[Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?

Elliott Vogel elliott at zoogmedia.com
Mon Dec 19 23:14:16 MSK 2011


I think if you could get a mpls line from one of the big three and have them termite voice over it that would be PCI compliant but I bet this will cost more than getting a PRI. Another option would be seeing if someone would be will to encoding traffic and would sell you a few channels but I bet the cost per channel could be high - we estimate our cost to be around 39.00 per channel per month plus the per minute rate of .007 local and .035 for 800. I may be able to help you, email me off line.


From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Avi Marcus
Sent: Monday, December 19, 2011 1:34 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?

Encrypting yourself only helps if you have a T1/BRI whatever private link to the telco. I don't.. what are my options?
-Avi

On Mon, Dec 19, 2011 at 9:28 PM, Elliott Vogel <elliott at zoogmedia.com<mailto:elliott at zoogmedia.com>> wrote:
I haven't seen a company yet and I have searched - none of the big origination providers do and many of the smaller ones use the big providers - we are force to do our own encoding

From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org>] On Behalf Of Avi Marcus
Sent: Monday, December 19, 2011 12:03 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?

So is there a provider for USA who takes T1 and encrypts it, so I can buy origination from them?

-Avi

On Mon, Dec 19, 2011 at 7:39 PM, Elliott Vogel <elliott at zoogmedia.com<mailto:elliott at zoogmedia.com>> wrote:
Well, I have worked a lot with PCI compliance in the past and I don't think you can meet the requirements of encryption if you're not doing encoding yourself because most voip service providers aren't encrypting the calls.  Also dtmf has the same for requirements and for T1 not being encrypted this is true but because the network is considered secured(funny)/private it's doesn't need to be - now if you would encapsulate t1 traffic to send it over the internet without encrypting it this would be unsecured.

From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org>] On Behalf Of Avi Marcus
Sent: Monday, December 19, 2011 5:52 AM
To: FreeSWITCH Users Help
Subject: [Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?

I'm planning on an IVR to accept credit card information for signing up and renewal of my services.
Regarding fraud, I'm going to require at minimum a recording of name, who they are, or something or an actual live call.

But for PCI compliance.. this says https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf on page 9:
Call centers will need to ensure that transmission of cardholder data across public networks is encrypted.
This is part of PCI DSS Requirement 4 and includes:

  *   ...

  *   Voice or data streams over Voice over IP (VoIP) telephone systems, whenever sent over an open or public network. Note that only those consumer or enterprise VoIP systems that provide strong cryptography should be used.

  *   Requiring agents to use analog telephone lines when a VoIP telephone system does not provide strong cryptography.
I'm doing dtmf, not voice, but I can't imagine that's LESS strict.

I haven't really heard of any end-to-end encrypted origination lines. Is this guideline ignored? How do people deal with this? Does someone have T1 lines and offers encryption for origination...?

-Avi Marcus

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111219/33f245c8/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list