Motor-only, broker-only insurance business


Industry: Insurance - motor Employees: 680 Revenue: £10.7 million

Business: Motor-only, broker-only insurance business.

Challenge: PCI DSS compliance to ensure secure telephone payments and protect brand reputation.

Solution: Hosted CallGuard Audio Tokenisation to de-scope the entire contact center from PCI DSS audit.


  • Entire contact center is de-scoped from PCI DSS audit
  • Reduced risk of fraud and impact of a data breach
  • No data is seen, heard, stored, or transmitted by the business.


The business is a Lloyd's underwriting business with an A+ rating that has been a leading motor insurer for over 70 years. Based in Brentwood, Essex, UK, with 680 employees, their policies are available exclusively through motor insurance brokers. They operate two contact centers - London and Swindon taking telephone payments.


As a large motor insurance company with an excellent brand in the market, protecting their position is paramount. They take significant steps to ensure that they maintain their customers' confidence by seeking to reduce risk wherever they can.

Given that they take a large volume of card payments over the telephone, the business was required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to continue to do this. They further recognized that they needed to protect the customers' payment card details during the payment process to reduce the risk of fraud or the impact of a data breach.


Eckoh delivered its patented, hosted CallGuard Audio Tokenization solution because it fully removes the contact center from the scope of PCI DSS audit, making their total compliance burden much simpler and ensuring they remain compliant every minute of every day.

When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated to match the card number. This could be interpreted by an agent or call recording. So, Eckoh's solution instantly replaces these tones with different, flat tones known as an audio 'token'.

The token data is entered directly into the agent's screen. As the token data is not real card data, is it completely meaningless and of no value to a thief or fraudster. The data is not seen, heard, stored, or transmitted by the business.

The solution removes the whole of the contact center from PCI DSS scope - Call Recording; Screen Recording; Agents and Desktops; IT Systems; Data LAN; Physical Environment; Internet access restrictions; Building (CCTV, etc.); PBX/ACD/CTI; Telephony Network (Digital or VoiceLAN).

CallGuard ensures that while cardholder data remains isolated from the contact center environment, the agent and caller can continue the dialogue, providing a seamless customer experience.

As a leading insurance business, reducing risk is a core value. For that reason, they chose to remove their entire contact center from the scope of PCI DSS audit because it was the most robust and the simplest way to achieve and maintain PCI DSS compliance.


  • The entire contact center is de-scoped from the PCI DSS audit
  • Reduced risk of fraud and impact of a data breach
  • No data is seen, heard, stored, or transmitted by the business
  • Customers are reassured that all payments made are done so in a secure manner
  • Quick and simple to install, needing no system changes

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, please contact one of our trusted advisors.

Get in Touch

Eckoh understands banking and insurance — and we’ve got the right solutions to help. Get in touch and we’ll be glad to discuss your challenges and opportunities.

Contact US 1

Trusted by brands

Eckoh AS 187259285