Case Studies

Proving our solutions work

Motor Insurer
De-scoping the contact center to simplify PCI DSS compliance.
De-scoping the contact center to simplify PCI DSS compliance.


Industry: Insurance - motor    Employees: 680   Revenue: $13.87 million

Business: Motor only, broker only insurance business.

Challenge: PCI DSS compliance to ensure secure telephone payments and protect brand reputation.   

Solution: Hosted CallGuard Audio Tokenization to de-scope the entire contact center from PCI DSS audit.


  • Entire contact center is de-scoped from PCI DSS audit
  • Reduced risk of fraud and impact of a data breach
  • No data is seen, heard, stored or transmitted by the business.


The business is a Lloyd’s underwriting business with an A+ rating that has been a leading motor insurer for over 70 years. Based in Brentwood, Essex with 680 employees, their policies are available exclusively through motor insurance brokers. They operate two contact centers - London and Swindon taking telephone payments.


As a large motor insurance company with an excellent brand in the market, protecting their position is paramount. They take significant steps to ensure that they maintain their customers’ confidence by seeking to reduce risk wherever they can.

Given that they take a large volume of card payments over the telephone, the business was required to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to continue to do this. They further recognized that they needed to protect the customers’ payment card details during the payment process to reduce the risk of fraud or the impact of a data breach.


Eckoh delivered its patented, hosted CallGuard Audio Tokenization solution because it fully removes the contact centre from the scope of PCI DSS audit, making their total compliance burden much simpler and ensuring that they remain compliant every minute of every day.

When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated to match the card number. This could be interpreted by an agent or call recording. So, Eckoh’s solution instantly replaces these tones with different, flat tones known as an audio ‘token’.

The token data is entered directly into the agent’s screen. As the token data is not real card data is it completely meaningless and of no value to a thief of fraudster. The data is not seen, heard, stored or transmitted by the business.

The solution removes the whole of the contact centre from PCI DSS scope - Call Recording; Screen Recording; Agents and Desktops; IT Systems; Data LAN; Physical Environment; Internet access restrictions; Building (CCTV, etc.); PBX/ACD/CTI; Telephony Network (Digital or VoiceLAN).

CallGuard ensures that while cardholder data remains isolated from the contact center environment, the agent and caller can continue dialogue, providing a seamless customer experience.

As a leading insurance business, reducing risk is a core value. For that reason, they chose to remove their entire contact center from the scope of PCI DSS audit because it was the most robust, and the simplest, way to achieve and maintain PCI DSS compliance.


  • The entire contact center is de-scoped from the PCI DSS audit
  • Reduced risk of fraud and impact of a data breach
  • No data is seen, heard, stored or transmitted by the business
  • Customers are reassured that all payments made are done so in a secure manner
  • Quick and simple to install needing no system changes.


Get in touch today

Get in touch today and find out how the Eckoh Experience Portal can change your customer engagement for the better.

book a demo

Get In Touch