Published Nov 2020

Taking remote credit card payments securely [PCI Compliance for homeworkers]


Now that many agents are working from home for the foreseeable, how do they continue to accept credit card payments from their customers securely? Read on to find out more about PCI Compliance for homeworkers and how it can be achieved in the remote contact centre.

Don’t let card payments be your weak link

If your agents take credit card payment information from customers, then all your systems must comply with the Payment Card Industry Data Security Standard (PCI DSS).   We take a look at what the challenges of remaining PCI Compliant while working from home are and what you can do to ensure you remain PCI Compliant.

As the number of digital transactions grows, so does the amount of fraud.  Protecting card holder data is one of the biggest concerns for organisations taking debit or credit card payments and this is even more so with many more agents continuing to work from home.  Although a large proportion of organisations believe they are PCI DSS Compliant, they actually might not be!

Related Read: Future Proofing Your Contact Centre Click here to receive a recording of our webinar: Security, Compliance and Agility Webinar

A recent report ‘Verizon Business 2020 Payment Security Report (2020 PSR)’ reported a sharp decline in PCI Payment Compliance with just one in four global organisations keeping card holder data secure.

What are the PCI compliance challenges?

Despite the advantages of working from home, PCI compliance for homeworkers in a contact centre environment can be challenging.  When we speak to our customers, about taking payments remotely, the two question we often get asked are ‘how can I ensure my remote agents can take payments without hearing or touching sensitive credit card information?’ and ‘how can I ensure the card owners data is correctly stored so that an agent can still process a payment but can’t access the actual information itself?’We advise customers to look at deploying a ‘clean desk’ method whereby hearing, touching or storing card data are removed.  So how is this achieved?

Click here to receive a recording of our webinar: Security, Compliance and Agility Webinar

How can PCI Compliance for homeworkers be achieved?

There are three simple solution options that contact centres can and should consider to help achieve PCI compliance for remote workers:

Self-service Payment via IVR

This method allows the customer to dial into a dedicated payment line or select the appropriate IVR option and enter card details using DTMF which is then automatically processed and authorised.

Agent Assisted Payment Services

Similar to the IVR option, here the agent will prompt the customer to enter card details using DTMF.  While the payment is being processed the agent will have visual feedback of how the payment is progressing so the customer can be kept informed.

Payment URL across any digital channel or voice calls

With this option, the agent can generate a special payment link that can be sent to the customer on their preferred channel.  The customer can then open the link and enter payment details while the agent has full visual view of the payment progression in real-time.

Opus Payment Solutions

At Opus we understand the challenges of taking payments remotely and the need to balance the requirement to record and evidence financial transactions against the conflicting requirement to not record or share the card holder’s financial information and to ultimately ensure PCI Compliance.

Working with a number of industry leading PCI Compliance partners such as Cirrus LinkPay+, Semafone and PCI Pal, we can provide advanced PCI DSS compliant solutions to ensure that your customers are protected, so that while all calls are recorded, no actual card information is recorded or stored within the business systems or by the agent.

Don’t let card payments be your weak link – get in touch with us today to find out how we can help your contact centre remain PCI compliant while working remotely.
Go to Top