[VoiceOps] PCI Compliance and VoIP

Carlos Alcantar carlos at race.com
Thu Oct 20 02:25:32 EDT 2011


Whats really sad about all this is we can make everything as secure as
possible using what ever transport method we can think of.  But 99% of the
fraud is going to come from an employee that has access to the data.

Carlos Alcantar
Race Communications / Race Team Member
101 Haskins Way, So. San Francisco, CA. 94080
Phone: +1 415 376 3314  Fax:  +1 650 246 8901 / carlos *at* race.com /
www.race.com 





On 10/19/11 5:49 PM, "Jimmy Hess" <mysidia at gmail.com> wrote:

>On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote:
>
>That doesn't really "cover" the internet... it just mentions the
>internet. "11.1 If the payment application ... the payment application
>must support use of strong cryptography and security protocols".
>
>This would mean that the payment application software has to support
>encryption of data before emitting it over any public network,  that's
>entirely agnostic to the nature of the transport, whether it be radio
>broadcasts, US mail, or carrier pigeons,   the application has to
>encrypt the message,  no matter whether the message is transmitted
>packetized as PCM over a series of IP packets,  analog audio signals,
>a .WAV file attached to an e-mail,  or printed on punch cards  for
>snail mail.
>
>Modern payment applications don't normally utilize voice  (or punch
>cards), however.....
>
>
>> This PCI requirement covers the entire Internet, regardless of protocol:
>> ##
>> 11.1 If the payment application sends, or
>> facilitates sending, cardholder data over public
>> networks, the payment application must support
>> use of strong cryptography and security protocols
>[snip]
>
>--
>-JH
>_______________________________________________
>VoiceOps mailing list
>VoiceOps at voiceops.org
>https://puck.nether.net/mailman/listinfo/voiceops
>




More information about the VoiceOps mailing list