Educause Security Discussion mailing list archives
Re: PCI & VOIP Soft Phones
From: "Davis, Thomas R" <tdavis () IU EDU>
Date: Thu, 24 May 2012 12:15:50 +0000
Hi Bob, Here's a document that might help: https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf As others have said - best to consult your QSA. I personally prefer using a POTS for this... -- Tom Davis, CISSP, CISM Chief Security Officer Public Safety and Institutional Assurance Indiana University https://protect.iu.edu/tdavis On May 23, 2012, at 5:30 PM, Bob Henry wrote:
We have a request to assist in setting up a call center that will solicit contributions and accept payment with credit cards. The group wants to use soft phones on the PC's where they will be also be entering CC information in order to spend less than it would cost for hardware phones. The PC's are clearly in-scope for PCI and my gut says having the soft phone on the PC brings our VOIP system into scope for PCI compliance which is a nightmare. My strong recommendation is for the group to use a hardware phone which is not on the CC VLAN. Does anyone have any experience or wise words on the topic? Thanks, Bob Robert Henry, CISSP ISO & Director of Information Security Services Acting Director, OIT Development Services Boise State University 208-426-5701 bhenry () boisestate edu http://oit.boisestate.edu/security
Current thread:
- PCI & VOIP Soft Phones Bob Henry (May 23)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)
- Re: PCI & VOIP Soft Phones John Ladwig (May 24)
- Re: PCI & VOIP Soft Phones Dave Koontz (May 23)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)
- Re: PCI & VOIP Soft Phones Davis, Thomas R (May 24)
- Re: PCI & VOIP Soft Phones Brad Judy (May 24)
- Re: PCI & VOIP Soft Phones Mike Leach (May 24)
- Re: PCI & VOIP Soft Phones Jeff Moore (May 23)