[asterisk-biz] PCI Compliance for Credit Cards Over the Phone - how?
Avi Marcus
Avi at GetBestFone.com
Mon Dec 19 07:15:26 CST 2011
Alex, the usual use-case for business use is PSTN -> SIP.. so it hits BOTH
networks.
Unless there's peering extremely high up and both ends are on voip phones
so it never hits the PSTN, though.. but you can't count on that being the
case.
-Avi Marcus
BestFone
On Mon, Dec 19, 2011 at 3:09 PM, Alex Balashov <abalashov at evaristesys.com>wrote:
> On 12/19/2011 07:56 AM, Avi Marcus wrote:
>
> Ah I forgot that SIP INFO for DTMF and TLS would be enough... but
>> maybe not for the guidelines..
>>
>
> The guidelines suffer from a severe lack of precision, and general lack of
> awareness of the variety of implementational possibilities.
>
>
> And yes, it's possible to con/bribe/hack the telco's.. but since the
>> calls are going over the PSTN anyway, you remove the entire "public"
>> part of the call from being open. I presume it's at least better if
>> that's the only opening..
>>
>
> Yes, but my argument was that the PSTN part is not so materially less
> "public". :-) Another thing to consider is that the technology to tap
> traditional PSTN circuits has been around for decades; the options are
> both more better-established and "low-tech".
>
> As I always tell people, if I had something to hide and knew that someone
> was looking to wiretap me, I would take my chances with an unencrypted VoIP
> call over the public Internet any day over the PSTN. Techniques for
> tapping the PSTN are just so much more well-understood and established.
> That's kind of a "security by obscurity" argument, owing to the relative
> newness of VoIP, but still. The average private investigator for hire can
> tap analog lines, and probably even PRIs. I don't have the sense that they
> can (yet?) take for granted tapping IP conversations. Also, the
> architecture of the PSTN is inherently much more centralised; the tap
> points are much more well-defined and concentrated, and far more static.
>
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 260 Peachtree Street NW
> Suite 2200
> Atlanta, GA 30303
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/
>
> --
> ______________________________**______________________________**_________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/**mailman/listinfo/asterisk-biz<http://lists.digium.com/mailman/listinfo/asterisk-biz>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-biz/attachments/20111219/b21bcdfd/attachment-0001.htm>
More information about the asterisk-biz
mailing list