[Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?
Avi Marcus
avi at avimarcus.net
Mon Dec 19 14:52:29 MSK 2011
I'm planning on an IVR to accept credit card information for signing up and
renewal of my services.
Regarding fraud, I'm going to require at minimum a recording of name, who
they are, or something or an actual live call.
But for PCI compliance.. this says
https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf
on
page 9:
Call centers will need to ensure that transmission of cardholder data
> across public networks is encrypted.
> This is part of PCI DSS Requirement 4 and includes:
>
> - ...
>
>
> - *Voice or data streams over Voice over IP (VoIP) telephone
> systems, whenever sent over an open or public network. Note that only
> those consumer or enterprise VoIP systems that provide strong
> cryptography should be used. *
>
>
> - Requiring agents to use analog telephone lines when a VoIP
> telephone system does not provide strong cryptography.
>
> I'm doing dtmf, not voice, but I can't imagine that's LESS strict.
I haven't really heard of any end-to-end encrypted origination lines. Is
this guideline ignored? How do people deal with this? Does someone have T1
lines and offers encryption for origination...?
-Avi Marcus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111219/59878ef3/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list