I am wondering what you folks out there do when a customer needs their voice service providers to be PCI compliant.? We use many ITSPs over the public internet and it doesn?t seem that any of them support any type of SRTP.? Do we need to step back and go TDM to our ULC for ?secure? customers?? Anyone know of any good inbound/outbound ITSP that is PCI compliant AND supports SRTP over the public network?
One way to approach the issue would be to work with the customer on the actual requirements. PCI does not specifically identify a requirement that brings voice service into scope. I believe that any interpretation that would bring voice telecommunications into scope would end up applying to TDM, just as they would to VoIP. -jbn Justin B Newman