I'm planning on an IVR to accept credit card information for signing up and renewal of my services. Regarding fraud, I'm going to require at minimum a recording of name, who they are, or something or an actual live call.
But for PCI compliance.. this says https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf on page 9: Call centers will need to ensure that transmission of cardholder data > across public networks is encrypted. > This is part of PCI DSS Requirement 4 and includes: > > - ... > > > - *Voice or data streams over Voice over IP (VoIP) telephone > systems, whenever sent over an open or public network. Note that only > those consumer or enterprise VoIP systems that provide strong > cryptography should be used. * > > > - Requiring agents to use analog telephone lines when a VoIP > telephone system does not provide strong cryptography. > > I'm doing dtmf, not voice, but I can't imagine that's LESS strict. I haven't really heard of any end-to-end encrypted origination lines. Is this guideline ignored? How do people deal with this? Does someone have T1 lines and offers encryption for origination...? I would mostly need this in USA and Israel.. -Avi Marcus BestFone
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
