Global health insurance business that delivers pharmaceutical products direct to customers' homes.

Global health insurance business that delivers pharmaceutical products direct to customers' homes.


Industry: Health Insurance Employees: 40,000 Revenue: $42.06 billion

Business: Global health insurance business that delivers pharmaceutical products direct to customers' homes. The service is offered via two data centers using customer service agents.

Challenge: Customer payment systems were not secure and cumbersome to navigate, creating a poor customer satisfaction rate and impacting the volume of payments taken.

Solution: CallGuard, deployed on-premise with patented Audio Tokenization technology.


  • Contact center fully de-scoped
  • No data enters the system
  • Secures remote agents
  • Customer and agent stay in contact
  • Increase in payments


This large organization is based in Bloomfield, Connecticut and Philadelphia, Pennsylvania and is a global health insurance organization with 95 million customers around the world. Their aim is to help individuals and families improve their health, well-being and sense of security — and lower their medical costs. They specialize in medical, dental, behavioral and disability services and provide access to a global network of local physicians and hospitals as well as 24x7x365 live customer service. In 2017 they acquired another large health service organization for $67 billion dollars.


The business operates a home delivery pharmacy for orders or refills and offers discounts on certain products for those who register for the service. Their 1,000-seat home delivery contact center was taking card payments for these products through their IVR which was not secure and so exposed the agents — and customer card data — to the risk of theft or fraud.

In addition, at the point of payment, the agent would have to pass the customer to the IVR to enter their card details which meant that the engagement was interrupted as the customer and agent were no longer in contact. As a result, the agent did not know whether the payment had actually been completed. The business considered both these facts to be unacceptable and delivered a poor customer experience, damaging their customer satisfaction scores and the volume of payments.

A further challenge was presented by their desire to use remote agents to maximize available talent without geographic restrictions. But, this presented a problem with how to ensure that the payment and sensitive data was secure outside the corporate environment.

Their QSA had advised that they would benefit from taking their contact center out of scope of the PCI DSS audit to simplify the entire compliance process and significantly reduce any risks associated with payment card fraud.

The business prides itself on delivering the very best customer service and so wanted to demonstrate that it takes the security of its customers' data as seriously as it does their health.


Eckoh delivered its CallGuard solution which completely removes the contact center from the scope of PCI DSS compliance. It does this by effectively putting a shield around the contact center, preventing sensitive data from entering the company's systems. The solution also means the agent and customer stay in contact throughout the call so there is no break in the engagement, any queries can be resolved, and the customer experience is vastly improved.

Eckoh installed 52 audio appliances in the company's two data centers and the solution was tested and approved to handle 12,000 concurrent sessions. The solution was broken down into Phase 1: IVR Production and Phase 2: Agent Population. Discussions are in line to roll out the solution to other user groups and provide the ability to handle outbound calling campaigns.


  • Home delivery agents are fully de-scoped from the PCI DSS audit
  • Solution de-scopes remote agents
  • Agents and customers stay in contact throughout the call
  • Delivers a vastly improved customer experience and conversion rate
  • Simplified PCI DSS compliance audit

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.

Get in Touch

Eckoh understands retail and hospitality — and we’ve got the right solutions to help. Get in touch and we’ll be glad to discuss your challenges and opportunities.

Contact US 1

Trusted by brands

Eckoh AS 187259285