Top 50 UK insurance company maintains its mutual status which helps to differentiate the business from others


Industry: Insurance Employees: 3,815 Revenue: £1 billion pa

Business: One of the top 50 insurance companies in the UK, the business maintains its mutual status which helps to differentiate the business from others. Today they have over 900,000 policyholders.

Challenge: To be able to reduce fraudulent claims and meet Payment Card Industry Data Security Standards (PCI DSS) to protect cardholder data when taking payments for policies over the telephone or the Internet.

Solution: CallGuard On-Site to remove cardholder data from call and screen recordings and prevent agents from seeing the card data.


  • Achieving PCI DSS compliance
  • Reduction in fraudulent claims
  • Reducing the risk of fraud


This leading insurer was founded in 1910 and is based in Stratford-upon-Avon, Warwickshire, UK. In contrast to insurance companies owned by their shareholders, this insurer is owned by its 900,000+ policyholders.

They sell their policies through a network of around 690 agents working from over 300 offices around the UK. The majority of the 3,815 staff take payments for policies on a daily basis over the telephone and the Internet.


Each agency had its own phone solution in place, which causes an issue for a business whose key channel of engagement is the telephone. There was also no call recording in place for quality, legal or training purposes. This aspect is critical in the insurance industry for handling complaints and reducing fraudulent claims. In fact, the business would often pay out even when they were sure they had false claims because there was no record of the policy conversations to enable them to verify a claimant.

In addition to this, the need to become compliant with the Payment Card Industry Data Security Standard (PCI DSS) became a necessity to allow the insurer to continue taking card payments over the telephone and internet while ensuring that their customer's payment data was kept secure.


Originally Eckoh implemented its agent-assisted secure payment solution, CallGuard On-Site - which removes cardholder data from call and screen recordings and prevents agents from seeing the details. This means that these three elements are no longer part of the scope of the PCI DSS audit. As CallGuard requires no changes to systems, CRM, or payment processes, it is extremely simple and easy to deploy, having an instant impact.

Eckoh CallGuard forms part of the overall ICON Communicate platform from Maintel, including Unified Communications from Mitel and recording from Red Box. Solutions from other suppliers were considered but these were rejected based on the complexity and variety of the agency environments.

Following a three-month proof-of-concept exercise, where only the Eckoh/Maintel/RedBox solution was able to meet requirements, the solution was fully implemented and rolled out to over 3,000 users in over 300 agency offices.

What we liked about Eckoh's solution was its simplicity. We didn't have to change a thing; it was so easy. Now we're proud to be reducing the risk of fraud for our customers' data, our agents, and our business. Major UK Insurer


The insurer's agents can remain on the call and speak to the caller throughout the entire payment process providing not only reassurance but also offering opportunities to sell additional products and deepen the customer experience.

The business is now PCI DSS compliant for their telephone and internet payment services, significantly reducing the risk of fraud.

Fraudulent claims fell immediately during the proof-of-concept stage as the call recordings were being used to prove false claims.

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, please contact one of our trusted advisors.

Get in Touch

Eckoh understands banking and insurance — and we’ve got the right solutions to help. Get in touch and we’ll be glad to discuss your challenges and opportunities.

Contact US 1

Trusted by brands

Eckoh AS 187259285