When PCI Compliant Payment Safe Rooms Have Been Replaced With Work From Home Staff
Organizations today are looking for ways to reduce the scope of their call center’s PCI footprint. Organizations that operate a call center or rely on staff to collect customers credit card information for storage and later use are going to great lengths to implement PCI compliant business processes that (a) remove staff from handling or having any access to credit card information and (b) employing methods where they can safely store credit card information to be used for future charges.
Solutions such as Authorize.Net’s CIM enable organizations with the ability to store customers’ credit card information in a way that is encrypted, secure, and meets PCI standards. It also allows organizations to access this information securely for future customer payments. However, getting that credit card information into the CIM vault in a way that meets PCI Compliance security standards is where organizations are facing their greatest challenges.
For organizations that have online payment portals the process can be straight forward, as Authorize.Net makes it simple for them to connect their online e-commerce and software solutions to the Authorize.Net’s CIM
However, this becomes more challenging for organizations who have a high touch approach to interfacing with customers such as those who are collecting credit card information over the telephone and rely on their people to collect credit card information and manually input the information in to a 3rd party software (CRM/ERP). Although once the credit card information makes it to the CIM it is securely stored and accessed in the future, it is the process of how it gets there that organizations are turning their focus to. Specifically, how to remove staff from handling the customer’s credit card information from the time the customer provides it, to its being securely stored in the Authorize.Net CIM.
Although it is possible to create a
payment safe room when security controls are in place and meet the PCI security standards, for the average organization this is not operational nor financially feasible in the age of doing business amid the COVID-19 pandemic. Even those organizations that went to great lengths to
build payment safe rooms, have had to dismantle them and replace them with a work from home approach.
By combining DatatelPay-By-Phone optimized for CIM with Authorize.Net’s API’s and Webhooks, an organization can rapidly secure its work from home staff while continuing to leverage its Authorize.net CIM investment.
For more information on how to leverage your Authorize.Net CIM investment to secure your payment transactions by phone, contact our team of IVR Payment experts.