[Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?

Avi Marcus avi at avimarcus.net
Mon Dec 19 21:03:27 MSK 2011


So is there a provider for USA who takes T1 and encrypts it, so I can buy
origination from them?

-Avi


On Mon, Dec 19, 2011 at 7:39 PM, Elliott Vogel <elliott at zoogmedia.com>wrote:

>  Well, I have worked a lot with PCI compliance in the past and I don’t
> think you can meet the requirements of encryption if you’re not doing
> encoding yourself because most voip service providers aren’t encrypting the
> calls.  Also dtmf has the same for requirements and for T1 not being
> encrypted this is true but because the network is considered
> secured(funny)/private it’s doesn’t need to be – now if you would
> encapsulate t1 traffic to send it over the internet without encrypting it
> this would be unsecured.****
>
> ** **
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Avi Marcus
> *Sent:* Monday, December 19, 2011 5:52 AM
> *To:* FreeSWITCH Users Help
> *Subject:* [Freeswitch-users] PCI Compliance Over Telephone for Credit
> Cards- how?****
>
> ** **
>
> I'm planning on an IVR to accept credit card information for signing up
> and renewal of my services.****
>
> Regarding fraud, I'm going to require at minimum a recording of name, who
> they are, or something or an actual live call.****
>
> ** **
>
> But for PCI compliance.. this says
> https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf on
> page 9:****
>
> Call centers will need to ensure that transmission of cardholder data
> across public networks is encrypted.
> This is part of PCI DSS Requirement 4 and includes:****
>
>    - ...****
>
>
>    - *Voice or data streams over Voice over IP (VoIP) telephone
>    systems, whenever sent over an open or public network. Note that only
>    those consumer or enterprise VoIP systems that provide strong
>    cryptography should be used. *****
>
>
>    - Requiring agents to use analog telephone lines when a VoIP
>    telephone system does not provide strong cryptography.****
>
>   I'm doing dtmf, not voice, but I can't imagine that's LESS strict.****
>
> ** **
>
> I haven't really heard of any end-to-end encrypted origination lines. Is
> this guideline ignored? How do people deal with this? Does someone have T1
> lines and offers encryption for origination...?****
>
>
> ****
>
> -Avi Marcus****
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111219/1f6003f2/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list