I'm in the same boat as you - and PCI compliance from the voice side (call) never crossed my mind
Sent from my iPhone 4S On Dec 19, 2011, at 6:54 AM, Avi Marcus <[email protected]> wrote: > I'm planning on an IVR to accept credit card information for signing up and > renewal of my services. > Regarding fraud, I'm going to require at minimum a recording of name, who > they are, or something or an actual live call. > > But for PCI compliance.. this says > https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf > on page 9: > Call centers will need to ensure that transmission of cardholder data across > public networks is encrypted. > This is part of PCI DSS Requirement 4 and includes: > ... > Voice or data streams over Voice over IP (VoIP) telephone systems, whenever > sent over an open or public network. Note that only those consumer or > enterprise VoIP systems that provide strong cryptography should be used. > Requiring agents to use analog telephone lines when a VoIP telephone system > does not provide strong cryptography. > I'm doing dtmf, not voice, but I can't imagine that's LESS strict. > > I haven't really heard of any end-to-end encrypted origination lines. Is this > guideline ignored? How do people deal with this? Does someone have T1 lines > and offers encryption for origination...? > > I would mostly need this in USA and Israel.. > > -Avi Marcus > BestFone > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
