Skip to content
A WAHA sitting at their workstation while enthusiastically helping a customer.

Creating an Environment for WAHA Success

In the era of COVID-19, the WAHA (Work At Home Agent) model has been implemented by call centers across the globe. Most organizations that implemented WAHA policies did so without existing plans - they had no choice but to pull agents out of brick and mortar contact centers. As Omicron wanes, the majority of the United States’ estimated 286,000 call center agents are still working remotely.

The adaptation of the WAHA model has some clear benefits. According to research done by, implementing WAHA for contact centers may lower costs compared to an on-site operation; it allows access to an untapped talent pool that is unable or unwilling to commute to work, unlocks the ability to establish operations in cities, regions, or even countries where the company does not have the physical infrastructure, and better work-life balance for employees, which leads to lower absenteeism and attrition rates.


However, implementing a remote working structure for a call center has its challenges. One of the largest services call centers provide is payment processing. In fact, some of the largest organizations in the world utilize BPO call centers to outsource their customer service and over-the-phone payments. Because of the nature of the information these agents are handling day to day, maintaining PCI compliance is paramount. This is true regardless of whether your organization is entirely on-site, remote, or even hybrid. 

Maintaining PCI compliance in the call center environment is easier said than done, and the addition of the WAHA role compounds some of the pre-existing challenges and introduces new ones. Secure call center facilities, or call centers that process payment information, have strict regulations dictating what can and cannot be present on the floor. Cell phones and other mobile devices are at the very top of that list. Multi-factor authentication, also referred to as MFA, is used to authenticate a user's identity and is one of the most essential components of an organization's security posture. Traditional MFA solutions require a mobile device, making them unsuitable for call centers.

Email MFA also doesn’t meet the compliance standards required. Even if it did, emailing a PIN is insecure if a workstation is compromised. Hardware tokens like Yubikey are expensive to purchase and replace. Employees have a tendency to forget or break their hard tokens, and with 150% annual staff turnover, assigning and de-authorizing the tokens takes too much time. BPOs need to deploy MFA, but until now didn’t have the enabling products or vendor partners to make it possible. 

The Twosense software-only solution automates MFA challenges by using passive biometrics to authenticate employees and keep PII safe. Twosense can be deployed as either a browser extension (Chrome and Edge) or as a Windows agent. In either case, an organization can roll out the solution with minimal time and effort. This is ideal for Call Centers because it doesn’t require a phone or a hardware token and the software is installed on the user’s browser, workstation, or virtual machine.


This enables secured call center facilities to meet MFA/PCI Compliance standards without the need for mobile devices. Identity verification via Passive Biometrics prevents credential sharing, workstation misuse, and is unphishable. Reducing interruptions allows for agents to be more efficient, attentive, and serve more customers throughout the day.

To learn more, schedule your 1:1 with a member of our team today at

More from the Blog

March 25, 2022

In Defense of Okta and Sitel

On Monday, March 21, 2022, news broke that Okta was breached through one of their outsourcing partners, Sitel Group....
May 24, 2022

Twosense Featured in Contact Center Pipeline

Multi-factor authentication is paramount when it comes to maintaining PCI DSS compliance in the BPO contact center...
May 31, 2023

Protect Your Contact Center From Work-At-Home Collusive Threats

Complicit agents and insider fraud is something most contact centers refuse to acknowledge publicly, and it makes...

Sign Up for our Blog

We will never share your email address with third parties.