Why Call Center Agents Should Know About PCI Compliance

Why Call Center Agents Should Know About PCI Compliance

In accounts receivable, good call center agents are the best way to increase revenue collected and close more accounts. The front line agent’s job is to take payments. This means it falls to management to teach staff the security risks and PCI compliance requirements associated with credit card transactions. 

Employees with high collection goals or busy call schedules can feel pressured. Even top agents might break rules if they don’t know the security risks involved with handling payment card industry data. Management and trainers should explain why agents need to take care with the sensitive card data they handle. This ensures employees understand why procedures exist and why these rules should be consistently followed.

Keeping Call Center Agents Invested In Compliance

Maintaining compliance throughout your call center is a team effort. It takes cooperation and understanding at every level of the business. Establishing guidelines, maintaining current documents and fostering an open, positive environment are all essential to keeping agents invested in compliance.
Why call center agents should know about PCI compliance

PCI Compliance Policies And Procedures
The foundation of managing a business is a robust set of policies and procedures. Your documents should be presented during your call center training and clearly explain the guidelines agents must follow (and why). Provide a written document not only for training purposes but to allow employees to refer back any time they have questions.

Quarterly Security Training

Your staff is likely a mix of new, moderately experienced and seasoned call center agents. With such varied levels of training, it’s a good idea to present all agents with reminders every few months. 

This keeps information top-of-mind and reinforces its importance. Oftentimes, employees can become complacent in their daily activities and slip up. Refresher training decreases the likelihood of PCI compliance rules being forgotten.

Reward Reporting Mistakes Instead Of Punishing

Of course, everyone makes mistakes. Chances are, your call center will see minor noncompliance issues from time to time. If employees aren’t trained or feel uncomfortable with management, delayed reporting may lead to a data breach

How management handles compliance and security reporting policies can also impact morale – and future agent performance. Front line staff are in a good position to notice when some policies are out of date or need tweaking. Create an environment of inclusion and respect between call center agents and leadership. This way, staff will feel comfortable approaching you with concerns that may end up benefiting the company. 

Also remember that mistakes happen. If an employee clicks a link in a scam email or falls victim to phishing, don’t punish them. Staff that feel scared to report problems may delay doing so. This is when companies are at higher risk of outside parties penetrating internal systems to gain access to consumer data. 

6 Main Goals of PCI Compliance

Remote Work And PCI Compliance Risk

Credit card data is always a risk, no matter where your agents work. However, with a higher number of remote workers, there are unique PCI compliance concerns to consider.

The Home Office

Inadequate home office setup can violate privacy requirements associated with PCI Data Security Standards. Allowing AR call center staff to take payments or handle sensitive information from home is possible. However, you must ensure access to work systems and networks is secure and doesn’t violate security regulations. 

Also be sure the employee’s intended work from home environment doesn’t violate PCI or other payment security and compliance rules. A few of the most frequent mistakes made when setting up a home office:

  • Shared office spaces - those outside your organization should not have access to consumer data. With so many companies turning to remote work, sharing an office space with a spouse or housemate may be common. Employees need to know only staff should have access to private work information. 

  • Inadequate security - Just as sharing a workspace is not always appropriate, having inadequate security in the remote workplace can cause issues. Computer screens should be locked when not in use. In addition, they shouldn’t face areas of the home where others may walk past and view private information.  

  • Disposal of private information - PCI standards require appropriate, secure disposal of paperwork that contains credit card information or other private data. In a traditional office, secure shred bins are routinely accessible. In remote work, this isn’t the case. 

Be clear that employees should not be writing down or otherwise retaining sensitive data. However slim the chance, credit card numbers discarded in a regular trash do pose a risk of being found and used.  

Simplify Agent Responsibility Through Software

Simplifying processes for employees and consumers increases completed payments and raises average payment amounts. The simplest way to guarantee compliance and better customer experience is to build it into payment work flows. 

PDCflow’s FLOW Technology allows agents to send payment information directly to consumers through email, text or chat. These requests are simple enough to be filled out and completed while still on the phone or on a chat with a call center representative. This minor operations change eliminates the need for staff to ever handle credit card data: 

  • Reducing training time
  • Simplifying procedures
  • Minimizing security risks

FLOW Technology can be used to reduce risk and speed up payment compliance for in-office and remote call center employees. For more information on how, download our FLOW Technology Remote Work And Compliance How-To.

Download the FLOW Technology How-To
Share this post!
Hannah Huerta - PDCflow Marketing Specialist
Hannah Huerta, Marketing Specialist

Hannah Huerta is a Marketing Specialist at PDCflow. She creates content for the accounts receivable and payment industry.

LinkedIn - Hannah Huerta

Related Articles
Remote Workers: Payment Security and Compliance Challenges in AR
What is PCI Compliance? How Can It Grow Your Business?