PCI Compliance From Home

Blog
23 March 2020

While no one can predict the longer-term global impact of COVID-19, the immediate changes to our daily lives are apparent, specifically – homeworking. Indeed, the advice from almost every Government is unanimous – work from home if you can. The concept of working remotely is nothing new, around 4 million UK employees currently do this regularly, and in the US, roughly 50% of businesses offer remote working patterns.  In the current climate, those businesses who have not considered homeworking are having now having to, and fast. On the face of it working from home seems relatively easy to implement, but it’s not without its challenges. A prime example of this and a question the PCI Pal team are increasingly being asked is ‘Can we take payments remotely and securely?’ In order to answer this, we need to first look in detail at the challenges working remotely can present when trying to achieve and maintain PCI Compliance.

 

What are the challenges of achieving PCI compliance remotely?

Woman working on computer in living room, wearing headset.At any given time, you may have agents making inbound and outbound calls, and some of these interactions with customers could involve taking payments. There are several ways contact centres can achieve PCI compliance within the contact centre, but not all of them are appropriate for remote working. Using compensating controls such as a cleanroom environment or pause and resume will only limit a small amount of credit card data being exposed within the contact centre environment.

When faced with working remotely, however, it’s clear that these solutions are not suitable. A contact centre manager cannot ensure a cleanroom environment where the agent is working from home. Another is the use of pause and resume, which only stops credit card data from being recorded and stored. It can still be heard and seen which means that it can easily be exposed and used unlawfully. The PCI Security Standards Council (PCI SSC) acknowledges this issue in the information supplement ‘Protecting Telephone Based Payment Card Data.’  This document advises businesses to ‘evaluate the additional risks associated with processing account data in unsecured locations and implement controls accordingly.’ Taking steps such as multi-factor authentication, only to use business hardware and devices, and training staff to understand the risks associated with working remotely do go some way to securing credit card data, but much like using compensating controls, they are not enough as credit card data can still be seen and heard.

 

what can businesses do to ensure that PCI Compliance is achieved and maintained?

home working

Contact centres using solutions such as Agent Assist do not have the same constraints as organizations relying on compensating controls. Our cloud based platform means that agents can log in from home and continue to take payments safely and securely. Customers key in their credit card information and the tones are masked both audibly and visually which means they cannot be stolen. Organizations that do not employ such solutions need to seriously consider doing so, especially when it appears the current situation isn’t going to change for a long time.

 

Speak to one of our team to discuss how PCI Pal can assist your business in enabling secure payments from home whilst adhering to PCI DSS.

View more Blogs Knowledge Centre

How can we help you?

Get in touch today to discuss our solutions and your specific requirements.

CONTACT US

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

Digital Mock-up of PCI Pal Pause & Resume White Paper
White paper
Pause and Resume Call Recording: Calculating the Risk
Pause and Resume Call Recording: Calculating the Risk
In this white paper, we establish and explain the threats posed by outdated call recording technology, including Pause & Resume call recording. Through it, you'll find an easier path to compliance with data security regulations, meaning less chance of being fined for a data breach.
Read more
healthcare CX and payment compliance
Success story
NFP Health Secures Remote Contact Centre Payments with PCI Pal
NFP Health Secures Remote Contact Centre Payments with PCI Pal
NFP Health secures remote contact centre payments with PCI Pal as they focus on enhancing the customer experience and streamlining PCI compliance strategy.
Read more
ACH Payments in the Contact Center
Blog
Securing ACH Payments in Contact Centres  
Securing ACH Payments in Contact Centres  
Offering ACH payments in contact centres can provide greater speed, accuracy, and efficiency. PCI compliance solutions help build trust with customers by ensuring call centre agents are not exposed to sensitive banking information.
Read more
News
PCI Pal Featured on CardRates.com
PCI Pal Featured on CardRates.com
Mike Senecal of CardRates.com examines how PCI Pal has developed a suite of solutions to secure contact centre payments for organizations globally. Recognizing the changing landscape for mid-market to enterprise-size contact centres, the article dives into the benefits of a payment solution suite that delivers both secure, compliant payments and an enhanced customer experience.
Read more

More related content

Chat with us