[Asterisk-biz] RE: VISA - MC - Fraud
Michael Welter
mike at introspect.com
Sun Jun 19 19:12:21 MST 2005
snacktime wrote:
>>Why not doing something easier
>>Just for example making a blacklist-e164.org domain and putting
>>the offending numbers with a redirection to nowhere for example
>>As like RBLS's for emails
>>So anybody can use it
>
>
> Just so people know. You can't run a service like that where you
> store cardholder related data (and that includes a hash of the card
> number) without being a registered third pary provider with Visa.
> That entails going through a security audit once a year done by an
> approved auditing company, and of course having a network that meets
> the criteria. It's not cheap and it takes a considerable amount of
> time. For us, the biggest thing was all the written policies and
> documentation they require, but if you don't have the network in place
> that will be a considerable cost also. Two factor authentication is
> required for local and remote admin access, data backups have to be
> made at regular intervals and archived off site, etc..
>
> Chris
> _______________________________________________
> Asterisk-Biz mailing list
> Asterisk-Biz at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
Who said we need Visa's permission to do this?
More information about the asterisk-biz
mailing list