PCI DSS Compliant Payments
for Home & Remote Workers
Semafone’s Cardprotect Relay+ helps power your business continuity plans and allows remote
workers to take PCI DSS compliant payments.
Payments are the lifeblood of your business, and in these unpredictable times, many organisations are moving their contact centre employees and customer support representatives to more flexible and remote ways of working. With this transition comes a host of unique challenges: How do you keep you staff safe and operational while providing them with the ability to process secure and PCI DSS compliant payments?
Interested in learning more? Speak to a member of our team today!
PCI DSS Requirements for Securing a Remote Workforce
While acknowledging the additional hurdles that organisations may face by having to secure a remote workforce, the PCI SSC makes clear that merchants implementing remote working procedures must still comply with the requirements in the PCI DSS. The PCI SSC outlines three areas that merchants can focus on to ensure greater security of cardholder data:
People
The PCI SSC states, “One of the best ways to mitigate that risk is to create and maintain a culture of security within the organisation.” They recommend enacting controls including:
Initiating a security-awareness program for employees, as outlined in PCI DSS Requirement 12.6. These programs should occur at the start of employment and be repeated or refreshed an annual basis, ensuring that the entire workforce has been properly trained and is kept up to date on security procedures.
Evaluating additional risks that home workers may face while processing sensitive data and addressing them appropriately. Efforts should be made to inform the entire workforce of the added risks associated with remote working and how these can be mitigated.
Making sure that systems and data located in the environments of home and remote workers remain secure at all times and are not accessible to any individuals that are not authorised.
Process
The PCI SSC goes on to add, “The physical environment within which an office worker or home worker is taking card payments over the telephone should be effectively monitored and access controlled.” Some of these required controls include the following:
Ensuring that remote workers utilise dual-factor authentication processes when they must connect to the telephone environment or to any other systems that handle sensitive card data.
Limiting physical access to records that may potentially contain cardholder data, such as call or screen recordings, in addition to equipment used for networking or communications.
Securely storing account data if it is ever written or printed on paper, and ensuring it is securely shredded once it is no longer needed.
Technology
The PCI SSC finishes its recommendations by asserting, “By limiting exposure of payment data in your systems, you simplify scope and validation, reducing the chance of being a target for criminals.” Some ways to go about this are:
Requiring all employees to utilise only the hardware devices that have been approved by the company (mobile phones, telephone handsets, laptops, desktops, and systems).
Implementing robust security controls on employees’ technology in remote/at-home working environments, which include:
Installing personal firewalls, updating corporate-grade virus-protection software to the latest versions, & downloading the most recent versions of approved security patches
Configuring software systems to prevent users from disabling security controls
Ensuring that the network and any other technology in the remote worker’s environment is secured in conjunction with the PCI DSS requirements.
Semafone’s Cardprotect solutions can help by:
Allowing you to keep your company open and carry out business as usual
Getting you up and running in days, with commercially flexible billing structure
Empowering your remote or home workers to process payments securely
Enabling your agents to maintain constant communication with the customer throughout the call in case of any issues
Delivering fully PCI DSS compliant payments
Simplifying and securing your omnichannel payments and digital interactions
Our industry-leading certifications, partnerships with world-class organisations, and flexible and quick deployment options provide best-in-class solutions to meet all of your needs and provide your customers with a unified and secure experience across all engagement channels.
Learn more about how to enable your remote workers to process secure, PCI DSS compliant payments by downloading our solution brief now.
Cardprotect Relay+ enables your business to take payments anywhere and across any digital customer engagement channel, without the need to invest in costly hardware or enter into closed payment ecosystems. Featuring powerful and flexible configuration tools for every channel you choose to transact in, Semafone’s Cardprotect Relay+ platform underpins your digital strategy by cutting through payment complexities; making it easy to engage with customers and seamlessly monitor, track, manage or support all your transactions.
“With no long-term contracts and a commercially flexible charging structure, Semafone’s solution is ideal for charities like us that need to minimize the administration costs associated with handling donations. Plus, the solution is scalable enough to cope with any peaks in demand generated by the fundraising campaigns and events we run throughout the year,”
Anne Davies – Supporter Care Manager at Pancreatic Cancer UK
