Remote Employees: The PCI Compliance Hurdle

by Geoff Forsyth on August 20, 2019

We are in an age where remote working is becoming increasingly common. With study after study showing the benefits of flexible work hours, co-working spaces, and remote employees, we see businesses making the transition. Forbes states that “remote work is no longer a privilege. It’s become the standard operating mode for at least 50% of the U.S. population. Traditional employers are finally on-board and ready to propose a flexible work arrangement. 2019 will further reinforce the current global shift towards ‘remote-friendly’ workplaces.” While the trends are pointing upwards for teams and companies making the move to remote working, there is a hurdle that keeps some teams or businesses from making the jump; PCI Compliance.

PCI Compliance proves to be a threat in a remote working situation because compliance is difficult to achieve when the remote employee is in a variable environment. For instance, when working from home, a contact centre manager cannot ensure that a clean room environment exists where the employee is conducting business. There is nothing in place to prevent the employee from hearing credit card numbers over the phone and writing it down, typing it into a blank spreadsheet, or repeating the number out loud back to the customer. In a home working environment, there is no assurance that the pausing and resuming of a call recording is taking place during card transaction. These are some of the leading factors in why remote working isn’t conducive to the contact centre when it comes to checking the PCI Compliance box.

This leads us to one of the most common questions we hear, “How do you maintain PCI compliance when your contact centre employees are remote?” The solutions or compensating controls that many organisations use today in the contact centre environment do not easily translate into work-from-home environments.

While the already inadequate use of compensating controls such as clean room environments and pause and resume of call recording aren’t transferrable to the home or remote workspace within the parameters of PCI DSS regulation, companies are being challenged to look for an all-encompassing solution that ticks the following boxes:

Implement remote working capabilities to recruit top talent to the team/organisation
Provide PCI Compliant transactions in a remote setting
Continually improve customer experience

The implementation of a PCI Compliant technology solution for remote agents when taking payment is the straightforward answer. With a cloud hosted, DTMF suppressing solution, the agent can focus on the customer and their needs, not the processing of information, mistakes in manual entry, or risk the PCI Compliance nightmare of recording, transcribing, or retaining sensitive card data. A solution like this can guarantee a consistent experience across both in-office and remote working employees. Not only does this provide consistency across the board, it also creates an enhanced customer experience.