Thames Water

Meeting the challenge of securing bill payments over the phone

The UK's largest water and wastewater company, Thames Water needed a way to take customer bill payments over the phone through an agent, securely and to PCI DSS compliance standards.

Every day, Thames Water serves 15 million customers across London and the Thames Valley. But with increased competition within the Water Industry just around the corner, they are transforming their business to help make sure that they retain the customers they have and attract potential new ones.

Thames Water is committed to providing exceptional customer service every day, whilst keeping their customers’ data secure. One element of this transformation programme is the PCI DSS project, designed to increase the security of customers’ personal data.

Thames Water records customer calls, and used to manually pause the recording at the point of taking the payment, and then resume recording after payment authorisation. Not only did this impact the quality of conversation and the rapport between our agent and their customer, but the method was prone to error and would sometimes allow card details to be recorded. PCI DSS also advises against manual pause and resume as a secure method.

Thames Water decided to outsource this project to a specialist provider, and after a long tender process, chose Eckoh for their experience and robust technology solutions.


“Our primary objective was to make our customers’ payments more secure.” said Richard Uzzell - IS Business Analyst. “This project will deliver that to our customers. Customers are paying using their credit and debit cards over the phone, and we want to de-scope that from Thames Water’s environment. We needed somebody who’s much better at the security side of things to actually take that payment on our behalf.”

Thames Water looked at different partners to help improve the way they handled customer card payments and chose Eckoh.

“We were looking for someone who’s well experienced in this space.”, said Stuart Ledger, Chief Financial Officer for Retail at Thames Water.“After a long procurement process, we chose Eckoh. We thought they met all the requirements and their solution was what we needed. We found that there wasn’t really another partner that could do that for us.”


Eckoh deployed its hosted CallGuard solution for agent assisted payments.

CallGuard removes desktops, systems, agents and call recordings from PCI DSS compliance scope and require customers to type their card numbers into the telephone keypad, rather than speaking them aloud. DTMF tones (touchtones) with sensitive information are replaced with flat tones that can’t be related back to card numbers, so call recording can continue without interruption.

CallGuard enables constant conversation with Thames Water’s agents while the payment is being processed. When the card numbers are entered on the keypad, each digit is replaced by a flat tone which makes the number anonymous. Unlike the ‘pause and resume’ method, this allows the call and the recording to take place uninterrupted and leaves no room for human error or mis-keying numbers.

The system offers enhanced security to all areas of the contact centre as the agent cannot see, hear or gain access to the customer card data. CallGuard not only secures call recordings and agents, but all card data touch points such as networks, desktops and telephony systems.


Thames Water launched CallGuard internally by showing a film and formally introducing it to their contact centres. The film showed the new process to the agents who immediately saw the advantage over the previous system.

“The conversation with the customer can continue whilst the customer makes the payment.” said Helen Smith, Manager, Retail Quality Team. “The agent can help out the customer if they get stuck and conversation can then flow more naturally without the hassle of pausing and resuming the call. Plus there is added security value as the customer’s not reading their card details if they’re on a bus or a train with people listening to what they’re doing.”

In terms of Thames Water’s PCI DSS compliance programme - they couldn’t have been more satisfied with the solution Eckoh provided.

“CallGuard will ensure that we can efficiently service high demand, but most importantly give our customers the confidence that their payments are being handled in a secure manner.”, said Stuart Ledger, Chief Financial Officer for Retail at Thames Water. “In addition, our agents need to have confidence that when they’re speaking to a customer that they can rely on the technology, and give the customer assurance that their payment is secure. I’ve personally seen the solution in practice, and it works extremely well for agents using it, and for customers making their payment.”

Thames Water
"We selected Eckoh because of their flexible approach, their excellent reputation within the utilities industry and their highest level of PCI DSS accreditation."
Stuart Ledger, Chief Financial Officer – Retail Services at Thames Water.