[VoiceOps] PCI Compliance and VoIP

Hiers, David David_Hiers at adp.com
Thu Oct 20 09:07:49 EDT 2011 

I've no doubt that they are correct; card information encapsulated in a codec needs to be encrypted over unsecure networks, which includes the Internet.

We can safely assume that they are in contact with the PCI standards people, and getting advice from other PCI compliant entities. 

David Hiers

CCIE (R/S, V), CISSP
ADP Dealer Services
2525 SW 1st Ave.
Suite 300W
Portland, OR 97201
o: 503-205-4467
f: 503-402-3277

###Please note my email address is changing: 
###from David_Hiers at adp.com 
###  to David.Hiers at adp.com


-----Original Message-----
From: Geoffrey Mina [mailto:gmina at connectfirst.com] 
Sent: Wednesday, October 19, 2011 4:43 PM
To: Justin B Newman
Cc: Hiers, David (DS); voiceops at voiceops.org
Subject: Re: [VoiceOps] PCI Compliance and VoIP

That's the example scenario I'm working on.  We are public internet to our itsp. There are call center agents on our network taking CC info on the phone. They are claiming that for pci 1 they can't use a service like ours. 

Geoff Mina
CTO/Co-Founder
Connect First Inc.
720.335.5924
888.410.3071
gmina at ConnectFirst.com

Sent from my iPhone

On Oct 19, 2011, at 5:35 PM, Justin B Newman <justin at ejtown.org> wrote:

>> 11.1 If the payment application sends, or> facilitates sending, 
>> cardholder data over public> networks, the payment application must 
>> support
> On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote:
>> This PCI requirement covers the entire Internet, regardless of protocol:
>> 
> 
> It covers the Internet when _payment applications_ are facilitating 
> sending cardholder data. While I can identify ways this would apply, I 
> wouldn't see this applying (as an example) to VoIP lines running to a 
> call center, where the operators key in cardholder data to a payment 
> applications.
> 
> -jbn



This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.

More information about the VoiceOps mailing list