Hillarys is the UK's leading window dressing retailer. Hillarys needed a secure, convenient and unobtrusive method of transacting card payments over the phone. They chose CallGuard which effectively removes the whole contact centre from the scope of PCI DSS.

With over 40 years' experience of providing made-to-measure window dressings, principally blinds, curtains and shutters, Hillary's have made and fitted over 25 million blinds. A cornerstone of the business from the outset has been quality products, outstanding customer service and maintaining its industry-leading position.

The Hillarys Group serves over 500,000 customers every year through their brands Hillarys, Web-Blinds.com, Arena and Custom West. It supplies a third of the made-to-measure blinds and shutters market. Hillarys' Nationwide network of Advisors make 850,000 customer visits per year and 21,000 blinds and shutters are fitted each week. They are supported by a busy contact centre, consistently delivering a service level recognised in the Top 50 Companies for Customer Service.

Hillarys knew that it had to provide the highest level of payment security for its customers and also meet the ever-increasing requirements to maintain compliance with PCI DSS standards. But the growing costs resulting from introducing internal controls were impairing Hillarys' ability to innovate.


Payments are principally taken by Hillarys' Advisors in-home, but there are scenarios where a subsequent card payment needs to be transacted over the phone by a contact centre agent. Hillarys endeavours to offer customers first-call resolution, so card payments may result from any of the 20,000 calls each week answered by its 170 contact centre agents.

When the PCI DSS standard was introduced a decade ago, Hillarys implemented an online payment capture system that used call recording 'pause call record' functionality in their contact centre to prevent customer details from being recorded. Later revisions of the PCI DSS standard have tightened its requirements, making the previous solution increasingly unwieldy to control, inflexible to operate, slow to change and expensive to operate.

Hillarys decided to outsource their PCI requirement to a reputable technology partner that could deliver a highly secure solution for taking phone payments using leading-edge technology.

Customers now expect the highest level of payment card security from a market leader. The business needed a partner capable of meeting current and new regulatory requirements as they develop in the future.

Hillarys' main objectives were to deliver the following requirements:

  • Seamless in-call transfer to secure IVR payment capture system for remote Advisors
  • Enable the Contact Centre Agent to remain on the line while the customer is making a payment through their contact centre
  • Hide the card details from the Agent (both on screen and during the call) and the call recording system
  • Customer payment card details to remain outside of Hillarys infrastructure
  • Ability to integrate to Hillarys' systems and payment providers
  • Full integration with their existing Telephony system


After assessing numerous solutions, Hillarys chose CallGuard for contact centre agent assisted payments; and EckohPAY IVR for payment made through their home-visit Advisors.

Both CallGuard and EckohPAY remove desktops, systems, agents and call recordings from PCI DSS compliance scope and require customers to type their card numbers into the telephone keypad, rather than speaking them aloud. EckohPAY enables customers to make automated payments over the phone 24/7. The service securely authenticates the caller using identification and verification before guiding them through to making a payment.

CallGuard enables constant conversation with Hillarys' agents while the payment is being processed. When the card numbers are entered on the keypad, each digit is replaced by a flat tone which makes the number anonymous. Unlike the 'pause and resume' method, this allows the call and the recording to take place uninterrupted and leaves no room for human error or mis-keying numbers. The system offers enhanced security to all areas of the contact centre as the agent cannot see, hear or gain access to the customer card data.

CallGuard not only secures call recordings and agents, but all card data touch points such as networks, desktops and telephony systems.


Hillarys' customers, agents and Advisors have given extremely positive feedback to both IVR and Agent assisted services. CallGuard and EckohPAY have completely removed Hillarys' contact centre from the PCI DSS audit scope and has significantly reduced the risk of fraud and data breach.

Customers are given a greater sense of security knowing that their details are kept secret. And as Agents are able to continue voice communication with them throughout the payment process, they can provide an improved level of customer service.

In addition, home-visit Advisors can take payment from customers at any time of the day, quickly and efficiently through the automated IVR system. The Agent simply provides the customer with the automated phone number and asks them to make a payment using the IVR. The Agent then receives confirmation and can provide the customer with a receipt.

"Hillarys recognised the need for a next-generation solution for taking secure card payments over the phone, as our previous approach to achieving PCI DSS compliance was increasingly unwieldy to control, inflexible to manage, slow to change and expensive to operate. After evaluating a range of possible solutions, we were impressed with the flexibility and unobtrusiveness of CallGuard. We chose Callguard for their PCI DSS level one credentials, wide experience and pragmatic approach."
Julian Bond, Head of ICT, Hillarys