Heloo You need TLS service in asterisk and your clients, but only few ip gatewais do it.
Regards On Dec 19, 2011 6:55 AM, "Avi Marcus" <[email protected]> wrote: > I'm planning on an IVR to accept credit card information for signing up > and renewal of my services. > Regarding fraud, I'm going to require at minimum a recording of name, who > they are, or something or an actual live call. > > But for PCI compliance.. this says > https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf > on > page 9: > >> Call centers will need to ensure that transmission of cardholder data >> across public networks is encrypted. >> This is part of PCI DSS Requirement 4 and includes: >> >> - ... >> >> >> - *Voice or data streams over Voice over IP (VoIP) telephone >> systems, whenever sent over an open or public network. Note that only >> those consumer or enterprise VoIP systems that provide strong >> cryptography should be used. * >> >> >> - Requiring agents to use analog telephone lines when a VoIP >> telephone system does not provide strong cryptography. >> >> I'm doing dtmf, not voice, but I can't imagine that's LESS strict. > > I haven't really heard of any end-to-end encrypted origination lines. Is > this guideline ignored? How do people deal with this? Does someone have T1 > lines and offers encryption for origination...? > > I would mostly need this in USA and Israel.. > > -Avi Marcus > BestFone > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
