<html><head></head><body bgcolor="#FFFFFF"><div>I'm in the same boat as you - and PCI compliance from the voice side (call) never crossed my mind<br><br>Sent from my iPhone 4S</div><div><br>On Dec 19, 2011, at 6:54 AM, Avi Marcus <<a href="mailto:Avi@GetBestFone.com">Avi@GetBestFone.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div><div dir="ltr"><div><div><div>I'm planning on an IVR to accept credit card information for signing up and renewal of my services.</div><div>Regarding fraud, I'm going to require at minimum a recording of name, who they are, or something or an actual live call.</div>
<div><br></div><div>But for PCI compliance.. this says <a href="https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf">https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf</a> on page 9:</div>
<blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
</blockquote></blockquote><blockquote class="gmail_quote" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Call centers will need to ensure that transmission of cardholder data across public networks is encrypted.<br>This is part of PCI DSS Requirement 4 and includes:<ul><li>...</li></ul><ul><li><b>Voice or data streams over Voice over IP (VoIP) telephone systems, whenever sent over an open or public network. Note that only those consumer or enterprise VoIP systems that provide strong cryptography should be used. </b></li>
</ul><ul><li>Requiring agents to use analog telephone lines when a VoIP telephone system does not provide strong cryptography.</li></ul></blockquote><blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
</blockquote></blockquote><blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
</blockquote></blockquote><blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
</blockquote></blockquote><blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
<blockquote class="gmail_quote " style="margin-top:0px;margin-right:0.8ex;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;border-right-width:1px;border-right-color:rgb(204,204,204);border-right-style:solid;padding-left:1ex;padding-right:1ex">
</blockquote></blockquote></div><div>I'm doing dtmf, not voice, but I can't imagine that's LESS strict.</div><div><br></div><div>I haven't really heard of any end-to-end encrypted origination lines. Is this guideline ignored? How do people deal with this? Does someone have T1 lines and offers encryption for origination...?</div>
<div><br></div><div>I would mostly need this in USA and Israel..</div><br clear="all"><div dir="ltr"><span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi Marcus</span></span></div>
</div><div dir="ltr"><font face="Verdana, Arial, Helvetica, sans-serif"><span style="font-size:small">BestFone</span><br></font></div>
</div>
</div></blockquote><blockquote type="cite"><div><span>--</span><br><span>_____________________________________________________________________</span><br><span>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com">http://www.api-digital.com</a> --</span><br><span></span><br><span>asterisk-biz mailing list</span><br><span>To UNSUBSCRIBE or update options visit:</span><br><span> <a href="http://lists.digium.com/mailman/listinfo/asterisk-biz">http://lists.digium.com/mailman/listinfo/asterisk-biz</a></span></div></blockquote></body></html>