Large US hospital for children seeks to ensure they take their patients' cardholder data as seriously as they do their health.

Large US hospital for children seeks to ensure they take their patients' cardholder data as seriously as they do their health.


Industry: Healthcare Employees: 9,090 Turnover: $1.59 billion

Business: Large US hospital system for children seeks to ensure they take their patients’ cardholder data as seriously as they do their health.

Challenge: To achieve and maintain PCI DSS compliance to reduce the risk of fraud and the impact of data breaches.

Solution: CallGuard for agent-assisted payments and PCI DSS compliance.


  • Speedy implementation
  • No sensitive data is available for criminals to steal
  • Agent and customer remain in contact throughout the interaction


The organization is a large US hospital system for children. It comprises of three hospitals, seven urgent care centers and 27 neighborhood locations across the southeastern US looking after children under the age of 21. Their 70-strong call center manages over eight million calls each year.

For more than 100 years they have held steadfast to a single core mission - to make kids better today and healthier tomorrow.

Their treatments range from asthma to cancer, diabetes, cardiac problems, fractures and surgery.


The hospital has a strong commitment to engagement with customers and patients. Their contact center takes payments on account for donations, gift shop orders, registration fees, classes and tuition.

They wanted to show that they had extended their care to patients’ and customers’ data and payment security by achieving compliance with Payment Card Industry Data Security Standard (PCI DSS). The hospital regularly takes payments from patients and customers over the phone so needed a simple, yet robust, solution that would not create difficulties alongside its existing systems.

The hospital intends to demonstrate that their strong care ethic is replicated in the care they put into their customer engagement by embracing telephone payments while being mindful of their customers’ data security. They found that Eckoh’s solution to this was the most robust available and provides their patients and customers with confidence and trust.


Eckoh provides its CallGuard solution which utilizes patented Audio Tokenization technology that eliminates any card data from entering the hospital’s infrastructure. This ensures compliance with PCI DSS and provides the hospital with peace of mind. In addition, and crucially, it will not require changes to existing IT applications, payment vendors or existing relationships which keeps disruption and implementation costs and resources to a minimum.

CallGuard also significantly reduces the potential for card data theft, prevents employees from being exposed to card data and completely removes payment systems and processes from the audit scope of PCI DSS.

Unlike other secure payment systems, Eckoh’s tokenization completely removes the need for merchants to make expensive or extensive changes to any existing IT infrastructure.

The solution was developed for all Card-Not-Present payments, not just those made over the phone, and its ease of implementation is a major attraction.


The hospital is now able to provide customer reassurance that their patient and payment card data is secure. It reduces the risk of fraud and protects both the provider, their patients and their customers against a data breach because there is no useful information available to thieves.

Customers and patients now have a greater engagement experience which will, in turn, bring benefits such as an increase in both revenue and donations – helping them to maintain their vital and long-standing support and care of the young.

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.

Get in Touch

Eckoh understands retail and hospitality — and we’ve got the right solutions to help. Get in touch and we’ll be glad to discuss your challenges and opportunities.

Contact US 1

Trusted by brands

Eckoh AS 187259285