If you read the PCI for voice requirments you will notice it is extremely vague, and I've dealt with it at several financial customers especially on contact center side and they all interpret it differently. The big thing as you notice is storage of the credit card CVV codes, which you do not have to worry about on the UC side, only on contact center side if this is collected as that cannot be stored. Good thing about products such as CVP is that you can simply filter those variables out from any logging, reporting, etc.
Yes, it is all very vague. Phone systems themselves tend not to fall under PCI per se, however where most customers get caught out is with ancillary applications such as call recording.
Again, the PCI guidelines for call recording are vague and basically state that you are not allowed to store CVV/CV2 numbers, unless you're unable not to store them. Very helpful.
My experience with PCI & call recording in particular is not to store the CVV/CV2 numbers under any circumstances. There are a number of solutions available to assist with this, but are dependant on the call recording platform being used.
Generally SRTP can't be used with call recording solutions. If you do try it, you'll find the recorded conversations are very secure, although slightly difficult to replay
What makes things harder, is that there doesn't seem to be a consensus in the PCI industry as to what the rules are.
The thing that makes me laugh, is that the payment industry says that the best way of handling credit card details on fax & PDQ machines is to connect them to analogue exchange lines: As if analogue lines are somehow more secure than a VoIP phone system !
IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion
Over the last few months, I have had the privilege of working on SI...
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...