|
|
Joined: Dec 2008
Posts: 239
Member
|
Member
Joined: Dec 2008
Posts: 239 |
Good morning can anybody tell me if the SV9100 is PCI compliant. I see there is a Encryption License (BE114068) but I can't find an answer to see if that would make it PCI compliant. System is a CP-10 with the latest software, all phones are VOIP with SIP trunks. I have a call into our rep but I thought that maybe somebody on the forum would know. Thanks...
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Feb 2005
Posts: 592 Likes: 4
Member
|
Member
Joined: Feb 2005
Posts: 592 Likes: 4 |
PCI is just a TLA.... Three letter Acronym what do you mean by PCI?
|
|
|
|
Joined: Dec 2007
Posts: 6,816 Likes: 19
Retired Admin
|
Retired Admin
Joined: Dec 2007
Posts: 6,816 Likes: 19 |
PCI is just a TLA.... Three letter Acronym what do you mean by PCI? I agree I have no idea why a telephone system itself would need to pass security muster for the Payment Card Industry. Perhaps, the ancillary equipment attached to a telephone system would, but again the SV9100 only passes information provided by the end user.
|
|
|
|
Joined: Sep 2004
Posts: 4,214 Likes: 2
Member
|
Member
Joined: Sep 2004
Posts: 4,214 Likes: 2 |
Ya, I know that FreePBX (Asterisk) has HUGE security holes but, as as I know the 9100 cannot allow access to anything other than itself.
|
|
|
|
Joined: Feb 2005
Posts: 592 Likes: 4
Member
|
Member
Joined: Feb 2005
Posts: 592 Likes: 4 |
I didn't want to assume the Payment Card Industry definition of the TLA as I couldn't see the relationship but if this is the definition of the TLA then sorry but there is no relevance! Why would the industry want a PBX to be PCI compliant when I can just put a Buttinski across a PSTN line and see any DTMF tones sent to line (such as the card number, pin number and security code). Some people have a seriously skewed idea of security over a telephone line! Oh and have been able to for the past 30 years if not more! Also on a more up to date note, I can use a wireshark trace to give me the same information on a VoIP connection.
Last edited by R4+Z; 11/19/23 08:18 AM.
|
|
|
|
Joined: Aug 2012
Posts: 109 Likes: 1
Member
|
Member
Joined: Aug 2012
Posts: 109 Likes: 1 |
As someone who has run a small call center before, a few things come to mind. If they are recording calls, they will have to have the ability to pause/stop the recording while taking credit card numbers. They will likely need to make sure their audio streams are encrypted if they are using IP phones, which the SV9100 can do. Those are the kinds of things that will make the system "PCI Compliant".
|
|
|
|
Joined: Dec 2008
Posts: 239
Member
|
Member
Joined: Dec 2008
Posts: 239 |
We told the customer that the 9100 does not record any calls. NEC engineering confirmed it as well. The customer has stated EVEN if the 9100 does not record any calls that the agents STILL take credit card info over the phone and the phone system still needs to be compliant. Full VOIP, full SIP trunks. Next step is to see if the carrier is encrypted. Thanks for the responses...
|
|
|
|
Joined: Sep 2004
Posts: 4,214 Likes: 2
Member
|
Member
Joined: Sep 2004
Posts: 4,214 Likes: 2 |
Well, you have options. Encrypting the phones is a license I believe.
|
|
|
Forums84
Topics94,423
Posts639,467
Members49,819
|
Most Online5,661 May 23rd, 2018
|
|
0 members (),
186
guests, and
21
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|
|