<div dir="ltr">So is there a provider for USA who takes T1 and encrypts it, so I can buy origination from them?<div><br clear="all"><div dir="ltr"><span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi</span><br>
</span></div>
<br><br><div class="gmail_quote">On Mon, Dec 19, 2011 at 7:39 PM, Elliott Vogel <span dir="ltr"><<a href="mailto:elliott@zoogmedia.com">elliott@zoogmedia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Well, I have worked a lot with PCI compliance in the past and I don’t think you can meet the requirements of encryption if you’re not doing encoding yourself
because most voip service providers aren’t encrypting the calls. Also dtmf has the same for requirements and for T1 not being encrypted this is true but because the network is considered secured(funny)/private it’s doesn’t need to be – now if you would encapsulate
t1 traffic to send it over the internet without encrypting it this would be unsecured.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a> [mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>]
<b>On Behalf Of </b>Avi Marcus<br>
<b>Sent:</b> Monday, December 19, 2011 5:52 AM<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> [Freeswitch-users] PCI Compliance Over Telephone for Credit Cards- how?<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">I'm planning on an IVR to accept credit card information for signing up and renewal of my services.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Regarding fraud, I'm going to require at minimum a recording of name, who they are, or something or an actual live call.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">But for PCI compliance.. this says <a href="https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf" target="_blank">
https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf</a> on page 9:<u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">Call centers will need to ensure that transmission of cardholder data across public networks is encrypted.<br>
This is part of PCI DSS Requirement 4 and includes:<u></u><u></u></p>
<ul type="disc">
<li class="MsoNormal">
...<u></u><u></u></li></ul>
<ul type="disc">
<li class="MsoNormal">
<b>Voice or data streams over Voice over IP (VoIP) telephone systems, whenever sent over an open or public network. Note that only those consumer or enterprise VoIP systems that provide strong cryptography should be used. </b><u></u><u></u></li>
</ul>
<ul type="disc">
<li class="MsoNormal">
Requiring agents to use analog telephone lines when a VoIP telephone system does not provide strong cryptography.<u></u><u></u></li></ul>
</blockquote>
</div>
<div>
<p class="MsoNormal">I'm doing dtmf, not voice, but I can't imagine that's LESS strict.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I haven't really heard of any end-to-end encrypted origination lines. Is this guideline ignored? How do people deal with this? Does someone have T1 lines and offers encryption for origination...?<u></u><u></u></p>
</div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-family:"Verdana","sans-serif"">-Avi Marcus</span><u></u><u></u></p>
</div>
</div>
</div></div></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div>