On 10/20/11 6:07 AM, Hiers, David wrote:
I've no doubt that they are correct; card information encapsulated in a codec needs to be encrypted over unsecure networks, which includes the Internet.
We can safely assume that they are in contact with the PCI standards people, and getting advice from other PCI compliant entities.
But is not the analog/TDM PSTN also a public, insecure, unencrypted network? What's more difficult, tapping an analog phone line with a simple recorder coupler from Rat Shack or intercepting a specific RTP stream over a random route mixed in with gigabytes of pornography and other assorted cruft? It boggles how people who think nothing about using cordless phones are so paranoid about VoIP security over the Internet. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV