Can WFH Advisers Take Card Payments Securely Over The Phone?

Before the pandemic there was a common misconception that work-from-home (WFH) contact centre homeworkers could not possibly work in a secure environment. It’s simply not true. Organisations have been designing secure networks that include remote workers for many years. Yet it took a full lockdown for others to see that WFH was possible and that services, such as payments, could be secure if planned correctly.

Many WFH solutions hastily created during the pandemic didn’t address key security issues. PCI DSS compliant card payment handling is a great example. Some executives didn’t believe that PCI DSS compliance was even possible when working remotely so WFH was only ever seen as a temporary solution that couldn’t continue after the emergency period.

It is possible to create a secure WFH environment.  However, you must plan and build your network correctly. It was certainly possible before the experience of lockdowns forced many companies to experiment with remote work and it remains possible now.

SensĂ©e has almost 10 years’ experience in delivering PCI DSS compliance in a WFH setting and currently has PCI DSS Level 2 Service Provider status for a well known UK blue chip. We also built a fit-for-purpose card payment system for the service operation of a well known financial services firm to enable homeworkers to take over the phone credit/debit card payments.

When you look at the PCI security standards website it doesn’t take long to find that they have published extensive advice and training on how to deploy their standards for a WFH environment. It’s no secret that PCI DSS compliance is entirely possible for WFH advisers. In fact, the PCI DSS guidance on WFH advisers has been available for over a decade.

Executives that need more convincing may want to look back to the PCI blog published on March 23, 2020 – just as the Covid-19 lockdowns were starting for most companies across Europe and the US. This blog lists the specific measures required to ensure that companies can continue to remain PCI DSS compliant even if their workers are sent home.

The requirements are broken down into People, Process, and Technology and include security training for contact centre workers with a particular focus on those that will provide service from home. Processes such as dual-factor authentication to access corporate systems and restricting physical access to recording devices are also detailed along with technology restrictions, such as configuration and virus protection.

The security of WFH customer service teams has been a common concern of executives for a long time, but the information and examples are out there. PCI DSS guidance and compliance has been possible for many years – it’s entirely a question of how you go about building processes and standards for your home working team.

As I mentioned, SensĂ©e has real case studies and examples of this. WFH security is not just applicable in emergency situations, such as a pandemic lockdown. You can design the right level of security into a WFH solution from the start and then create a far more flexible work environment for your employees – that flexibility will be reflected back in the positive experience customers report when interacting with these advisers.

To find out more about Sensée’s range of WFH technology, consulting and BPO services, or about how we can help you build a bespoke PCI DSS compliant solution, please contact

Leave a Reply

Your e-mail address will not be published. Required fields are marked *