Not returning to the office for a while? How to take payments SECURELY while your staff are working from home

The enforced lockdown in March, as a result of the Covid-19 pandemic, led to lots of businesses hurrying to implement new technology and procedures for their staff to work remotely. For many this meant adapting service provision, while for some, a speedy introduction into card-not-present (CNP) transactions, over the phone and/or online. In the rush to establish these new practices, card payment security and compliance obligations were sometimes pushed to the side-lines, putting business networks and data at risk and opening up weaknesses within systems to be exploited by hackers and cyber criminals.

As businesses and their employees continue to wrestle with these new ways of working, meanwhile consumers’ expectations of businesses taking responsible measures to protect their payment and personal data remain high.  The reputational damage that can occur as a result of a data breach can be disastrous for any organisation, not to mention the impact of the substantial fine that could be incurred if data protection policy and PCI DSS compliance is proven to have been insufficient. Guidance published by the PCI Security Standards Council (PCI SSC) for businesses combining remote working with accepting card payments, suggested a number of strategies including enforcing strong password policies and multi-factor authentication as well as imposing encrypted communications and enhanced anti-malware and firewall applications. These actions undoubtedly improve security, however, the guidance puts employees at the front line of defence, relying on their familiarity with policies and procedures and their ability to update their systems remotely without the hands-on IT support usually available in the office.

Which is why investing in an external, cloud-based card payment solution is worth every penny. Here at PCI Telecom, our range of card payment solutions, all accredited to Level 1 PCI DSS standard, can be adapted for use anywhere, protecting your business from cyber attack and a breach of compliance obligations. Here’s how they can work for you during this time:

Our PCI Agent solution can be used with calls to your business diverted to employees’ mobile or home landlines, enabling customers to get through to a live agent and to make payments using their phone keypad to input their card details. The caller remains on the line to the agent at all times – at no point is their card number required to be read aloud and the agent sees only encrypted code appearing on their screen.

Auto IVR can manage calls and payments out of hours or when there are no staff available, providing callers with tailored options so that they can reach exactly the service or product they need and make payments smoothly and securely.

PCI Webchat During a live chat, web chat, SMS or social media engagement with a customer, the agent launches the online PCI WebChat solution to populate the transaction details. Our system then generates a unique and secure payment URL link that is sent to the customer, into which they enter their card details. The PCI Webchat function remains open to the agent and customer so they can continue to ‘chat’ during the process but card details are at no point made visible to anyone other than the customer.

PCI Paylink The most recent addition to our suite of solutions, the agent simply completes the transaction information via the PCI Paylink webpage. The system then generates a unique and secure URL that is emailed to the customer for them to fill in with their card details. With full encryption, the payment is then processed, at no time revealing the card details to a member of staff.

Our solutions work for organisations of any shape and size and are created on a bespoke basis so we can tailor each element to the specific needs of your business. They are available individually or as part of an effective omnichannel payment suite, helping you to reach more customers while maintaining a consistently high standard of service.

Accepting and processing CNP transactions securely while your staff work remotely needn’t be a struggle or a worry during this time. For more information on our Solutions or to talk through your requirements, get in touch here.