[Asterisk-biz] RE: VISA - MC - Fraud

[snacktime]

> 
> Why not doing something easier
> Just for example making a blacklist-e164.org domain and putting
> the offending numbers with a redirection to nowhere for example
> As like RBLS's for emails
> So anybody can use it

Just so people know.  You can't run a service like that where you
store cardholder related data (and that includes a hash of the card
number) without being a registered third pary provider with Visa. 
That entails going through a security audit once a year done by an
approved auditing company, and of course having a network that meets
the criteria.  It's not cheap and it takes a considerable amount of
time.  For us, the biggest thing was all the written policies and
documentation they require, but if you don't have the network in place
that will be a considerable cost also.  Two factor authentication is
required for local and remote admin access, data backups have to be
made at regular intervals and archived off site, etc..

Chris