[Asterisk-biz] RE: VISA - MC - Fraud
snacktime
snacktime at gmail.com
Sun Jun 19 15:03:27 MST 2005
>
> Why not doing something easier
> Just for example making a blacklist-e164.org domain and putting
> the offending numbers with a redirection to nowhere for example
> As like RBLS's for emails
> So anybody can use it
Just so people know. You can't run a service like that where you
store cardholder related data (and that includes a hash of the card
number) without being a registered third pary provider with Visa.
That entails going through a security audit once a year done by an
approved auditing company, and of course having a network that meets
the criteria. It's not cheap and it takes a considerable amount of
time. For us, the biggest thing was all the written policies and
documentation they require, but if you don't have the network in place
that will be a considerable cost also. Two factor authentication is
required for local and remote admin access, data backups have to be
made at regular intervals and archived off site, etc..
Chris
More information about the asterisk-biz
mailing list