Laya Healthcare is Ireland's largest private health insurer with over 500k members and 90m customers.


Industry: Insurance - health Employees: 459 Revenue: €60 million

Business: Largest private health insurer in Ireland with over 500k members and 90m customers.

Challenge: Achieving PCI DSS compliance to secure customer telephone payments.

Solution: CallGuard Audio Tokenization On-site.


  • PCI DSS compliance
  • No card data is exposed to agents or call recordings
  • Significant reduction in risk


Laya Healthcare was founded in 1997 and is the largest private health insurance provider in Ireland, with over half a million members and 450 employees. Its operations are headquartered in Little Island, County Cork with another base in Dublin. In 2015 Laya Healthcare became part of AIG, one of the strongest insurance organizations in the world with over 90 million customers in 100 countries and jurisdictions. Their contact center is based in Cork, Ireland.


Laya Healthcare’s brand and reputation, as a trusted Health insurance provider, is paramount to the success of the company. Their clients trust them with their health cover and, as part of its commitment to delivering the best customer experience,

Laya Healthcare wanted to ensure they do everything possible to secure their customer's personal and payment card information. It was important for Laya Healthcare to ensure that all their agents who take payments from their clients can do so securely.


Eckoh delivered its patented CallGuard Audio Tokenisation On-site solution, which gives Laya Healthcare’s contact center agents the ability to take card payments from their clients over the telephone securely. When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated to match the card number. This could be interpreted by an agent or call recording.

So, Eckoh’s solution instantly replaces these tones with different, flat tones known as an audio ‘token’. The token data is entered directly into the agent’s screen. As the token data is not real card data; it is completely meaningless and of no value to a thief or fraudster. The data is not seen, heard, stored, or transmitted by the business. The agent never sees or hears the data and is not recorded during calls.

The solution is one of the simplest available today and is quick and easy to install because it requires minimal integration to existing systems and is a light touch on technology. It also means no disruption to business operations or changes to existing systems.

We chose Eckoh’s CallGuard On-Site solution because it’s so flexible and simple. We’re committed to PCI DSS compliance as well as security and now we can reassure our customers that their payment data is secure, our business is compliant and our brand strength is maintained." Laya Healthcare


  • Card payments over the telephone are now secured
  • No agent sees or hears any sensitive data
  • Reduced risk of contact center fraud
  • Customer reassurance over the security of their card data
  • Quick and easy installation means no business disruption

To find out how we can help you secure your payments over any channel

Eckoh AS 171151510