Written by Beth Hildreth on May 31, 2017
Categories: Blog Posts, Security

For any businesses looking to successfully move into the future, hacking prevention and cyber security are quickly becoming top priorities. With the way the technological landscape has been changing, some sort of standards had to be put in place.

That’s why in 2006 five major credit card companies formed the Payment Card Industry Security Standards Council (PCI SSC). This group then went on to collaboratively develop a collection of security mandates that is called the Payment Card Industry Data Security Standard (PCI DSS).

 

These security mandates are made up of 12 detailed rules that define the security policies required for businesses to be able to accept credit cards.

      1. Install and maintain a firewall configuration to protect cardholder data

     

      1. Do not use vendor-supplied defaults for system passwords and other security parameters

     

      1. Protect stored cardholder data

     

      1. Encrypt transmission of cardholder data across open, public networks

     

      1. Use and regularly update anti-virus software or programs

     

      1. Develop and maintain secure systems and applications

     

      1. Restrict access to cardholder data by business need-to-know

     

      1. Assign a unique ID to each person with computer access

     

      1. Restrict physical access to cardholder data

     

      1. Track and monitor all access to network resources and cardholder data

     

      1. Regularly test security systems and processes

     

    1. Maintain a policy that addresses information security for employees and contractors

So what does PCI DSS have to do with my Voice service?

While companies that use Hosted VoIP were not necessarily the intended focus of these 12 requirements, six of these rules can still apply to the different VoIP services deployed by a company. These six rules are the ones bolded above.

We use words like “can still apply” because as technology advances, it takes a while for the rules to be modified and to catch up. So although VoIP is not named in every rule, it has instead been added to a group of technological platforms that are possible venues for credit card information vulnerability.

So we know these rules apply to VoIP, but what now?

Read our white paper to discover:

    • How a VoIP provider can do to meet the PCI DSS standards

 

    • More information about compliance

 

  • How to protect yourself from PCI DSS fines