Educause Security Discussion mailing list archives
PCI & VOIP Soft Phones
From: Bob Henry <bhenry () BOISESTATE EDU>
Date: Wed, 23 May 2012 15:30:22 -0600
We have a request to assist in setting up a call center that will solicit contributions and accept payment with credit cards. The group wants to use soft phones on the PC's where they will be also be entering CC information in order to spend less than it would cost for hardware phones. The PC's are clearly in-scope for PCI and my gut says having the soft phone on the PC brings our VOIP system into scope for PCI compliance which is a nightmare. My strong recommendation is for the group to use a hardware phone which is not on the CC VLAN. Does anyone have any experience or wise words on the topic? Thanks, Bob Robert Henry, CISSP ISO & Director of Information Security Services Acting Director, OIT Development Services Boise State University 208-426-5701 bhenry () boisestate edu http://oit.boisestate.edu/security
Current thread:
- PCI & VOIP Soft Phones Bob Henry (May 23)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)
- Re: PCI & VOIP Soft Phones John Ladwig (May 24)
- Re: PCI & VOIP Soft Phones Dave Koontz (May 23)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)
- Re: PCI & VOIP Soft Phones Davis, Thomas R (May 24)
- Re: PCI & VOIP Soft Phones Brad Judy (May 24)
- Re: PCI & VOIP Soft Phones Mike Leach (May 24)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)