By Jason McWhirr, Information Security Consultant
When it comes to processing cardholder data, many businesses these days will often use more than one method. Whether they are using a point of sale (POS) device or taking online payments one thing is clear, all payment card data must be protected by implementing the security controls in the Payment Card Industry Data Security Standard (PCI DSS).
This protection of cardholder data needs to cover the complete payment process including the people, processes, premises and technology that a business uses to process a transaction.
VoIP has become mainstream
Historically, voice-based card-not-present transactions taken over legacy plain old telephone systems (POTS) were largely out of scope for PCI DSS controls. The very low security risk associated with POTS was due to telecommunication company (telco) regulation, their physical controls (exchanges/lines), and large discrete telephone networks.
However, with the increased speed, reliability, and connectivity of the Internet over the last 10 years, the use of Voice over Internet Protocol (VoIP) telephony has gradually grown to the extent that it is now the mainstream.
Download the whitepaper
In the following downloadable whitepaper, entitled ‘How VoIP telephony impacts on PCI DSS’ we discuss what needs to be considered by businesses with IP-based voice networks and what acquirers should consider for their merchant’s compliance.
If you are a merchant that requires technical or PCI DSS help, please click here