Background

 Dedicated to connecting people and enriching how they work and live, Consolidated Communications is an American broadband and telecommunications provider headquartered in Mattoon, Illinois. The company provides data, internet, voice, and cloud services to business customers and internet, TV, phone and home security services to residential customers. Founded in 1894, today the company serves customers in 20+ states and is one of the Top 10 largest fibre providers in the US. 

Challenge

 Believing that data security and privacy is the foundation of responsible business, Consolidated Communications takes its obligations seriously when it comes to safeguarding its customers’ personally identifiable information. Which is why, almost a decade ago, it decided to deploy a robust new approach to taking payments over the telephone. 

In addition to ensuring that phone transactions handled by its contact centres were conducted in a consistent and highly secure way, Consolidated Communications was determined to simplify and reduce its scope for Payment Card Industry Data Security Standard (PCI DSS) compliance. 

“By ensuring our primary operational infrastructure was not directly involved in the payment process, we’d be able to better protect our own network from potential intrusions and security threats that would put critical resources and services at risk,” explains Robert Dempsey, Director of IT Application Development at Consolidated Communications. 

Following in-depth discussions with the company’s far sighted external QSA, the team at Consolidated Communications turned to Semafone to help reduce its risk and PCI DSS compliance costs. 

“PCI DSS compliance is an absolute must for us. In fact, we were one of the first companies in the US to proactively address the issue of taking payment securely over the phone by introducing an added security layer that prevents the exposure of sensitive data to our systems,” says Cindy Witto, Senior Director of Customer Collections and Remittance. 

The Solution

 Removing the burden of time consuming and manual processes around consumer data protection, regulatory compliance and security, Semafone’s Cardprotect Voice+ solution keeps Consolidated Communications’ contact centre, and everything associated with it, out of scope for PCI DSS compliance. 

 Semafone’s technology ensures cardholder data never enters our call centre IT systems. As well as delivering continuous protection for the contact centre itself, Semafone protects our VoIP network and wider network infrastructure. It also dramatically reduces the risk of payment card data breaches – since no data enters our systems, there is nothing there to steal.

Robert Dempsey – Director of IT Application Development, Consolidated Communications

Initially, Consolidated Communications implemented an on-premises solution before making the move to a highly scalable cloud hosted solution that has further streamlined and simplified compliance with PCI DSS. 

“Offloading more of our infrastructure and contact centre network architecture to Semafone in the cloud has streamlined the administration and effort required to complete our annual PCI DSS compliance documentation,” confirms Robert. 

Featuring patented dual-tone multi-frequency (DTMF) masking technology, Semafone’s Cardprotect Voice+ solution ensures sensitive card data is never exposed to customer service agents or captured on call recordings. Customers simply use their telephone keypads to enter their payment card details, which are then encrypted and routed directly to a payment service provider (PSP). Fully integrated with the company’s own web-hosted payment app, which links to three major billing systems, the solution handles debit and credit card payments alongside ACH payments. 

Currently utilised by around 60 designated agents responsible for handling incoming phone payments at its contact centres in Minnesota, Texas and California, Semafone’s solution has enabled Consolidated Communications to continue to securely serve those customers unable or unwilling to use other channels when making a payment. 

The Results

When the coronavirus epidemic hit, Consolidated Communications had to rapidly initiate a distributed work-from-home model for all its contact centre operations. 

Being able to offer a secure telephone payment service meant we could continue to support the needs of every customer – including the elderly and those who are not so tech savvy

Cindy Witto – Senior Director of Customer Collections and Remittance, Consolidated Communications

The remote working programme has proved successful, further enabling Consolidated Communications’ plans to continue operating a hybrid and distributed workplace model into the future. 

Initiating Semafone’s Cardprotect Voice+ has also enabled Consolidated Communications to pursue a highly effective QM programme designed to continually elevate the customer experience. 

Semafone’s solution enables us to undertake call recordings for QA monitoring and training purposes and at the same time be PCI DSS compliant, as cardholder data is not captured, stored, or transmitted by our systems

Cindy Witto

As one of the first US companies to deploy a DTMF masking solution that both protects customer payment data and makes it easy to maintain PCI DSS compliance, Consolidated Communications has proved its resolve to be a security trailblazer in more ways than one. 

“Almost a decade ago, few companies in the US could have predicted how important it would be to address the challenging and costly issue of compliance for telephone payments. Semafone has made it easier for us to comply with PCI DSS and protect customers, while delivering impressive operational flexibility,” concludes Cindy.

Consolidated Communications
Semafone