One of the points of all this is so that call centre agents can't
write down credit card numbers and shouldn't be trusted to hit pause
on the recording either. The customer should be transferred to an IVR
and the call recordings encrypted :-)
--
http://www.surevoip.co.uk/support/wiki/api_document
have a look at the MuteMixMonitor manager command : it mutes/unmnutes
the call recording
We use it to mute recordings when the user tabs into the CC number and
cvs fields
Julian
On 19 December 2011 15:00, Brooks Bridges wrote:
> The only vendor I'm aware of that uses VPN connectivity as a defau
The only vendor I'm aware of that uses VPN connectivity as a default for
their origination product is Verizon Business. They may not even be
doing that anymore, as it was several years ago when I last did interop
with them.
On 12/19/2011 8:58 AM, Avi Marcus wrote:
Do you know any vendor for U
Do you know any vendor for USA DIDs that has VPN for their origination, and
is serving directly off a private connection to the telco?Probably some of
the bigger ones - e.g. "PCI compliant origination". How come I've never
heard of that?
Now... any that will set up an account for low volumes..?
-
Ya the audits and questions are stupid. My current PCI audit company and I got
into a huge fight.
They wanted to audit the IP address of my office which is dynamic and not my
servers.
Their questions were worded in such a way as to trap me.
But in the end I just answered everything as a yes or no
Alex, the usual use-case for business use is PSTN -> SIP.. so it hits BOTH
networks.
Unless there's peering extremely high up and both ends are on voip phones
so it never hits the PSTN, though.. but you can't count on that being the
case.
-Avi Marcus
BestFone
On Mon, Dec 19, 2011 at 3:09 PM, A
On 12/19/2011 07:56 AM, Avi Marcus wrote:
Ah I forgot that SIP INFO for DTMF and TLS would be enough... but
maybe not for the guidelines..
The guidelines suffer from a severe lack of precision, and general
lack of awareness of the variety of implementational possibilities.
And yes, it's po
Ah I forgot that SIP INFO for DTMF and TLS would be enough... but maybe not
for the guidelines..
And yes, it's possible to con/bribe/hack the telco's.. but since the calls
are going over the PSTN anyway, you remove the entire "public" part of the
call from being open. I presume it's at least bette
Heloo
You need TLS service in asterisk and your clients, but only few ip gatewais
do it.
Regards
On Dec 19, 2011 6:55 AM, "Avi Marcus" wrote:
> I'm planning on an IVR to accept credit card information for signing up
> and renewal of my services.
> Regarding fraud, I'm going to require at minimu
You probably already know this, but there is no technical logic to the
PCI guidelines. It is not a logical process, and the requirements are
not conceived by people who really understand how technology and
workflows in voice service delivery function. And, in general, if the
auditors don't un
On 12/19/2011 07:34 AM, Avi Marcus wrote:
I'm running out of a data center w/o personal physical access, so #1
is out.
#2 or #3.. 3 is probably easier to set up?
Vendor and terminal support for SIP+TLS and S/ZRTP is pretty limited.
In my experience, #2 is the easiest to come by.
--
Alex Ba
:asterisk-biz-boun...@lists.digium.com] On Behalf Of Alex
> Balashov
> Sent: 19 December 2011 12:30
> To: asterisk-biz@lists.digium.com
> Subject: Re: [asterisk-biz] PCI Compliance for Credit Cards Over the
> Phone - how?
>
> On 12/19/2011 06:54 AM, Avi Marcus wrote:
>
> > I
On further thought, any business using VoIP has this issue just to accept
credit card information over the phone.
I'm running out of a data center w/o personal physical access, so #1 is out.
#2 or #3.. 3 is probably easier to set up?
So who has USA DIDs or TF with SRTP/ZRTP? I only need a few for
@lists.digium.com
Subject: Re: [asterisk-biz] PCI Compliance for Credit Cards Over the
Phone - how?
On 12/19/2011 06:54 AM, Avi Marcus wrote:
> I haven't really heard of any end-to-end encrypted origination lines.
> Is this guideline ignored? How do people deal with this?
> Does someone have T1 li
On 12/19/2011 06:54 AM, Avi Marcus wrote:
I haven't really heard of any end-to-end encrypted origination
lines. Is this guideline ignored? How do people deal with this?
Does someone have T1 lines and offers encryption for
origination...?
It's a can of worms, and there are a myriad of answers.
I'm in the same boat as you - and PCI compliance from the voice side (call)
never crossed my mind
Sent from my iPhone 4S
On Dec 19, 2011, at 6:54 AM, Avi Marcus wrote:
> I'm planning on an IVR to accept credit card information for signing up and
> renewal of my services.
> Regarding fraud, I'
I'm planning on an IVR to accept credit card information for signing up and
renewal of my services.
Regarding fraud, I'm going to require at minimum a recording of name, who
they are, or something or an actual live call.
But for PCI compliance.. this says
https://www.pcisecuritystandards.org/docum
17 matches
Mail list logo