[asterisk-biz] PCI Compliance for Credit Cards Over the Phone - how?
Alex Balashov
abalashov at evaristesys.com
Mon Dec 19 06:26:29 CST 2011
On 12/19/2011 06:54 AM, Avi Marcus wrote:
> I haven't really heard of any end-to-end encrypted origination
> lines. Is this guideline ignored? How do people deal with this?
> Does someone have T1 lines and offers encryption for
> origination...?
It's a can of worms, and there are a myriad of answers. The
acceptableness of many of the possible answers to PCI auditors,
despite their technical viability, is uncertain.
1. Dedicated end-to-end TDM circuits fall within the traditional
guidelines, as do dedicated point-to-point data circuits.
2. Some VoIP origination providers will deliver the traffic to you via
various inter-site VPN technologies, both for signaling and bearer.
3. SIP with TLS transport, and ZRTP+SRTP for voice.
--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
More information about the asterisk-biz
mailing list