Case Study: One Call Insurance


Callstream Vault ensures PCI-DSS compliance for insurance broker secure card payments.


One Call Insurance is one of the fastest growing insurance brokers in the UK. Offering car insurance, home insurance, pet insurance, travel insurance and van insurance to consumers across the UK. The group also gives business owners a helping hand with OC Commercial, which offers commercial insurance to a wide range of businesses.

Employing over 250 people, who are mainly based in their Doncaster office, One Call is a national organisation which can be found on all of the major comparison sites such as Compare the Market, Confused and Go Compare.

The Challenge

Whenever credit card details are handled by merchants in the UK, they are subject to the PCI-DSS regulations over credit card data security. These regulations specifically deem the recording and storing of personal credit card details as non-compliant. 

Complying with PCI-DSS is of particular logistical difficulty for those answerable to Financial Conduct Authority (FCA). The FCA recommends that “sufficient” records of the details of all transactions undertaken are stored – which is often taken to mean recording call centre conversations. The dilemma is that to do so would be in breach of PCI-DSS.

The Solution

Vault text underneath One Call Insurance appointed Callstream to ensure it maintains and continues to meet Level 1 PCI-DSS compliance. By deploying Callstream Vault, One Call Insurance has ensured instant compliance with PCI-DSS as the technology prevents the insurance broker from coming into any contact with customers’ sensitive information.

In order to provide the highest level of PCI-DSS compliance, when the card details are required from the caller, the Vault service is activated to automatically suppress the phone pad tones when credit card details are entered so they are not audible to call recording systems or call centre agents. 

Callstream Vault also guarantees FCA adherence by allowing One Call Insurance to continue to record the entirety of call centre conversations, whilst also suppressing phone pad tones and never allowing the insurer access to the payment card details.

The Results 

For One Call Insurance, compliance was not just about ticking the right boxes and avoiding penalties.

Oliver Rose, Company Director, One Call Insurance:

“We strongly recognise the need to be PCI-DSS compliant as part of our overall company strategy, and this means ensuring active systems controls such as Callstream Vault are in place to reduce the risk of financial crime. The regulations and recommendations exist to ensure the highest levels of customer service and security – something which we take very seriously and see as a contributory factor to our growth.”

“Callstream has a long track record of high performance in the insurance sector and offered technology that not only met our requirements, but could also be implemented extremely quickly and cost-efficiently due to its cloud-based nature. Callstream’s Vault platform is also one of the few solutions on the market that offers PCI compliance tailored for the insurance market, something that is logistically very difficult to achieve.”

Contact our team today to discuss how Callstream Vault can help your business.


Comments are closed for this post.