How VoIP telephony impacts on PCI DSS

How VoIP telephony impacts on PCI DSS

Download your Free eBook

How VoIP telephony impacts on PCI DSS

Get your ebook now!

By Jason McWhirr, Information Security Consultant

When it comes to processing cardholder data, many businesses these days will often use more than one method. Whether they are using a point of sale (POS) device or taking online payments one thing is clear, all payment card data must be protected by implementing the security controls in the Payment Card Industry Data Security Standard (PCI DSS).


This protection of cardholder data needs to cover the complete payment process including the people, processes, premises and technology that a business uses to process a transaction.

VoIP has become mainstream

Historically, voice-based card-not-present transactions taken over legacy plain old telephone systems (POTS) were largely out of scope for PCI DSS controls. The very low security risk associated with POTS was due to telecommunication company (telco) regulation, their physical controls (exchanges/lines), and large discrete telephone networks.


However, with the increased speed, reliability, and connectivity of the Internet over the last 10 years, the use of Voice over Internet Protocol (VoIP) telephony has gradually grown to the extent that it is now the mainstream.

Download the whitepaper

In the following downloadable whitepaper, entitled ‘How VoIP telephony impacts on PCI DSS’  we discuss what needs to be considered by businesses with IP-based voice networks and what acquirers should consider for their merchant’s compliance.



Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below