Educause Security Discussion mailing list archives
Re: PCI & VOIP Soft Phones
From: Jeff Moore <mail () JEFFMOORE COM>
Date: Wed, 23 May 2012 15:11:18 -0700
Bob, I can't think off hand how PCI compliance might be impacted by this but I would go for hardware. I managed our institutions move from TDM to VOIP and with the experience I have had with that project and working for Siemens IC for 8 years(Manged most of Kaiser Permenente's Northwest phone systems including their main call center) I would say hardware phone. In my old fashioned opinion you just can't beat the reliability of hardware that is specifically engineered for a task. All those eggs in one basket would be a frightening prospect to me. Especially for a Call Center. Definitely more expensive but I would think well worth it. Could be the little guy on my right shoulder named "Old School Philosiphy"! He gets more and more bossy as I get older. We have had in smaller settings softphones working just fine here but Call Center.. I wouldnt. Also one nice thing about starting with a hardphone is you can always add softphones later and do pilot trials etc. Hope that helps. Compliancy wise as long as the softphone and the phone are on the same lan then I wouldnt think there would be any extra PCI issues. Sorry for the lack of Knowledge on the PCI compliance. We offloaded our transaction servers years ago. Jeff Moore Chemeketa Community College PS - Feel free to call if you want me to talk your ear off about our experiences as small and limited as they are. 503-910-0756 jm On Wed, May 23, 2012 at 2:30 PM, Bob Henry <bhenry () boisestate edu> wrote:
We have a request to assist in setting up a call center that will solicit contributions and accept payment with credit cards. The group wants to use soft phones on the PC's where they will be also be entering CC information in order to spend less than it would cost for hardware phones. The PC's are clearly in-scope for PCI and my gut says having the soft phone on the PC brings our VOIP system into scope for PCI compliance which is a nightmare. My strong recommendation is for the group to use a hardware phone which is not on the CC VLAN. Does anyone have any experience or wise words on the topic? Thanks, Bob Robert Henry, CISSP ISO & Director of Information Security Services Acting Director, OIT Development Services Boise State University 208-426-5701 bhenry () boisestate edu http://oit.boisestate.edu/security
-- Jeff Moore Desk (503) 877-4707 <https://www.google.com/voice?pli=1#phones> Cell (503) 9 <https://www.google.com/voice?pli=1#phones>10-0756 Mail () JeffMoore com
Current thread:
- PCI & VOIP Soft Phones Bob Henry (May 23)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)
- Re: PCI & VOIP Soft Phones John Ladwig (May 24)
- Re: PCI & VOIP Soft Phones Dave Koontz (May 23)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)
- Re: PCI & VOIP Soft Phones Davis, Thomas R (May 24)
- Re: PCI & VOIP Soft Phones Brad Judy (May 24)
- Re: PCI & VOIP Soft Phones Mike Leach (May 24)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)