Yesterday I had yet another call with a mega-retailer on safeguarding VOIP communications in the enterprise, per the PCI requirements.
The problem is, if you don’t encrypt your VOIP traffic when you implement the telecom system (so that your entire corporate network is not in scope of the PCI audit), you are left having to segment off the VOIP traffic in the enterprise since some of it contains credit card numbers spoken over the phone.
If a general digital PBX supports the entire company’s VOIP system, including hundreds of distributed retail outlets, it would be very expensive and difficult to segment off the use of the network for potential credit card traffic. The same isn’t true if it’s a call center VOIP system only, since then the normal network segmentation practices would apply.
This retailer who does have a general PBX system supporting the entire enterprise operation, had checked with some of their fellow retailers and all were running into the same issue. I didn’t have any solutions that I could pull out that were practical and proven.
If any of you have, please chime in.
Category: Uncategorized Tags: