Industry: Insurance - Health Employees: 7,000 Turnover: £7.8 billion
Business: Leading health insurer with 8 million members in Florida.
Challenge: Achieving PCI DSS compliant secure payments without breaking the agent and caller contact.
Solution: CallGuard Audio Tokenisation On-site
- Contact centre de-scoped form PCI DSS audit
- Agent and caller remain in continuous contact
- PCI DSS audit requirements are simplified
This health insurer is the largest of the associations organisation’s in the US, based out of Jacksonville Florida, they provide health insurance services to its 8 million members. Their company mission is to help its members get access to affordable healthcare in the State of Florida. They have been serving their members for almost 70 years.
The organisation operate a contact centre with 1,800 agents. In order to take payments securely from its customers their agents had to transfer the caller to a third party payment IVR. This resulted in the agent being disconnected from the caller and so they had no knowledge of whether the payment was successful, or if the caller had any questions.
The contact centre noticed that a high volume of their callers – their patients – were not completing the payment and that their customer satisfaction scores were declining. This was clearly a direct result of this awkward payment process which also made the PCI DSS audit by their QSA more complicated.
Eckoh delivered its patented CallGuard Audio Tokenisation On-site solution which gives the organisation’s contact centre agents the ability to take card payments from their customers over the telephone in a secure manner.
When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated to match the card number. This could be interpreted by an agent or call recording. So, Eckoh’s solution instantly replaces these tones with different, flat tones known as an audio ‘token’.
The token data is entered directly into the agent’s screen. As the token data is not real card data is it completely meaningless and of no value a criminal. The data is not seen, heard, stored or transmitted by the business. If there’s no data there, there’s nothing to steal. The agent never sees or hears the data and it is not recorded during calls.
Eckoh also installed multiple audio appliances in their two data centres and have been approved to handle 5,500 concurrent sessions. We also installed the racks in their data centres that will house the Eckoh equipment. To complete the simplification of the PCI DSS audit requirements Eckoh met with the organisation’s QSA prior to concluding the contract, to walk them through the PCI DSS Responsibility matrix and ensure that were comfortable with the degree to which Eckoh was de-scoping their contact centre.
The solution is one of the simplest available today and is quick and easy to install because it works with all existing systems and is a light-touch on technology. It also means no disruption to business operations or changes to existing systems.
Being able to maintain the agent-caller contact throughout a telephone payment has meant that this health insurance provider can now complete more payments and improve customer satisfaction.
The organisation really valued the continuous contact throughout the call, that this solution delivered. With the caller and agent remaining in contact the volume of completed payments will increase alongside their customer satisfaction and CX scores.
Their Merchant Service group has been de-scoped from the PCI DSS audit simplifying the burden of the PCI DSS audit.