In accounts receivable, good call center agents are the best way to increase revenue collected and close more accounts. The front line agent’s job is to take payments. This means it falls to management to teach staff the security risks and PCI compliance requirements associated with credit card transactions.
Employees with high collection goals or busy call schedules can feel pressured. Even top agents might break rules if they don’t know the security risks involved with handling payment card industry data. Management and trainers should explain why agents need to take care with the sensitive card data they handle. This ensures employees understand why procedures exist and why these rules should be consistently followed.
Keeping Call Center Agents Invested In Compliance
PCI Compliance Policies And Procedures
Quarterly Security Training
Your staff is likely a mix of new, moderately experienced and seasoned call center agents. With such varied levels of training, it’s a good idea to present all agents with reminders every few months.
This keeps information top-of-mind and reinforces its importance. Oftentimes, employees can become complacent in their daily activities and slip up. Refresher training decreases the likelihood of PCI compliance rules being forgotten.
Reward Reporting Mistakes Instead Of Punishing
Of course, everyone makes mistakes. Chances are, your call center will see minor noncompliance issues from time to time. If employees aren’t trained or feel uncomfortable with management, delayed reporting may lead to a data breach.
How management handles compliance and security reporting policies can also impact morale – and future agent performance. Front line staff are in a good position to notice when some policies are out of date or need tweaking. Create an environment of inclusion and respect between call center agents and leadership. This way, staff will feel comfortable approaching you with concerns that may end up benefiting the company.
Also remember that mistakes happen. If an employee clicks a link in a scam email or falls victim to phishing, don’t punish them. Staff that feel scared to report problems may delay doing so. This is when companies are at higher risk of outside parties penetrating internal systems to gain access to consumer data.
Remote Work And PCI Compliance Risk
The Home Office
Inadequate home office setup can violate privacy requirements associated with PCI Data Security Standards. Allowing AR call center staff to take payments or handle sensitive information from home is possible. However, you must ensure access to work systems and networks is secure and doesn’t violate security regulations.
Also be sure the employee’s intended work from home environment doesn’t violate PCI or other payment security and compliance rules. A few of the most frequent mistakes made when setting up a home office:
- Shared office spaces - those outside your organization should not have access to consumer data. With so many companies turning to remote work, sharing an office space with a spouse or housemate may be common. Employees need to know only staff should have access to private work information.
- Inadequate security - Just as sharing a workspace is not always appropriate, having inadequate security in the remote workplace can cause issues. Computer screens should be locked when not in use. In addition, they shouldn’t face areas of the home where others may walk past and view private information.
- Disposal of private information - PCI standards require appropriate, secure disposal of paperwork that contains credit card information or other private data. In a traditional office, secure shred bins are routinely accessible. In remote work, this isn’t the case.
Be clear that employees should not be writing down or otherwise retaining sensitive data. However slim the chance, credit card numbers discarded in a regular trash do pose a risk of being found and used.
Simplify Agent Responsibility Through Software
Simplifying processes for employees and consumers increases completed payments and raises average payment amounts. The simplest way to guarantee compliance and better customer experience is to build it into payment work flows.
PDCflow’s FLOW Technology allows agents to send payment information directly to consumers through email, text or chat. These requests are simple enough to be filled out and completed while still on the phone or on a chat with a call center representative. This minor operations change eliminates the need for staff to ever handle credit card data:
- Reducing training time
- Simplifying procedures
- Minimizing security risks
FLOW Technology can be used to reduce risk and speed up payment compliance for in-office and remote call center employees. For more information on how, download our FLOW Technology Remote Work And Compliance How-To.