By Aaron Lumnah, Senior Manager, Demand Generation
As many businesses transition their contact centre employees and customer support representatives (CSRs) to a remote work model during these unprecedented times, data security and compliance can begin to present unique challenges. As the hub for handling and processing all types of personally identifiable information (PII) from customers — like contact information, health or medical records, social security numbers, driver’s license numbers, and of course payment card information — the contact centre and its agents must comply with a multitude of data security regulations, including the Payment Card Industry Data Security Standard (PCI DSS).
However, the data that contact centre agents are typically tasked with handling may not be as secure in an individual employee’s home as it would be in the traditional office setting. Within the walls of an office, businesses have strict security protocols and technologies in place, along with proper management overseeing everything to ensure that customers’ PII is being handled in a PCI DSS-compliant manner.
In this time of transition, how can organizations continue to keep staff safe and operational while working remotely, while at the same time, providing them with the ability to process secure and PCI DSS compliant payments? Will businesses still be able to maintain proper data security standards in order to mitigate potential fraud or brand-damaging data breaches?
Fortunately, even though remote working poses some new challenges and concerns, there are a few ways that organizations can still ensure they maintain compliance with relevant regulations and keep customer data secure, all while still offering customers a frictionless experience.
Don’t Expose Employees to Sensitive Card Data
One of the best ways to ensure that customer PII and other sensitive data is kept secure is to ensure that the data never enters the contact centre’s network environment in the first place – whether that network is in an office setting or at the agent’s home. Technology solutions like Cardprotect Relay+ make this possible, while at the same time providing customers a seamless and secure experience.
With Cardprotect Relay+, agents can generate secure digital payment hyperlinks that can be sent via webchat, social media, email, SMS, QR codes, e-commerce, m-commerce or any other digital channel customers may make purchases through. Customers simply click the secure link to enter their payment details, and their sensitive payment data and PII gets securely routed directly to the payment service provider (PSP). Because the sensitive data never enters the agent’s network environment Cardprotect Relay+ removes contact centres and remote-working agents from the scope of PCI DSS compliance. This enables businesses to dramatically simplify compliance and significantly reduce costs. In turn, customers are able to complete fast, easy and secure purchases or payments, through whichever channel they prefer.
Don’t Store Any Data
We always say: “they can’t hack what you don’t hold!” In order for a business to suffer a data breach, there must be sensitive information for a hacker to steal. If there is no sensitive customer information within the agent’s individual environment to begin with, the danger of a hacker or fraudster getting hold of anything valuable is significantly reduced.
As contact centre agents are now increasingly fielding calls from home, the organizations they work for must also make sure that payment card information is kept secure during these phone transactions. By employing a dual-tone multi-frequency (DTMF) masking solution like Cardprotect Voice+, businesses can ensure that customers can securely pay by phone even when the agent handling their call may be working in an insecure home environment. With DTMF masking solutions, the customer simply types in their card number on their keypad and the dial tones are replaced with flat tones so the agent or CSR cannot distinguish the numbers, and the sensitive payment card information cannot be captured on call recording systems or overheard by eavesdroppers. At the same time, the CSR and caller stay in full voice communication throughout the duration of the transaction, allowing the CSR to troubleshoot or answer any questions should the caller have any issues. Transaction details are then passed straight to the PSP, bypassing the CSR and their network environment, and is never stored in the systems or on the premises.
DTMF masking solutions provide a way for CSRs to process payments being taken via a telephone transaction while at their home, without the sensitive information ever being handled directly by the CSR. This gives customers the peace of mind that their PII is safe, improving customer satisfaction and key contact centre metrics – all of which still must remain top of mind during the transition to remote work.
Employ Proper Data Encryption Methods
As support representatives transition their work environment and work materials to their homes, they may take with them and continue to use portable data storage devices such as external hard drives and USB sticks. However, these devices are extremely easy to lose and can even be stolen.
In order to prevent the information held on these devices from falling into the wrong hands, businesses must ensure that only encrypted data can be downloaded onto them. Doing so will ultimately reduce the risk that the data can be used for nefarious purposes by rendering it unreadable without the proper encryption key.
Additionally, with the plethora of devices that can now connect to Wi-Fi networks, securing them has become harder than ever. This means that not only are company-sanctioned devices like laptops and tablets connecting to the network, but employees’ personal cell phones and other unsecured devices can introduce vulnerabilities and risks that challenge an organization’s ability to control and maintain network security while staff work remotely.
To mitigate the threats these unsanctioned devices can pose – and continue to comply with frameworks such as the PCI DSS — businesses should use the latest encryption methods such as WPA2 and install a corporate VPN. Doing so will help reduce the scope of compliance for CSRs and their environment.
When organizations take the proper precautions, they can greatly minimize the chances that they’ll suffer a data breach. This is now truer than ever before, as businesses start to move their CSRs and other employees to a remote work model during this unique time. To reduce the risk of fraud, achieve