Problem Solved: Software-Only MFA for Call Center PCI Compliance

Call center agents

In 2020 there were an estimated 2.83 million people working in call centers across the United States according to

These facilities are the backbone of numerous industries’ customer service operations which rely upon these call centers and call center agents to ensure their customers are receiving the best experience possible. In an industry that employs millions and is also responsible for handling sensitive information for millions, security and efficiency are extremely important.

Call centers, especially BPOs, need top-notch security for PCI compliance. Agents cannot use or have mobile devices in their possession on the floor since that puts customer payment data at risk. Maintaining PCI compliance in a setting that strictly prohibits the use of cell phones can be incredibly difficult for organizations to do without the appropriate software in place.

The consequences of PCI non-compliance vary from monthly penalties which can range from $5,000-$500,000 to legal action that can result in the loss of revenue. An additional risk taken when PCI compliance is not met is reputational damages which can also greatly impact the organization’s bottom line.

In order for any call center that handles payment processing to be PCI compliant, multi-factor authentication is required. Because MFA is required, but mobile devices are prohibited on the floor, traditional MFA is not a viable option. Email MFA doesn’t meet the compliance standards required. Even if it did, emailing a PIN is insecure if a workstation is compromised.

Hardware tokens like Yubikey are expensive to purchase and replace. Employees have a tendency to forget or break their hard tokens, and with 150% annual staff turnover, assigning and de-authorizing the tokens takes too much time. BPOs need to deploy MFA, but until now didn’t have the enabling products or vendor partners to make it possible.

Twosense, a 100% software MFA startup out of Brooklyn, New York has been pioneering AI-driven biometrics, starting with the US DoD and then moving into Enterprise. Now Twosense is charging into the call center industry and is radically changing the game.

The Twosense software-only solution automates MFA challenges by using passive biometrics to authenticate employees and keep PII safe. Twosense can be deployed as either a browser extension (Chrome and Edge) or as a Windows agent. In either case, an organization can roll out the solution with minimal time and effort. This is ideal for Call Centers because it doesn’t require a phone or a hardware token and the software is installed on the user’s browser, workstation, or virtual machine.

This enables secured call center facilities to meet MFA/PCI Compliance standards without the need for mobile devices. Identity verification via Passive Biometrics prevents credential sharing, workstation misuse, and is unphishable. Reducing interruptions allows for agents to be more efficient, attentive, and serve more customers throughout the day.

To learn more please visit

About the Author

Isabeau Boody is Marketing Manager at Twosense.

Isabeau Boody, Marketing Manager, TwosenseTwosense automates the challenge-response of multi-factor authentication on behalf of its users so they can avoid frustrating interruptions. This allows IT departments to implement stricter and more secure MFA policies without sacrificing the user experience. Developed in partnership with the US Department of Defense,

Twosense uses machine learning to drive passive biometrics that can guarantee a user’s identity continuously throughout the day. For more information follow Twosense on LinkedIn.

Leave a Comment