Industry: Insurance - Life Employees: 49,000 Revenue: £47.6 billion
Business; A large global provider of insurance, annuities, and employee benefit programs with 90 million customers.
Challenge: To meet their overall PCI DSS requirements for processing credit card transactions while their consumers were on the phone
Solution; CallGuard Audio Tokenisation Onsite for phone agent payments and IVR payments.
- PCI DSS compliance and reduced audit scope
- Savings of £ millions through retaining existing systems
- Customer satisfaction with simplicity and security of the solution
Founded over 150 years ago, this client is among the largest global providers of insurance, annuities, and employee benefit program. Through its subsidiaries and affiliates, they hold market-leading positions in the US, Japan, Latin America, Asia’s Pacific region, Europe and the Middle East. They serve 90 of the largest Fortune 500 companies through multiple data centres and over 7,000 customer service agents located in many contact centres.
Due to handling customer payments over the phone and IVR the client needed to comply with the Payment Card Industry Data Security Standard (PCI DSS) for processing such transactions. Customers were calling the contact centre to make payments over the phone with the contact centre agents or through an on-premise IVR.
The client recognised that removing as much of the contact centre from the scope of the PCI DSS audit would be the simplest solution. However, their immediate priority was to find a solution that would work with their Avaya phone system and its encryption process which was out of PCI DSS scope and avoid an upgrade that would cost several million dollars.
Eckoh has delivered its CallGuard On-Site Audio Tokenisation solution as the simplest way to resolve the client’s challenge.
CallGuard intercepts the payment data before it enters the client’s networks and environment (including their PBX systems). Regardless of any weakness in a specific component, the data cannot be stolen or compromised if it’s not there to begin with.
The solution was implemented across all data centres with no APIs and no impact on their internal processes or third-party token vault process. This resulted in a quicker install since they did not need APIs and application development changes
When a major insurance business chose CallGuard, it gained more than just PCI DSS compliance. Their customer satisfaction increased dramatically through the solution’s, simplicity and security, saving millions of dollars in the process.
- Achieved PCI DSS compliance and audit scope significantly reduced
- CallGuard is now the default payment capture method input for their permanent token provider when capturing new payment data information.
- No agents are exposed to payment data, no payment data is stored or traverses their networks
- Savings of US$ millions from not having to replace their Avaya system and eliminating excessive carrier trunks no longer active, but being billed
- Increase in customer satisfaction through the simplicity of the system and their reassurance that their data was protected
- The IVR was also de-scoped, allowing customers to continue using it, but in a more secure manner