<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
Your questin is quite difficult to answer because depend on your
country laws.<br>
<br>
About public network, I think you are concern about TDM service
(PSTN). Well, as always, some stuff are not considered by the
people who made some laws.<br>
<br>
Well, in my country customer are encouraged to deploy cross-systems.
For example, PIN number is set by internet (where you can implement
all crypting available). By phone in TDM no crypting, ( and by VoIP
you have to implement SIPS and SRTP, TLS at least) then very strong
set of questions/answer to do a positive verification of the caller.
<br>
<br>
Of course, where you have to put encryption and security is inside
of your systems, and deploy a good system control to control and
manage your sensible data.<br>
<br>
Take a look this links:<br>
<a class="moz-txt-link-freetext" href="http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:voip:tls_sips_rtps">http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:voip:tls_sips_rtps</a><br>
<br>
and<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf">http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf</a><br>
<br>
I hope this helps<br>
<br>
<br>
On 12/19/2011 7:22 AM, Avi Marcus wrote:
<blockquote
cite="mid:CALNZuwm5=R6tN+zCTW0cWRgKO4whLG2MYuZ073T+QV_nAXRntQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>I'm planning on an IVR to accept credit card information
for signing up and renewal of my services.</div>
<div>Regarding fraud, I'm going to require at minimum a
recording of name, who they are, or something or an actual
live call.</div>
<div><br>
</div>
<div>But for PCI compliance.. this says <a
moz-do-not-send="true"
href="https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf">https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf</a> on
page 9:</div>
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex"></blockquote>
</blockquote>
<blockquote class="gmail_quote"
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Call
centers will need to ensure that transmission of cardholder
data across public networks is encrypted.<br>
This is part of PCI DSS Requirement 4 and includes:
<ul>
<li>...</li>
</ul>
<ul>
<li><b>Voice or data streams over Voice over IP (VoIP)
telephone systems, whenever sent over an open or
public network. Note that only those consumer or
enterprise VoIP systems that provide strong
cryptography should be used. </b></li>
</ul>
<ul>
<li>Requiring agents to use analog telephone lines when a
VoIP telephone system does not provide strong
cryptography.</li>
</ul>
</blockquote>
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex"></blockquote>
</blockquote>
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex"></blockquote>
</blockquote>
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex"></blockquote>
</blockquote>
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote "
style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex"></blockquote>
</blockquote>
</div>
<div>I'm doing dtmf, not voice, but I can't imagine that's LESS
strict.</div>
<div><br>
</div>
<div>I haven't really heard of any end-to-end encrypted
origination lines. Is this guideline ignored? How do people
deal with this? Does someone have T1 lines and offers
encryption for origination...?</div>
<br clear="all">
<div dir="ltr"><span
style="font-family:Verdana,Arial,Helvetica,sans-serif"><span
style="font-size:small">-Avi Marcus</span><br>
</span></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<p class="" avgcert""="" color="#000000" align="left">No virus
found in this message.<br>
Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com">www.avg.com</a><br>
Version: 2012.0.1890 / Virus Database: 2108/4684 - Release Date:
12/16/11</p>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
Atentamente,
<br>
<b>Dario García</b>
<br>
Consultor.
<br>
<br>
CCCT, Nivel C2, Sector Yarey, Mz, <br>
Ofc. MZ03a. <br>
Caracas-Venezuela.
<br>
Teléfono: +58 212 9081842
<br>
Cel: +58 412 2221515
<br>
<a class="moz-txt-link-abbreviated" href="mailto:dgarcia@anew.com.ve">dgarcia@anew.com.ve</a>
<br>
<a class="moz-txt-link-freetext" href="http://www.anew.com.ve">http://www.anew.com.ve</a></div>
</body>
</html>