PCI Compliance for Remote Workers in AR

Moving staff outside the controlled environment of a secure office comes with unique challenges and risks.

If your Accounts Receivable agents are taking payments from their homes, one of your primary concerns should be maintaining PCI compliance for remote workers.

Here are the most common concerns debt collection, medical billing, or accounts receivable companies face when taking payments remotely.

Learn to identify areas of risk and how to ensure you’re prepared and compliant.

PCI DSS Compliance Checklist for Remote Workers

Payment security should be a concern wherever your staff operates, but there are more factors to consider when remote workers accept card payments in a work-from-home setting.

PCI compliance for remote workers helps your agency:

Maintain customer payment data security.

Comply with rules and regulations to avoid violations or fines.

Reduce the risk of a data breach, legal issues, and financial consequences.

Home office workspaces, security practices, and fraudulent encounters are all risk factors to PCI compliance for remote workers.

Your agency should have a plan in place to set expectations and maintain security, even in a work-from-home setting. Create and enforce rules that keep customer data safe, no matter where staff log in to work.

Navigate common areas of risk and see how technology can simplify compliance with this PCI DSS compliance checklist for remote work.

Main Risks for Remote Work Staff

Physical Home Environment
Digital Security
Fraud and Scams

1. PCI DSS Compliance Checklist: Physical Home Environment

When team members work from home, it’s impossible to standardize their environment. However, you can set rules around access to workstations, working near others, and phone call privacy.

AR billing work-from-home staff should have parameters for their home offices that ensure privacy and security for your staff, company information, and consumers.

Checklist items:

✔️ Physical privacy

Employees planning to work near others outside of your office may violate compliance regulations. Working in the same room as a spouse, roommate, or another individual outside of the organization shouldn’t be an option if consumer credit card data or personal information is discussed.

✔️ Can others see or access private data?

Payment Card Industry (PCI) compliance requirements keep consumer payment data safe. Even if your AR staff work separately from others, they may violate PCI compliance if home offices aren’t secure at all times. Computer screens should be locked when not in use. No sensitive information should be physically available on paper within the home.

✔️ Can others hear phone calls?

If employees speak to consumers regarding payment information, home offices should be private. This rule also helps collection agencies avoid third-party disclosure violations.

2. PCI DSS Compliance Checklist: Digital Security

PCI compliance for remote workers should address payment data security threats. To reduce the risk of hackers gaining access to remote work systems, employees should use secure networks and strong passwords to conduct business and access systems.

✔️ Maintain and encourage strong password security standards

It may be tempting to use vendor-supplied default passwords for software or easy passwords to get remote workers up and running. However, password security is even more important in remote settings, where you have less control over the situation. Make sure staff regularly change login passwords to keep systems secure.

✔️ Provide company email and cloud storage

Instruct employees not to use personal email addresses or personal cloud storage accounts for work tasks. These types of systems are typically less secure and are at greater risk of being breached.

✔️ Limit information access to prevent data breaches

The simplest way to keep your company, employees, and consumers secure is to limit the amount of sensitive information employees hear, see, or access.

For example, PDCflow’s self-serve payment options don’t require an employee to type in payment details. Offering an online payment page, email, or SMS payment requests reduces payment security risks from remote workers managing payment details.

✔️ Prioritize security through policies and procedures

Payment data security should be a priority for every company. Communicate with staff about security policies and procedures. Discuss how staff are responsible for payment and personal consumer information through routine training.

✔️ Protect and encrypt stored cardholder data

Choose vendors that reduce your company’s PCI compliance responsibility, like PDCflow. Our payment software captures, encrypts, and tokenizes payment data. No need to store within your company’s systems, reducing PCI compliance scope.

✔️ Conduct vulnerability scans, penetration tests, etc.

One important element of digital security is conducting vulnerability scans, penetration tests, and other security measures to keep company systems secure from breaches.

Your IT team should manage these activities, and you should expect the same security from the vendors you choose to work with.

3. PCI DSS Compliance Checklist: Fraud and Scams

Fraudsters may pose as coworkers to send phishing or social engineering emails, requesting passwords or other sensitive information.

Train employees to identify phishing attempts and limit the information workers can access.

Systems like PDCflow sidestep this issue by allowing customers to pay via email, SMS, or chat channels without needing to read payment information over the phone.

Checklist items to fight fraud:

✔️ Restrict physical access to cardholder data

For physical or hybrid offices, restricting access to cardholder data is essential to security. Don’t allow access to sensitive data unless staff need it for tasks. Those who do need access must undergo regular training to properly handle, store, and dispose of paperwork containing payment information.

✔️ Restrict digital permissions by job requirements

Just as with physical records, companies can reduce social engineering and phishing attacks by restricting employee access. To protect audit trails or other customer information, use a payment processor like PDCflow that offers strict administrative controls.

Lock down access to reporting or templates based on group, department, or location.

Store payment data in PDCflow’s secure vault, so it is simpler for your company to comply with PCI DSS requirements.

✔️ Track and monitor all access to network resources and cardholder data

With PDCflow, card details are encrypted, tokenized, and stored outside of your company’s systems. That way, you reduce your PCI compliance scope and reduce the likelihood of mishandling.

For companies that store credit card information in their own system, it’s essential to monitor who has access and to create a secure process for data storage.

Home Office Set Up Tips

Have a dedicated workspace.
Use noise-cancelling headphones.
Set up screens at eye level.
Create house rules for others.
Get dressed for work/take care of hygiene.
Stay in contact with coworkers.

Additional AR Privacy and Security Concerns in Remote Work

Aside from PCI compliance for remote workers, there are other privacy and data protection concerns AR companies need to consider:

Report security incidents right away

There is always a chance that something may go wrong, even if staff try their hardest to prevent a security incident.

If your company is the victim of security risks or a data breach, document dates, times, and a detailed description. Record what happened, and what actions were taken. Report the incident through the appropriate channels.

Information privacy and video conferences

Professionalism is still important in a remote setting. Staff who present to others or have on-camera meetings should follow procedures to maintain consumer privacy and confidentiality.

Be aware of windows or documents that are open on the computer during screen sharing.

Employees who share a workspace should use headphones for privacy.

Use a privacy screen on monitors in high-traffic areas to protect information from unauthorized parties.

Capture payments and get signed consent for one-time and recurring payment schedules.

PDCflow can help. Our platform lets your agents send documents and request esignatures, photos and payments all at once through email, SMS to your consumers in real time.

👉 Learn More

PDCflow for Remote Work Payment Security

PDCflow email and SMS requests help staff to take secure payments while reducing PCI compliance scope.

Agents send payment requests, statements, or other paperwork via email or text message. Consumers sign documents, enter their own payment information, and complete transactions without reading card numbers out loud.

Guaranteed, compliant payments: These Flow requests can be sent, accessed, and completed within seconds. Agents stay on the phone to ensure a secure, compliant, guaranteed payment.

Web chat options: For AR offices or departments that use web chats to interact with consumers, agents can pass a secure payment link through chat to accept secure, guided payments.

Tokenization and encryption: PDCflow tokenizes card numbers and encrypts all payment data in transit and at rest to ensure secure payments.

Stored in our secure vault: PDCflow offers secure payment data storage outside of your company’s system to reduce PCI compliance scope.

Administrative controls: Admin controls restrict access to reporting information. Staff who don’t need to see audit reports or other transaction information won’t have access.

Sign up for weekly email updates from PDCflow. Our content covers information on handling payments, contracts, and compliance, so business leaders can discover practical strategies and actionable insights to reduce manual work and improve cash flow.