As businesses around the globe and in all industry sectors face a new reality of managing remote workforces, their ability to secure payment systems, technology access, and sensitive customer data from anywhere and particularly the home, has never been more important.
Most organizations have had to further digitize themselves during the COVID-19 pandemic. Out of absolute necessity, consumers everywhere have turned online and to mobile channels, or dialed into call centers to make purchases, schedule medical appointments, change their travel plans, pay bills and more. These shifts have placed increased workload and responsibility on customer support teams, salespeople, IT security personnel and the businesses that employ them. They must maintain operations and provide their newly remote/home based employees with access to enterprise technologies, all while still ensuring strong security around sensitive customer data and compliance with a raft of regulatory requirements in a rapidly evolving environment.
So how can organizations ensure their employees who are processing payments and handling other types of personally identifiable information (PII) – such as credit card data and bank account numbers – maintain compliance with data security and privacy regulations like the Payment Card Data Security Standard (PCI DSS)? While this unprecedented situation has changed how businesses must operate to survive, they cannot simply just stop complying with data security and privacy regulations as their workforces move to a remote model.
Organizations need to employ modern payment technologies and strict security protocols to ensure customer PII is handled in a PCI DSS compliant manner everywhere. Upholding these standards also forms a safety net to help mitigate potential COVID-19 related fraud, cybersecurity risk and data breaches.
Enable Your Remote Workers While Protecting Payments and Sensitive Data
Despite the challenges and concerns of remote working, organizations can follow best practices to ensure they maintain compliance with regulations, securely handle consumers’ personal data and still offer a frictionless customer experience. These practices also align with the PCI Security Standards Council’s advisory on protecting payment card data when implementing a remote-work model in response to COVID-19.
- Minimize Exposure to Sensitive Card Data
One of the most effective ways to protect payment card data and other PII is to ensure it is never handled or held by customer service representatives (CSRs), sales professionals or other employees who do not need access to it, whether they are working remotely or in their normal environments.
Modern payments solutions can enable CSRs and sales professionals to process payments over the phone or through any digital channel customers prefer – including web chat, social media, email, SMS and QR codes – while ensuring that the sensitive payment data is kept out of the organization’s (or remote employee’s) network infrastructure completely. By using technologies like dual-tone multi-frequency (DTMF) masking and encryption, today’s cloud-based payments solutions can sit outside the network and securely rout sensitive payment card data directly to the payment service provider (PSP) for processing.
Because the employee never directly handles the sensitive data and it does not touch their home network, the business is able to maintain PCI DSS compliance and minimize security risks such as data breaches or fraud. Meanwhile, customers still benefit from making fast, secure and seamless payments through the platform or channel they prefer.
- Conduct Security Awareness Training for All Employees
As employees transition to a home-working environment, it is critical that they are educated on the data security risks and what steps they must take to maintain the security of the systems, processes and devices they are using from home. Organizations should immediately conduct a refresher course on PCI DSS security awareness for all employees. This will help them understand the proper ways to handle sensitive information while working from home, and how to recognize potential threats. Among other topics, security awareness training should instruct remote workers on:
- Best practices for password security.
- How to make sure their devices are up to date on patches, anti-malware protection and firewall functionality.
- Using only secure and encrypted communications channels, such as a VPN, to access the company network — and to never use an unsecured Wi-Fi network.
- Turning off voice-activated smart speakers like Alexa to ensure that sensitive information discussed in telephone conversations is not overheard.
- Ensuring that housemates and family members do not have access to any business systems.
- Harness Data Encryption Methods
Securing laptops, mobile phones and other Wi-Fi enabled devices has become more challenging than ever. Organizations must secure the company devices that connect to their networks, while also protecting against potential vulnerabilities introduced by employees’ mobile phones and other personal devices. Organizations can mitigate these threats and continue to comply with regulations like PCI DSS by using encryption methods such as WPA2 and installing a corporate VPN. These security tactics can reduce the scope of compliance for employees working in remote environments.
- Leverage Real-Time Analytics
With newly dispersed workforces, businesses should also consider incorporating real-time analytics solutions to obtain a reliable view of how their payment and customer support systems are operating from anywhere. Gaining robust analytics on all customer touch points or potential areas of concern – including failed payments, system resets or increased wait times – can help organizations improve customer and employee satisfaction, or to adjust their operations as needed.
While organizations will need to navigate these challenging times with remote employees and strains on their systems for the foreseeable future, they can still harness modern technologies to protect payments and customer data and ensure compliance with regulations. By employing best practices for handling sensitive data and protecting their networks, businesses don’t need to sacrifice payment security and delivering the best customer service with a dispersed workforce.
