How to ensure your remote agents are PCI compliant

The COVID-19 crisis has changed the business world we know, and contact centers from every industry had to adapt to the new normal and find the new ways of managing the workforce and providing exceptional customer experience.

Handling higher customer support volume along with an increase in online and phone payments led to the new challenges for contact centers. Organizations need to ensure their remote agents are compliant with the security and industry requirements while working remotely.

The biggest challenge with having remote agents be part of the over the phone payment is securing sensitive data. According to the PCI standards, payments need to be made securely and customer data should be fully protected. The solutions that many contact centers used before the COVID-19 can not be easily applied to work-from-home environments.

To achieve the compliance requirements, contact centers must change the way the payment card data is captured to prevent it from being exposed to the agent and/or outside security threat.

So how do you remain PCI compliant in a work-from-home environment?

Below are the four things to consider in order to stay PCI compliant in a WFH environment:

Pause/resume recording: Contact center must ensure the recording system they are using supports pause/resume functionality. This can be done via a soft key button by allowing agents to manually pause the recording when credit card numbers are spoken or via integration with CRM systems to automatically pause the recording based on actions taken by an agent.

Network Security: Network security is one of the main challenges of work-from-home environment, but it is critical to ensure an entire network system is compliant with PCI guidelines. Security team should start with verifying that an effective firewall is in place; and audit internal processes to provide additional layers of protection.

Role-Based Security: Agent and supervisor desktops should have role-based log-ins, so that each member of staff is only able to access what they need to do their job.

Additional Security Considerations: PCI compliance is more than just securing your systems and encrypting your data. The weak point is where those systems and data come into contact with people. In addition to the above measures, contact centers might consider additional software applications specializing in preventing home-based agents from seeing the payment card data by blocking it from the screen.

The right call recording and performance management tools can help your contact center adapt to the new ways of work and empower your agents.

MiaRec Recording system has all features required to be compliant with the PCI standards and provides facilities to either completely remove or protect sensitive data. MiaRec offers both manual (via soft key button) and automatic (via APIs) pause/resume functionality along with a set of additional security features, such as file encryption and role-based access control.

Contact us today to find out how we can help your agents be compliant while working from home.