[VoiceOps] PCI Compliance and VoIP

Jimmy Hess mysidia at gmail.com
Wed Oct 19 20:49:37 EDT 2011


On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote:

That doesn't really "cover" the internet... it just mentions the
internet. "11.1 If the payment application ... the payment application
must support use of strong cryptography and security protocols".

This would mean that the payment application software has to support
encryption of data before emitting it over any public network,  that's
entirely agnostic to the nature of the transport, whether it be radio
broadcasts, US mail, or carrier pigeons,   the application has to
encrypt the message,  no matter whether the message is transmitted
packetized as PCM over a series of IP packets,  analog audio signals,
a .WAV file attached to an e-mail,  or printed on punch cards  for
snail mail.

Modern payment applications don't normally utilize voice  (or punch
cards), however.....


> This PCI requirement covers the entire Internet, regardless of protocol:
> ##
> 11.1 If the payment application sends, or
> facilitates sending, cardholder data over public
> networks, the payment application must support
> use of strong cryptography and security protocols
[snip]

--
-JH


More information about the VoiceOps mailing list