Covid-19 Notice

Semafone is closely monitoring the global impact of the coronavirus and is taking all precautionary measures to protect our staff and to maintain operations. Read More

There is currently no impact on our business, and we have robust contingency plans in place to ensure the safety of our employees and continuity of our operations for all our customers should the virus spread at an increased rate. If you have any questions, please contact us at [email protected].

We have issued country specific guidance on travel to all employees and are monitoring threat levels and reissuing guidance accordingly. Our employees are fully equipped to work from home in all of our geographical locations and we will be keeping home working as the norm until risk levels have significantly declined.

Close

Menu

Payments are the lifeblood of your business, and in these unpredictable times, many organisations are moving their contact centre employees and customer support representatives to more flexible and remote ways of working. With this transition comes a host of unique challenges: How do you keep you staff safe and operational while providing them with the ability to process secure and PCI DSS compliant payments?

Interested in learning more? Speak to a member of our team today!

 

Contact Us Now


semafone

PCI DSS Requirements for Securing a Remote Workforce

While acknowledging the additional hurdles that organisations may face by having to secure a remote workforce, the PCI SSC makes clear that merchants implementing remote working procedures must still comply with the requirements in the PCI DSS. The PCI SSC outlines three areas that merchants can focus on to ensure greater security of cardholder data:

PCI DSS Compliance for Remote Workers - People

People

The PCI SSC states, “One of the best ways to mitigate that risk is to create and maintain a culture of security within the organisation.” They recommend enacting controls including:

  • Initiating a security-awareness program for employees, as outlined in PCI DSS Requirement 12.6. These programs should occur at the start of employment and be repeated or refreshed  an annual basis, ensuring that the entire workforce has been properly trained and is kept up to date on security procedures.
  • Evaluating additional risks that home workers may face while processing sensitive data and addressing them appropriately. Efforts should be made to inform the entire workforce of the added risks associated with remote working and how these can be mitigated.
  • Making sure that systems and data located in the environments of home and remote workers remain secure at all times and are not accessible to any individuals that are not authorised.

PCI DSS Compliance for Remote Workers - Process

Process

The PCI SSC goes on to add, “The physical environment within which an office worker or home worker is taking card payments over the telephone should be effectively monitored and access controlled.” Some of these required controls include the following:

  • Ensuring that remote workers utilise dual-factor authentication processes when they must connect to the telephone environment or to any other systems that handle sensitive card data.
  • Limiting physical access to records that may potentially contain cardholder data, such as call or screen recordings, in addition to equipment used for networking or communications.
  • Securely storing account data if it is ever written or printed on paper, and ensuring it is securely shredded once it is no longer needed.

PCI DSS Compliance for Remote Workers - Technology

Technology

The PCI SSC finishes its recommendations by asserting, “By limiting exposure of payment data in your systems, you simplify scope and validation, reducing the chance of being a target for criminals.” Some ways to go about this are:

  • Requiring all employees to utilise only the hardware devices that have been approved by the company (mobile phones, telephone handsets, laptops, desktops, and systems).
  • Implementing robust security controls on employees’ technology in remote/at-home working environments, which include:
    • Installing personal firewalls, updating corporate-grade virus-protection software to the latest versions, & downloading the most recent versions of approved security patches
    • Configuring software systems to prevent users from disabling security controls
  • Ensuring that the network and any other technology in the remote worker’s environment is secured in conjunction with the PCI DSS requirements.

Semafone’s Cardprotect solutions can help by:

  • Allowing you to keep your company open and carry out business as usual
  • Getting you up and running in days, with billing by link generated
  • Empowering your remote or home workers to process payments securely
  • Enabling your agents to maintain constant communication with the customer throughout the call in case of any issues
  • Delivering fully PCI DSS compliant payments
  • Simplifying and securing your omnichannel payments and digital interactions

Our industry-leading certifications, partnerships with world-class organisations, and flexible and quick deployment options provide best-in-class solutions to meet all of your needs and provide your customers with a unified and secure experience across all engagement channels.

Learn more about how to enable your remote workers to process secure, PCI DSS compliant payments by downloading our solution brief now.

 

Download Now

Cardprotect Relay+ enables your business to take payments anywhere and across any digital customer engagement channel, without the need to invest in costly hardware or enter into closed payment ecosystems. Featuring powerful and flexible configuration tools for every channel you choose to transact in, Semafone’s Cardprotect Relay+ platform underpins your digital strategy by cutting through payment complexities; making it easy to engage with customers and seamlessly monitor, track, manage or support all your transactions.

Learn more about Cardprotect Relay+


semafone

“Semafone’s solution has made a huge difference to us. With many of our employees being homeworkers, we were very concerned about compliance. With Semafone’s solution, RNIB can meet the data security demands of the PCI DSS, while also providing the best possible customer service. It also reinforces to our donors that we take the security of their data seriously.”

Catherine Lloyd – Senior Telemarketing Manager at the RNIB