atcomsystems.ca/forum
Posted By: erniejoey SV9100 PCI Compliance - 11/08/23 12:36 PM
Good morning can anybody tell me if the SV9100 is PCI compliant. I see there is a Encryption License (BE114068) but I can't find an answer to see if that would make it PCI compliant. System is a CP-10 with the latest software, all phones are VOIP with SIP trunks. I have a call into our rep but I thought that maybe somebody on the forum would know. Thanks...
Posted By: R4+Z Re: SV9100 PCI Compliance - 11/18/23 02:36 PM
PCI is just a TLA.... Three letter Acronym what do you mean by PCI?
Posted By: Professor Shadow Re: SV9100 PCI Compliance - 11/18/23 06:56 PM
Originally Posted by R4+Z
PCI is just a TLA.... Three letter Acronym what do you mean by PCI?
I agree I have no idea why a telephone system itself would need to pass security muster for the Payment Card Industry. Perhaps, the ancillary equipment attached to a telephone system would, but again the SV9100 only passes information provided by the end user.
Posted By: Coral Tech Re: SV9100 PCI Compliance - 11/18/23 08:17 PM
Ya, I know that FreePBX (Asterisk) has HUGE security holes but, as as I know the 9100 cannot allow access to anything other than itself.
Posted By: R4+Z Re: SV9100 PCI Compliance - 11/19/23 01:13 PM
I didn't want to assume the Payment Card Industry definition of the TLA as I couldn't see the relationship but if this is the definition of the TLA then sorry but there is no relevance! Why would the industry want a PBX to be PCI compliant when I can just put a Buttinski across a PSTN line and see any DTMF tones sent to line (such as the card number, pin number and security code). Some people have a seriously skewed idea of security over a telephone line! Oh and have been able to for the past 30 years if not more! Also on a more up to date note, I can use a wireshark trace to give me the same information on a VoIP connection.
Posted By: nortelvoip Re: SV9100 PCI Compliance - 11/20/23 02:51 AM
As someone who has run a small call center before, a few things come to mind. If they are recording calls, they will have to have the ability to pause/stop the recording while taking credit card numbers. They will likely need to make sure their audio streams are encrypted if they are using IP phones, which the SV9100 can do. Those are the kinds of things that will make the system "PCI Compliant".
Posted By: erniejoey Re: SV9100 PCI Compliance - 11/20/23 01:50 PM
We told the customer that the 9100 does not record any calls. NEC engineering confirmed it as well. The customer has stated EVEN if the 9100 does not record any calls that the agents STILL take credit card info over the phone and the phone system still needs to be compliant. Full VOIP, full SIP trunks. Next step is to see if the carrier is encrypted. Thanks for the responses...
Posted By: Coral Tech Re: SV9100 PCI Compliance - 11/20/23 05:45 PM
Well, you have options. Encrypting the phones is a license I believe.
© Sundance Business VOIP Telephone Help