Whats really sad about all this is we can make everything as secure as possible using what ever transport method we can think of. But 99% of the fraud is going to come from an employee that has access to the data. Carlos Alcantar Race Communications / Race Team Member 101 Haskins Way, So. San Francisco, CA. 94080 Phone: +1 415 376 3314 Fax: +1 650 246 8901 / carlos *at* race.com / www.race.com On 10/19/11 5:49 PM, "Jimmy Hess" <mysidia at gmail.com> wrote:
On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote:
That doesn't really "cover" the internet... it just mentions the internet. "11.1 If the payment application ... the payment application must support use of strong cryptography and security protocols".
This would mean that the payment application software has to support encryption of data before emitting it over any public network, that's entirely agnostic to the nature of the transport, whether it be radio broadcasts, US mail, or carrier pigeons, the application has to encrypt the message, no matter whether the message is transmitted packetized as PCM over a series of IP packets, analog audio signals, a .WAV file attached to an e-mail, or printed on punch cards for snail mail.
Modern payment applications don't normally utilize voice (or punch cards), however.....
This PCI requirement covers the entire Internet, regardless of protocol: ## 11.1 If the payment application sends, or facilitates sending, cardholder data over public networks, the payment application must support use of strong cryptography and security protocols [snip]
-- -JH _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops