Leading health insurer with 8 million members in Florida.

Leading health insurer with 8 million members in Florida


Industry: Insurance - Health Employees: 7,000 Turnover: $10.11 billion

Business: Leading health insurer with 8 million members in Florida.

Challenge: Achieving PCI DSS compliant secure payments without breaking the agent and caller contact.

Solution: CallGuard Audio Tokenization On-site


  • Contact center de-scoped from PCI DSS audit
  • Agent and caller remain in continuous contact
  • PCI DSS audit requirements are simplified


This health insurer is the largest organization of its kind in the US, based out of Jacksonville Florida, they provide health insurance services to its 8 million members. Their company's mission is to help its members get access to affordable healthcare in the State of Florida. They have been serving their members for almost 70 years.


The organization operates a contact center with 1,800 agents. In order to take payments securely from its customers their agents had to transfer the caller to a third-party payment IVR. This resulted in the agent being disconnected from the caller and so they had no knowledge of whether the payment was successful, or if the caller had any questions.

The contact center noticed that a high volume of their callers, their patients, were not completing the payment and that their customer satisfaction scores were declining. This was clearly a direct result of this awkward payment process which also made the PCI DSS audit by their QSA more complicated.


Eckoh delivered its patented CallGuard Audio Tokenization On-Site solution which gives the organization's contact center agents the ability to take card payments from their customers over the telephone in a secure manner.

When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated to match the card number. This could be interpreted by an agent or call recording. So, Eckoh's solution instantly replaces these tones with different, flat tones known as an audio token.

The token data is entered directly into the agent's screen. As the token data is not real card data is it completely meaningless and of no value a criminal. The data is not seen, heard, stored or transmitted by the business. If there's no data there, there's nothing to steal. The agent never sees or hears the data and it is not recorded during calls.

Eckoh also installed multiple audio appliances in their two data centers and has been approved to handle 5,500 concurrent sessions. We also installed the racks in their data centers that will house the Eckoh equipment. To complete the simplification of the PCI DSS audit requirements Eckoh met with the organization's QSA prior to concluding the contract, to walk them through the PCI DSS Responsibility matrix and ensure that they were comfortable with the degree to which Eckoh was de-scoping their contact center.

The solution is one of the simplest available today and is quick and easy to install because it works with all existing systems and is a light-touch on technology. It also means no disruption to business operations or changes to existing systems.

Being able to maintain the agent-caller contact throughout a telephone payment has meant that this health insurance provider can now complete more payments and improve customer satisfaction.


The organization really valued the continuous contact throughout the call, that this solution delivered. With the caller and agent remaining in contact the volume of completed payments will increase alongside their customer satisfaction and CX scores.

Their Merchant Service group has been de-scoped from the PCI DSS audit simplifying the burden of the PCI DSS audit.

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.

Get in Touch

Eckoh understands retail and hospitality — and we’ve got the right solutions to help. Get in touch and we’ll be glad to discuss your challenges and opportunities.

Contact US 1

Trusted by brands

Eckoh AS 187259285