The Transition Of Contact Centres And Customer Services To Homeworking
PCI Compliance for remote and home working has become a much greater focus for organisations that take payments over the last year. 2020 has been unpredictable and the Covid -19 outbreak has been an unplanned catalyst in the surge of people working from home.
For many sectors, office-based work was a traditionally comfortable environment for their business and employees, with technologies and security tailored to this. The transition to a remote working environment is set to continue with numbers of homeworkers predicted to double in 2021 as shown in a survey by Enterprise Technology.
It has become apparent that the majority of staff can be just as productive in their new workspace, but certain processes need to catch up and be implemented to keep cybersecurity at the same level. An emphasis on how to remain compliant with the PCI DSS directives is more key now than ever, as opportunistic hackers or data breaches are more likely to be an issue.
Fortunately, award-winning technology like PayGuard helps to mitigate these risks and take agents and businesses out of scope.
Why Is It Important To Focus On Remote Compliance & Security
The reasons for remaining PCI DSS compliant are well documented, you can read about this further in our PCI DSS Compliance overview. The bottom line is non-compliance can lead to catastrophic consequences to any business and its customers.
In a normal setting, there are well-defined protocols and developed technology that are put in place to remain compliant. Management structures make sure a predefined process is followed and secure areas remain just that. Its departments know they are maintaining the integrity and compliance of these locations. These differences are able to be overcome but thought and actions need to be put in place.
What Are The Challenges?
Unsecure routers using default passwords
Lower firewall controls
Additional non-secure devices on the shared network
Home phone networks in scope
Human negligence, shared spaces and non-work distractions
Maintaining updates and security patches
Maintaining a focus on the security and compliance process
Restricting access to staff
Increased testing of security systems and processes
Tracking and monitoring access to networks
What Can Organisations Do To Achieve Compliance From Homeworkers
There are two particular areas that companies can look at when addressing compliance for homeworkers. These can be split into the physical processes and procedures, and the technology that is used to support this and be compliant.
The Physical Process
To remotely manage the physical process of security is the most difficult to uphold for organisations taking payment. By allowing staff to take payments at home the given household becomes part of the physical scope defined by the PCI DSS. The staff members home then becomes subject to all the security procedures and processes that are implemented in a traditional place of work.
This includes what most people would consider entirely impractical requirements, such as visitor logs, access to security cameras or keeping a secure lockable room that only staff can enter! The reality is this cannot be done and there is only one way to make this work, which is to remove the location entirely from scope. Fortunately, the technology PayGuard offers does exactly this and will do so in a way that is simple and easy to implement.
For many years it has been entirely impractical to work in this way but now with the correct technology available, it is a viable option to any organisation. The current pandemic means that businesses are being forced into looking for solutions and this is now part of the puzzle which has been remedied.
PCI Compliant Technology
Whilst the technology section of compliance might initially seem the most challenging aspect of remote compliance it should actually be more manageable. The equipment being used will need to be subject to the IT departments control as it remains in the PCI DSS scope. This process should meet the same requirements that are found within a call centre or customer payments department.
A secondary part of the technology remit is the actual network that the homeworker is using whilst performing their duties. This again falls in scope and can be much trickier to deal with as the networks will be shared with unsecured family devices from phones and iPads to smart devices. Some ways to get around this include VPN’s and the use of company hosted firewalls, so these would need to be taken into account.
How PayGuard Helps You In The New World
Initially, you could be mistaken that taking compliant payments at home will be incredibly difficult. This of course is true if you are not aware of all your options. PayGuard (developed by Fusion Telecom Ltd) have a passion and long term understanding of the need for simple PCI DSS Compliant Payments.
Let’s face it nobody wants to spend their time being compliant, but at the same time know of the huge consequences they face if they are not. The easy-to-use technology that is PayGuard allows an agent to completely remove themselves from scope by not coming in contact with a customer’s sensitive information.
This is available all the way to Level 1 PCI compliance so there is no fear of being outside the requirements of your organisation, no matter how many payments you take. It will also allow for payments over any channel, be it phone, webchat or SMS. It is also just as easy to set up recurring payments allowing seamless integration into any existing working environment.
For further information on how this works, you can visit our How PayGuard Works.
Or quickly click on the video below to see how simple and quick it is to take a payment over the phone.
We know that all businesses are not the same and you may have a question about how technology like PayGuard can work for you. So please feel free to reach out for a no-obligation chat by filling out the form below.