PCI DSS (Data Security Standard) Compliance

[klmnop]

I've been tasked with performing an initial PCI DSS self-assessment on our Telco systems, and would like to request feedback regarding best practices.

We have an inbound call center, an outbound sales team, and work-at-home agents using IP Agent.

We're running ASA 2.1; with dual 8700s.

I'm also putting in a new fax server (Multi-Tech FaxFinder), which customers will use to fax us their orders and would welcome specific recommendations regarding how to securely handle these documents.

 

[petran]

PCI DSS covers security for specific sencitive data. Unless you have a call recording system that records customers speaking their credit card number and CVV number you should not have a problem...

For remote agents, conversations with customers speaking sencitive data should be done by encrypting the voice channel, if this communication is via the Internet. If VPN with gook encryption is used you are OK...

Petran
Avaya Certified Expert