Hiscox case study

Background

Hiscox is a specialist insurer, underwriting a range of commercial and personal risks. Hiscox has grown from a single underwriter based at Lloyd’s into a FTSE 100 company, with offices in 14 countries and customers around the world.

Improving phone payment security for customers

In August 2017, Hiscox worked with an external auditing company to review its phone payment security and PCI DSS compliance. It reviewed ways of improving the customer experience as well as reducing the internal workload required to maintain compliance.

Following the review, approval was granted for Hiscox to change the payments processes used within the business for ‘over the phone’ credit/debit card payments. A formal RFP process was initiated to source the supply of a DTMF masking solution, to capture  cardholder data without asking customers to read their card numbers out over the phone, which research shows that 80% of consumers prefer not to do.

Why did Hiscox choose CardEasy?

The CardEasy ‘keypad payment by phone’ DTMF masking system offered Hiscox a ‘one-stop shop’ for phone payment security, offering an improved customer experience whilst de-scoping its contact center environments from PCI DSS controls (including agents, network, call & screen recordings).  It also avoids piecemeal methods such as ‘pause and resume’ for call recordings. This suited both commercial and regulatory requirements, as the FCA require full length call recordings (which CardEasy allows  for), as the DTMF tones of the card capture are flattened and so cannot be discerned  from call recordings.

CardEasy future-proofs phone payment security too, as it is a managed, multi-tenanted service provided by Syntec, a leading PCI DSS level-1 international service provider.

What was involved in the deployment?

CardEasy integrated seamlessly with Hiscox’s COLT SIP telephony and Cisco Call Manager, using premise-based (‘CPE’) equipment in London and Paris to facilitate the CardEasy managed service.

Results

Hiscox employees found the change from taking card payment from customers verbally, to customers keying in their own card numbers, an easy transition and a method customers generally prefer, intuitively appreciating the data security benefits.  Agents also prefer the new system, finding it less prone to error, fast and efficient.

“Overall we’re very happy with CardEasy.  We need systems that support our high quality customer service ethos and meet our commercial requirements and in our case, CardEasy matches those needs and does exactly what it promised.”

Sean Carney, Head of Operations, Direct UK