[VoiceOps] PCI Compliance and VoIP
Carlos Alcantar
carlos at race.com
Thu Oct 20 02:25:32 EDT 2011
Whats really sad about all this is we can make everything as secure as
possible using what ever transport method we can think of. But 99% of the
fraud is going to come from an employee that has access to the data.
Carlos Alcantar
Race Communications / Race Team Member
101 Haskins Way, So. San Francisco, CA. 94080
Phone: +1 415 376 3314 Fax: +1 650 246 8901 / carlos *at* race.com /
www.race.com
On 10/19/11 5:49 PM, "Jimmy Hess" <mysidia at gmail.com> wrote:
>On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote:
>
>That doesn't really "cover" the internet... it just mentions the
>internet. "11.1 If the payment application ... the payment application
>must support use of strong cryptography and security protocols".
>
>This would mean that the payment application software has to support
>encryption of data before emitting it over any public network, that's
>entirely agnostic to the nature of the transport, whether it be radio
>broadcasts, US mail, or carrier pigeons, the application has to
>encrypt the message, no matter whether the message is transmitted
>packetized as PCM over a series of IP packets, analog audio signals,
>a .WAV file attached to an e-mail, or printed on punch cards for
>snail mail.
>
>Modern payment applications don't normally utilize voice (or punch
>cards), however.....
>
>
>> This PCI requirement covers the entire Internet, regardless of protocol:
>> ##
>> 11.1 If the payment application sends, or
>> facilitates sending, cardholder data over public
>> networks, the payment application must support
>> use of strong cryptography and security protocols
>[snip]
>
>--
>-JH
>_______________________________________________
>VoiceOps mailing list
>VoiceOps at voiceops.org
>https://puck.nether.net/mailman/listinfo/voiceops
>
More information about the VoiceOps
mailing list