I've no doubt that they are correct; card information encapsulated in a codec needs to be encrypted over unsecure networks, which includes the Internet. We can safely assume that they are in contact with the PCI standards people, and getting advice from other PCI compliant entities. David Hiers CCIE (R/S, V), CISSP ADP Dealer Services 2525 SW 1st Ave. Suite 300W Portland, OR 97201 o: 503-205-4467 f: 503-402-3277 ###Please note my email address is changing: ###from David_Hiers at adp.com ### to David.Hiers at adp.com -----Original Message----- From: Geoffrey Mina [mailto:gmina at connectfirst.com] Sent: Wednesday, October 19, 2011 4:43 PM To: Justin B Newman Cc: Hiers, David (DS); voiceops at voiceops.org Subject: Re: [VoiceOps] PCI Compliance and VoIP That's the example scenario I'm working on. We are public internet to our itsp. There are call center agents on our network taking CC info on the phone. They are claiming that for pci 1 they can't use a service like ours. Geoff Mina CTO/Co-Founder Connect First Inc. 720.335.5924 888.410.3071 gmina at ConnectFirst.com Sent from my iPhone On Oct 19, 2011, at 5:35 PM, Justin B Newman <justin at ejtown.org> wrote:
11.1 If the payment application sends, or> facilitates sending, cardholder data over public> networks, the payment application must support On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote: This PCI requirement covers the entire Internet, regardless of protocol:
It covers the Internet when _payment applications_ are facilitating sending cardholder data. While I can identify ways this would apply, I wouldn't see this applying (as an example) to VoIP lines running to a call center, where the operators key in cardholder data to a payment applications.
-jbn
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.