recording

Conversation recording is something that you will have heard many times. That’s because, in most states in America, there is a requirement for consent to recording from both parties. Being a call center agent will mean that you will be required to consent to being recorded as part of your contract. However, the person on the other end of the phone has not automatically agreed.
Call centers that handle incoming calls are often more likely to tell the callers that they are recording the call than in outgoing centers. That is most likely because when you call a call center, they have a pre-recording at the beginning to tell you that “this call may be monitored or recorded.” However, in outgoing call centers, there is a lot more room for human error, as it is a step that is easy to forget.
Keeping that fact in mind is getting more of a necessity now, though. Also, merely telling a caller that they are recording the call does not constitute consent from the caller. There have even been cases of callers suing call centers because they did not permit the recording.
Instead of merely telling the caller that they are recording the call, it is better to give them their options of opting out before they continue.


Of course, one of the most critical compliance points is the agent’s behavior. Although this is going to be a prevalent practice as a company to keep customers happy and returning, there are also rules and regulations. If you are dealing with a collection of any debt, the FDCPA (Fair Debt Collection Practices Act) has some precise standards set out that will include call centers and their agents. For example:
Section 806 of the act states: A debt collector may not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of a debt.
Therefore, all of the agents that deal with any debt collection must understand the protocols and behavior requirements of them before making any calls. It is an unfortunate situation that many agents find themselves in when they feel like they are under pressure to perform and recover debts. They can sometimes be inappropriate to callers.
Although the majority of agents and supervisors know this, it is a factor that needs to be kept in check. There are no excuses for unethical or illegal behavior.

CVV2 Numbers

Another of the PCI-DSS standards and regulations prohibits ALL call centers from recording CVV2 numbers. However, that is not the only thing that is not permitted. Any other sensitive data, such as full card numbers, PINs, etc. are also covered by the same regulations.
It is not only call recording that is covered by this prohibition. The coverage spans across anything that constitutes as storable communication, such as writing it down. The way that the centers stop numbers from being recorded is through an API that automatically blocks out any such sensitive data without blocking any data that is required.

GDPR Assumptions

All call centers should assume that they are under the GDPR (General Data Protection Regulations) at all times. It is a regulation set out by the European Union and affects anyone doing business with people from Europe. It also affects anyone who accepts information and records from residents in the EU.
GDPR covers a variety of aspects, but the main points that concern call centers are as follows:

  • After the recording of a call, or any other data collection, the customers must be able to retrieve that information quickly and at no cost. The response time has shortened to thirty days for any data retrieval request, so the data should be accessible at all times.
  • Call centers must provide accurate and valid reasons for recording and storing the data that they do. There are many reasons for the collection of data, whether it is for legal purposes, training, and quality, or contract requirements.
  • As stated above, call centers must receive full consent to record calls.

Information Safeguarding

HIPAA is a United States legislation that came into force in 1996 to provide provisions for safeguarding medical information. While it covers many different things, the one that we are focusing on in this article is the recording, storage, and safeguarding of medical and personal information in call centers.
While HIPAA does not stop you from recording the following data, it does limit you to only recording when it is necessary. After collecting that data, there is a limitation to who you can share information with, and how. It also means that each time any information is shared, you must tell the person whose information it is that you have shared it.
Some of the items covered by HIPAA are:

  • Social Security numbers
  • IP addresses
  • Full face photographic images
  • Geographical identifiers
  • Any account numbers

Call Center Compliance Training

As we all know, call centers are busy places with a lot going on. Therefore, it is a little bit unreasonable for employers to expect their agents to remember everything taught to them in the first month of working for them.
That is why all Agents need to have annual refresher training on all of the guidelines and regulations by which they need to abide. That way, there is a lot less likelihood of them forgetting the information and landing themselves and/or the employer into a lot of trouble. However, what could potentially be a lot worse is that customers’ information is not safe if they do not complete the training or if they forget the requirements.


The TCPA Call Cente Compliance is a huge requirement for all call centers, especially one that deals with any of the above points. Therefore, you must understand all of the conditions and stick to them rigidly. If you want any further information about TCPA call center compliance training, feel free to use the contact page here.