- Industry: Insurance – health
- Turnover: $854 million
- Business: Leading health insurer with more than 52 million members nationwide
- Challenge: Achieving PCI DSS compliant telephone payments
- Solution: CardEasy Secure Voice Appliance with transition plan to CardEasy Secure Voice Cloud
- Contact centre fully descoped from PCI DSS
- Agents and callers remain connected
- Works seamlessly with all current and future contact center systems
This insurer administers benefits for more than 52 million members nationwide and offers member self-pay fitness programs for more than 460 million eligible members. With offices in Carmel, IN, San Diego, CA, and Fort Worth, TX, with over 1,500 employees.
The organization operates contact centers with more than 600 agents, all of whom handle payment-related calls. It was important to them to provide a secure and positive experience for their customers and members with every interaction, while driving up efficiency and reducing audit costs and risks associated with their contact center payments.
We delivered our patented CardEasy Agent Assist solution which allows the organization’s contact center agents to take card payments from their members over the phone in a PCI DSS compliant and secure manner.
At the point in the conversation where payment card details are required, using CardEasy, the agent can either capture the member’s payment card details via touchtones or advanced speech recognition. In the case of touchtones the member is simply entering their card numbers using their telephone keypad. In the case of advanced speech recognition the member is simply reading their card numbers aloud. In both cases the payment card data is captured securely by CardEasy and is not seen or heard by the agent or included in either call or screen recordings. CardEasy provides the agent with a real time display of the member’s progress and the payment card data is submitted directly to the payment services provider without entering the contact center systems.
In order to simplify PCI DSS audit requirements, we met with the organization’s Qualified Security Assessor (QSA) prior to contract execution to ensure that they were comfortable with the level to which their contact center would be descoped from PCI DSS. Other vendors were quoting installation times of six to nine months whereas CardEasy was able to offer a hosted solution to be up and running in all the organization’s contact centers within four weeks.
- During the implementation process the organization identified a number of use cases that it had overlooked. The flexibility of the CardEasy solution meant that these could be accommodated as part of the deployment process.
The organization wanted to retain contact between the agents and the members during the secure payment process which the CardEasy solution has delivered for them. There is no requirement for the agent to transfer the call or put the member on hold which provides a seamless experience and reduces average handling time. This is one of the key reasons why the organization selected CardEasy over other vendors.
As a result of deploying the solution the organization’s contact centers have been fully descoped from PCI DSS and the risk and cost associated with these payments has been significantly reduced.
What the client says
The biggest benefit has been that it’s working and that’s what you want, right? We don’t want to hear anything from our contact centers. If we don’t hear anything then that means it’s working as expected, they don’t have any complaints. I always check in and they say, “No problems, it’s working like it’s supposed to.” That’s what’s important.Chief Information Security Officer
The organization was aware of a planned migration from its on-premise contact center platform to a new platform fully cloud hosted. CardEasy is able to support them with this transition through the migration from our Secure Voice Appliance to our Secure Voice Cloud, and the solution can easily be adapted as necessary.