<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Avi,<br>
<br>
You have not many options.<br>
<br>
Firtst, tell us about your architecture. <br>
<br>
Second, about TDM, there is some options but it when you use T1/E1
to transmit data; but for voice, perhaps, the only option is: no
encryption. For voice, like mobile and fix phones, the technology
used, it does not offer a way to do it. Exist mechanism to use
tuneling and some security between sites when a private link between
premises are used but it is basically use a T1/E1 data to transport
voice, and it depend on equipments and providers.<br>
<br>
Third, if you have a VoIP provider, there is some options like as
mention before: TLS, SRTP and SIPS. <br>
<br>
Fourth, You have to worried when you have the call in your control,
"surfing" in your IVR and start to manage sensible data (PIN,
account numbers, login, passwords, etc). How to encrypt/decrypt them
as long the call exist: you need to use sensible data with other
systems inside and outside of your organization.<br>
<br>
<br>
<br>
On 12/19/2011 3:04 PM, Avi Marcus wrote:
<blockquote
cite="mid:CALNZuwk5gKOGoQn+9gTD0uybCcxPvL852BjYztAETvuoPzx6Rg@mail.gmail.com"
type="cite">
<div dir="ltr">Encrypting yourself only helps if you have a T1/BRI
whatever private link to the telco. I don't.. what are my
options?<br clear="all">
<div dir="ltr"><span
style="font-family:Verdana,Arial,Helvetica,sans-serif"><span
style="font-size:small">-Avi</span><br>
</span></div>
<br>
<div class="gmail_quote">On Mon, Dec 19, 2011 at 9:28 PM,
Elliott Vogel <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:elliott@zoogmedia.com">elliott@zoogmedia.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
haven’t seen a company yet and I have searched –
none of the big origination providers do and many of
the smaller ones use the big providers – we are
force to do our own encoding</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:freeswitch-users-bounces@lists.freeswitch.org"
target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>
[mailto:<a moz-do-not-send="true"
href="mailto:freeswitch-users-bounces@lists.freeswitch.org"
target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>]
<b>On Behalf Of </b>Avi Marcus<br>
<b>Sent:</b> Monday, December 19, 2011 12:03 PM<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> Re: [Freeswitch-users] PCI
Compliance Over Telephone for Credit Cards- how?</span></p>
<div>
<div class="h5">
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">So is there a provider for
USA who takes T1 and encrypts it, so I can buy
origination from them?</p>
<div>
<p class="MsoNormal"><br clear="all">
</p>
<div>
<p class="MsoNormal"><span
style="font-family:"Verdana","sans-serif"">-Avi</span></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On Mon, Dec 19, 2011 at
7:39 PM, Elliott Vogel <<a
moz-do-not-send="true"
href="mailto:elliott@zoogmedia.com"
target="_blank">elliott@zoogmedia.com</a>>
wrote:</p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Well,
I have worked a lot with PCI
compliance in the past and I don’t
think you can meet the requirements of
encryption if you’re not doing
encoding yourself because most voip
service providers aren’t encrypting
the calls. Also dtmf has the same for
requirements and for T1 not being
encrypted this is true but because the
network is considered
secured(funny)/private it’s doesn’t
need to be – now if you would
encapsulate t1 traffic to send it over
the internet without encrypting it
this would be unsecured.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:freeswitch-users-bounces@lists.freeswitch.org"
target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>
[mailto:<a moz-do-not-send="true"
href="mailto:freeswitch-users-bounces@lists.freeswitch.org"
target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>]
<b>On Behalf Of </b>Avi Marcus<br>
<b>Sent:</b> Monday, December 19, 2011
5:52 AM<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> [Freeswitch-users] PCI
Compliance Over Telephone for Credit
Cards- how?</span></p>
<div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<p class="MsoNormal">I'm
planning on an IVR to accept
credit card information for
signing up and renewal of my
services.</p>
</div>
<div>
<p class="MsoNormal">Regarding
fraud, I'm going to require at
minimum a recording of name,
who they are, or something or
an actual live call.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">But for PCI
compliance.. this says
<a moz-do-not-send="true"
href="https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf"
target="_blank">
https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf</a> on
page 9:</p>
</div>
<blockquote
style="border:none;border-left:solid
#cccccc 1.0pt;padding:0in 0in
0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal">Call
centers will need to ensure
that transmission of
cardholder data across public
networks is encrypted.<br>
This is part of PCI DSS
Requirement 4 and includes:</p>
<ul type="disc">
<li class="MsoNormal">
...</li>
</ul>
<ul type="disc">
<li class="MsoNormal">
<b>Voice or data streams
over Voice over IP (VoIP)
telephone
systems, whenever sent
over an open or public
network. Note that only
those consumer or
enterprise VoIP systems
that provide strong
cryptography should be
used. </b></li>
</ul>
<ul type="disc">
<li class="MsoNormal">
Requiring agents to use
analog telephone lines when
a VoIP telephone system does
not provide strong
cryptography.</li>
</ul>
</blockquote>
</div>
<div>
<p class="MsoNormal">I'm doing
dtmf, not voice, but I can't
imagine that's LESS strict.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I haven't
really heard of any end-to-end
encrypted origination lines. Is
this guideline ignored? How do
people deal with this? Does
someone have T1 lines and offers
encryption for origination...?</p>
</div>
<p class="MsoNormal"><br clear="all">
</p>
<div>
<p class="MsoNormal"><span
style="font-family:"Verdana","sans-serif"">-Avi
Marcus</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org"
target="_blank">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com"
target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a moz-do-not-send="true"
href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a moz-do-not-send="true" href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<p class="" avgcert""="" color="#000000" align="left">No virus
found in this message.<br>
Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com">www.avg.com</a><br>
Version: 2012.0.1890 / Virus Database: 2108/4690 - Release Date:
12/19/11</p>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
Atentamente,
<br>
<b>Dario García</b>
<br>
Consultor.
<br>
<br>
CCCT, Nivel C2, Sector Yarey, Mz, <br>
Ofc. MZ03a. <br>
Caracas-Venezuela.
<br>
Teléfono: +58 212 9081842
<br>
Cel: +58 412 2221515
<br>
<a class="moz-txt-link-abbreviated" href="mailto:dgarcia@anew.com.ve">dgarcia@anew.com.ve</a>
<br>
<a class="moz-txt-link-freetext" href="http://www.anew.com.ve">http://www.anew.com.ve</a></div>
</body>
</html>