A global telecoms business providing pay-as-you-go mobile SIM cards to international communities and migrant workers.

A global telecoms business providing pay-as-you-go mobile SIM cards to international communities and migrant workers.


Industry: Telecoms Employees: 800 Revenue: 400 million EURO

Business: A global telecoms business providing pay-as-you-go mobile SIM cards to international communities and migrant workers. Today they have 4 million active customers across the world.

Challenge: Being able to protect cardholder data while allowing the agent and caller to stay in contact throughout the transaction and let customers pay at a time that suits them.

Solution: CallGuard for Agent-Assisted secure transactions.


  • Achieving PCI DSS compliance
  • Continuous agent-caller engagement
  • Reducing the risk of fraud


The business was founded in 2001 initially providing international telephone calling cards. The business has grown over the years to provide its current range of products.

Lebara is one of Europe's fastest-growing mobile companies, with some 4 million active customers, worldwide and operations in many countries including UK, Netherlands, Denmark, Spain, France, Switzerland, Germany, Saudi Arabia, Sri Lanka and Australia.


As a multi-channel telecoms provider, Lebara wanted to expand the payment choices they offered customers. They found that customers sometimes had more detailed questions about some of the products shown on their website and needed to discuss them with an advisor. At the same time, they wanted to be able to take secure payments in that same engagement without exposing the customers' cardholder data to the agent.

Fraud prevention and data security were paramount for Lebara who wanted to ensure their phone payment processes were compliant with the Payment Card Industry Data Security Standards (PCI DSS) without compromising their customers' shopping experience. Lebara wanted a flexible system that enabled their advisors to remain on the phone with the customers during payment.


Lebara chose CallGuard as it prevents card details from ever entering the contact center environment and removes phone payments from PCI DSS audit scope.

CallGuard is a fully hosted service that allows advisors to accept card payments without card details entering Lebara's network or being seen or heard by agents.

Importantly, valuable card data doesn't touch the organization, so there is no data for anyone to steal.

The service enables agents to remain on the phone with the caller and guide them verbally through the payment process. When a caller types their card details into their handset the DTMF tones are intercepted by CallGuard and replaced with monotones, allowing call recording to continue with no implications to PCI DSS. As only masked card numbers are shown on the advisor's web panel, they can assist the customer in the event of any difficulty.

"This is just what we need. Many of our customers want to be able to ask a few questions before they buy. For our agents to be able to stay in conversation with the customer throughout the payment process was the deal maker for us."

Lebara Group


By using Eckoh as their payment service provider, Lebara can be confident that their customers' data is protected. It has also simplified its PCI DSS compliance process.

"We wanted to have this continuous agent-caller contact but had to ensure that whatever route we chose, there would be no risk to customer card data. We were really impressed with Eckoh's credentials, their PCI DSS level 1 status and their confidence at meeting our challenging implementation deadlines. We are now confident that we provide a secure yet convenient payment service plus excellent customer experience."

Lebara Group

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.

Get in Touch

Eckoh understands retail and hospitality — and we’ve got the right solutions to help. Get in touch and we’ll be glad to discuss your challenges and opportunities.

Contact US 1

Trusted by brands

Eckoh AS 187259285