Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
893
Views
0
Helpful
0
Comments
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-24-2014 12:28 PM
This document was generated from CDN thread
Created by: Janine Graves on 15-09-2009 10:54:12 PM
Does anyone know if there is documentation on how to make Vxml Server (and CVP) PCI compliant? For example, if I enable secure logging in my studio application, does that make it PCI compliant?
Thanks, Janine
Subject: RE: PCI Compliance
Replied by: Ranjana Narayan on 12-10-2009 10:01:06 AM
Janine,
Currently CVP has not been tested or certified to be PCI compliant, and hence there are no existing documents. The verification against PCI is listed on our to-do.
Regards,
Ranjana.
Subject: RE: PCI Compliance
Replied by: ALI AHAMAD S.F. on 07-12-2010 11:41:47 AM
Dear Ranjan,
I am currently using CVP in the bank and the the CVP has the interfaces to Bank Data on SSL ,my only question is there any starting point for CVP PCI Compliance ...etc ,trying to explore the Security on VXML G/W and PCI stuff,
please CC TO ali_ahamed@yahoo.com
Subject: RE: New Message from ALI AHAMAD S.F. in Customer Voice Portal (CVP) - Gener
Replied by: Muhammad Amir Raza on 08-12-2010 08:36:22 AM
HI Ranjana,
Have Cisco tested CVP with PGW2200?
Regards,
Muhammad Amir Raza
Subject: RE: New Message from ALI AHAMAD S.F. in Customer Voice Portal (CVP) - Gener
Replied by: Muhammad Amir Raza on 09-12-2010 10:40:36 AM
Yes, tested and verified. check below call flow.
1. PSTN call arrives at the SS7 Switch. The SS7 Switch terminates media to the IOS Media Gateway via E1/T1 and terminates signaling to the
ITP via E1/T1.
2. SS7 Switch sends SS7 call to Cisco IP Transfer Point (ITP).
3. ITP converts SS7 call to SS7/IP call.
4. ITP sends SS7/IP call to Cisco PGW 2200 Softswitch.
5. PGW converts SS7/IP call to SIP call.
6. PGW manages and routes the call, sending a SIP invite via the SIP proxy server.
7. The SIP proxy server routes the SIP invite to the Unified CVP Call Server SIP subsystem.
8. The Call Server accepts the SIP invite.
9. The Call Server ICM subsystem sends a route request to the ICM VRU PG.
10. ICM receives the request and runs the appropriate ICM script based on the dialed number label.
11. The ICM script can instruct CVP to manage IVR (play media, get digits, queue to skill group, transfer to agent, etc.). For queue to skill group,
when a Unified Communications Manager (UCM) agent becomes available, ICM requests that the CVP Server IVR subsystem transfers the call
the selected agent.
12. The Call Server sends a SIP invite via the SIP proxy server.
13. The SIP proxy server routes the SIP invite to the UCM.
14. The UCM accepts the SIP invite and routes the call to the select IP agent phone, connecting the caller to the agent.
<font face="Arial" size="1"><font face="Arial" size="1">
</font></font><font face="Arial" size="1">
</font>
Subject: RE: PCI Compliance
Replied by: Peter Iannarelli on 08-12-2010 02:04:30 PM
PCI compliency is not a factor of CVP nor the Tomcat contained within. It is more a factor of application implementation and the use of security best practicies, knowledge of java garbage collection and of course common sense.
Regards, Peter
Subject: RE: PCI Compliance
Replied by: Benek Ozer on 08-12-2010 02:41:07 PM
Hi Janine,
We recently completed a CVP project where the customer's major concern/requirement was PCI Compliance. They brought their standards into discussions and we took the necessary steps within the application, CVP Server and CVP Server to Gateway communications.
Our team's reponsibility was to make sure no sensitive data is logged or sent to Reporting Server (like presonal data, credit card number captured on IVR) The communication between systems were secured with SSL enablement and firewalls built in necessary places. Back end integration was also very secure to the standards. User logins (like OAMP Server web interface login) and passwords were also had confirmed complexity and login timeouts were also standardized.
Benek
Subject: RE: PCI Compliance
Replied by: ALI AHAMAD S.F. on 08-12-2010 06:56:25 PM
Hello Benek,
i am working on CVP project ,trying to find issue and gaps to address ,Would you mind sharing your CVP design template or some capacity sip port,security and any other major issues ,CVP is interfacing with Banking data there is quite loads issue i can see and recovery ......
please let me know ali_ahamed@yahoo.com
Regards,
Subject: Re: New Message from Benek Ozer in Customer Voice Portal (CVP) - General Di
Replied by: Janine Graves on 10-12-2010 08:25:11 PM
Thanks Benek for this information. Can you tell me whether enabling
'Secure Logging' in the Studio application (in the elements that collect
caller input, there's a Setting named 'Enable Secure Logging') kept the
data from going to the reporting server? I know it keeps it out of the
Activity Log.
Thanks again, Janine
On 12/8/2010 8:41 AM, Cisco Developer Community Forums wrote:
> Benek Ozer has created a new message in the forum "General Discussion
> - All Versions":
>
> --------------------------------------------------------------
> Hi Janine,
> Â
> We recently completed a CVP project where the customer's major
> concern/requirement was PCI Compliance. They brought their standards
> into discussions and we took the necessary steps within the
> application, CVP Server and CVP Server to Gateway communications.
> Â
> Our team's reponsibility was to make sure no sensitive data is logged
> or sent to Reporting Server (like presonal data, credit card number
> captured on IVR) The communication between systems were secured with
> SSL enablement and firewalls built in necessary places. Back end
> integration was also very secure to the standards. User logins (like
> OAMP Server web interface login) and passwords were also had confirmed
> complexity and login timeouts were also standardized.
> Â
> Benek
> Â
> Â
> --
> To respond to this post, please click the following link:
>
> <http://developer.cisco.com/web/cvp/forums/-/message_boards/message/2812744>
>
> or simply reply to this email.
--
Janine Graves
Subject: RE: Re: New Message from Benek Ozer in Customer Voice Portal (CVP) - Genera
Replied by: Benek Ozer on 11-12-2010 07:55:39 AM
Hi Janine,
The parameters or variables captured or created by elements are written on vxmlelementdetail table on CVP Reporting DB Server. Enabling secure logging also works on reporting data. Normally, some of the element details for a capture element are 'value', 'nbestUtterance1', 'nbestInterpration1' When the same capture element has 'Secure logging' enabled, those details' names change to 'value_secureLogging', 'nbestUtterance1_secureLogging', 'nbestInterpration1_secureLogging' respectively where all their shown varvalue are read as '*****'
Please also note that, this information is based on a lab configuration with CVP 7.02 components. Other CVP versions may or may not have the same behavior.
Benek
Subject: RE: New Message from ALI AHAMAD S.F. in Customer Voice Portal (CVP) - Gener
Replied by: ALI AHAMAD S.F. on 17-12-2010 01:58:13 PM
Subject: RE: PCI Compliance
Replied by: ALI AHAMAD S.F. on 17-12-2010 01:59:08 PM
Guys i need some help on how we transfer Customer in to CVP for 60 Sec for input and after 60 seconds call comes back to same Agent,
the scenarios is like this ,if customer calls land on CVP self service and customer will breakout to agent depending upon many situation like PIN change/credit card payment...etc when customer breakout to agent and agent will do temp transfer on the CVP for inputting those digits (PIN CHANGE, Credit card number or PAN number) after 60 seconds the calls comes back to same agent subsequently a validation code will be sent to Agent desktop as successful/Failed ,but agent should will not see any PIN/credit card number .....
above scenario i feel the the way how ICM /CVP scripts written and but the transfer to CVP is temp and there is time out like 60 sec calls should come back to same agent,i was also thinking Conferencing the same scenario but in the conferencing scenario can i mute while customer inputting the PIN/CARD NUMBER .............don¿t know i thought of above solution ,please if any one has done this solution please requested to share and your help will be much appreciated .....
Regards
Created by: Janine Graves on 15-09-2009 10:54:12 PM
Does anyone know if there is documentation on how to make Vxml Server (and CVP) PCI compliant? For example, if I enable secure logging in my studio application, does that make it PCI compliant?
Thanks, Janine
Subject: RE: PCI Compliance
Replied by: Ranjana Narayan on 12-10-2009 10:01:06 AM
Janine,
Currently CVP has not been tested or certified to be PCI compliant, and hence there are no existing documents. The verification against PCI is listed on our to-do.
Regards,
Ranjana.
Subject: RE: PCI Compliance
Replied by: ALI AHAMAD S.F. on 07-12-2010 11:41:47 AM
Janine,
Currently CVP has not been tested or certified to be PCI compliant, and hence there are no existing documents. The verification against PCI is listed on our to-do.
Regards,
Ranjana.
Dear Ranjan,
I am currently using CVP in the bank and the the CVP has the interfaces to Bank Data on SSL ,my only question is there any starting point for CVP PCI Compliance ...etc ,trying to explore the Security on VXML G/W and PCI stuff,
please CC TO ali_ahamed@yahoo.com
Subject: RE: New Message from ALI AHAMAD S.F. in Customer Voice Portal (CVP) - Gener
Replied by: Muhammad Amir Raza on 08-12-2010 08:36:22 AM
HI Ranjana,
Have Cisco tested CVP with PGW2200?
Regards,
Muhammad Amir Raza
Subject: RE: New Message from ALI AHAMAD S.F. in Customer Voice Portal (CVP) - Gener
Replied by: Muhammad Amir Raza on 09-12-2010 10:40:36 AM
Yes, tested and verified. check below call flow.
1. PSTN call arrives at the SS7 Switch. The SS7 Switch terminates media to the IOS Media Gateway via E1/T1 and terminates signaling to the
ITP via E1/T1.
2. SS7 Switch sends SS7 call to Cisco IP Transfer Point (ITP).
3. ITP converts SS7 call to SS7/IP call.
4. ITP sends SS7/IP call to Cisco PGW 2200 Softswitch.
5. PGW converts SS7/IP call to SIP call.
6. PGW manages and routes the call, sending a SIP invite via the SIP proxy server.
7. The SIP proxy server routes the SIP invite to the Unified CVP Call Server SIP subsystem.
8. The Call Server accepts the SIP invite.
9. The Call Server ICM subsystem sends a route request to the ICM VRU PG.
10. ICM receives the request and runs the appropriate ICM script based on the dialed number label.
11. The ICM script can instruct CVP to manage IVR (play media, get digits, queue to skill group, transfer to agent, etc.). For queue to skill group,
when a Unified Communications Manager (UCM) agent becomes available, ICM requests that the CVP Server IVR subsystem transfers the call
the selected agent.
12. The Call Server sends a SIP invite via the SIP proxy server.
13. The SIP proxy server routes the SIP invite to the UCM.
14. The UCM accepts the SIP invite and routes the call to the select IP agent phone, connecting the caller to the agent.
<font face="Arial" size="1"><font face="Arial" size="1">
</font></font><font face="Arial" size="1">
</font>
Subject: RE: PCI Compliance
Replied by: Peter Iannarelli on 08-12-2010 02:04:30 PM
PCI compliency is not a factor of CVP nor the Tomcat contained within. It is more a factor of application implementation and the use of security best practicies, knowledge of java garbage collection and of course common sense.
Regards, Peter
Does anyone know if there is documentation on how to make Vxml Server (and CVP) PCI compliant? For example, if I enable secure logging in my studio application, does that make it PCI compliant?
Thanks, Janine
Subject: RE: PCI Compliance
Replied by: Benek Ozer on 08-12-2010 02:41:07 PM
Hi Janine,
We recently completed a CVP project where the customer's major concern/requirement was PCI Compliance. They brought their standards into discussions and we took the necessary steps within the application, CVP Server and CVP Server to Gateway communications.
Our team's reponsibility was to make sure no sensitive data is logged or sent to Reporting Server (like presonal data, credit card number captured on IVR) The communication between systems were secured with SSL enablement and firewalls built in necessary places. Back end integration was also very secure to the standards. User logins (like OAMP Server web interface login) and passwords were also had confirmed complexity and login timeouts were also standardized.
Benek
Subject: RE: PCI Compliance
Replied by: ALI AHAMAD S.F. on 08-12-2010 06:56:25 PM
Hello Benek,
i am working on CVP project ,trying to find issue and gaps to address ,Would you mind sharing your CVP design template or some capacity sip port,security and any other major issues ,CVP is interfacing with Banking data there is quite loads issue i can see and recovery ......
please let me know ali_ahamed@yahoo.com
Regards,
Hi Janine,
We recently completed a CVP project where the customer's major concern/requirement was PCI Compliance. They brought their standards into discussions and we took the necessary steps within the application, CVP Server and CVP Server to Gateway communications.
Our team's reponsibility was to make sure no sensitive data is logged or sent to Reporting Server (like presonal data, credit card number captured on IVR) The communication between systems were secured with SSL enablement and firewalls built in necessary places. Back end integration was also very secure to the standards. User logins (like OAMP Server web interface login) and passwords were also had confirmed complexity and login timeouts were also standardized.
Benek
Subject: Re: New Message from Benek Ozer in Customer Voice Portal (CVP) - General Di
Replied by: Janine Graves on 10-12-2010 08:25:11 PM
Thanks Benek for this information. Can you tell me whether enabling
'Secure Logging' in the Studio application (in the elements that collect
caller input, there's a Setting named 'Enable Secure Logging') kept the
data from going to the reporting server? I know it keeps it out of the
Activity Log.
Thanks again, Janine
On 12/8/2010 8:41 AM, Cisco Developer Community Forums wrote:
> Benek Ozer has created a new message in the forum "General Discussion
> - All Versions":
>
> --------------------------------------------------------------
> Hi Janine,
> Â
> We recently completed a CVP project where the customer's major
> concern/requirement was PCI Compliance. They brought their standards
> into discussions and we took the necessary steps within the
> application, CVP Server and CVP Server to Gateway communications.
> Â
> Our team's reponsibility was to make sure no sensitive data is logged
> or sent to Reporting Server (like presonal data, credit card number
> captured on IVR) The communication between systems were secured with
> SSL enablement and firewalls built in necessary places. Back end
> integration was also very secure to the standards. User logins (like
> OAMP Server web interface login) and passwords were also had confirmed
> complexity and login timeouts were also standardized.
> Â
> Benek
> Â
> Â
> --
> To respond to this post, please click the following link:
>
> <http://developer.cisco.com/web/cvp/forums/-/message_boards/message/2812744>
>
> or simply reply to this email.
--
Janine Graves
Subject: RE: Re: New Message from Benek Ozer in Customer Voice Portal (CVP) - Genera
Replied by: Benek Ozer on 11-12-2010 07:55:39 AM
Can you tell me whether enabling
'Secure Logging' in the Studio application (in the elements that collect
caller input, there's a Setting named 'Enable Secure Logging') kept the
data from going to the reporting server? I know it keeps it out of the
Activity Log.
Hi Janine,
The parameters or variables captured or created by elements are written on vxmlelementdetail table on CVP Reporting DB Server. Enabling secure logging also works on reporting data. Normally, some of the element details for a capture element are 'value', 'nbestUtterance1', 'nbestInterpration1' When the same capture element has 'Secure logging' enabled, those details' names change to 'value_secureLogging', 'nbestUtterance1_secureLogging', 'nbestInterpration1_secureLogging' respectively where all their shown varvalue are read as '*****'
Please also note that, this information is based on a lab configuration with CVP 7.02 components. Other CVP versions may or may not have the same behavior.
Benek
Subject: RE: New Message from ALI AHAMAD S.F. in Customer Voice Portal (CVP) - Gener
Replied by: ALI AHAMAD S.F. on 17-12-2010 01:58:13 PM
Yes, tested and verified. check below call flow.
Guys i need some help on how we transfer Customer in to CVP for 60 Sec for input and after 60 seconds call comes back to same Agent,
the scenarios is like this ,if customer calls land on CVP self service and customer will breakout to agent depending upon many situation like PIN change/credit card payment...etc when customer breakout to agent and agent will do temp transfer on the CVP for inputting those digits (PIN CHANGE, Credit card number or PAN number) after 60 seconds the calls comes back to same agent subsequently a validation code will be sent to Agent desktop as successful/Failed ,but agent should will not see any PIN/credit card number .....
above scenario i feel the the way how ICM /CVP scripts written and but the transfer to CVP is temp and there is time out like 60 sec calls should come back to same agent,i was also thinking Conferencing the same scenario but in the conferencing scenario can i mute while customer inputting the PIN/CARD NUMBER .............don¿t know i thought of above solution ,please if any one has done this solution please requested to share and your help will be much appreciated .....
Regards
1. PSTN call arrives at the SS7 Switch. The SS7 Switch terminates media to the IOS Media Gateway via E1/T1 and terminates signaling to the
ITP via E1/T1.
2. SS7 Switch sends SS7 call to Cisco IP Transfer Point (ITP).
3. ITP converts SS7 call to SS7/IP call.
4. ITP sends SS7/IP call to Cisco PGW 2200 Softswitch.
5. PGW converts SS7/IP call to SIP call.
6. PGW manages and routes the call, sending a SIP invite via the SIP proxy server.
7. The SIP proxy server routes the SIP invite to the Unified CVP Call Server SIP subsystem.
8. The Call Server accepts the SIP invite.
9. The Call Server ICM subsystem sends a route request to the ICM VRU PG.
10. ICM receives the request and runs the appropriate ICM script based on the dialed number label.
11. The ICM script can instruct CVP to manage IVR (play media, get digits, queue to skill group, transfer to agent, etc.). For queue to skill group,
when a Unified Communications Manager (UCM) agent becomes available, ICM requests that the CVP Server IVR subsystem transfers the call
the selected agent.
12. The Call Server sends a SIP invite via the SIP proxy server.
13. The SIP proxy server routes the SIP invite to the UCM.
14. The UCM accepts the SIP invite and routes the call to the select IP agent phone, connecting the caller to the agent.
<font face="Arial" size="1"><font face="Arial" size="1">
</font></font><font face="Arial" size="1">
</font>
Subject: RE: PCI Compliance
Replied by: ALI AHAMAD S.F. on 17-12-2010 01:59:08 PM
Guys i need some help on how we transfer Customer in to CVP for 60 Sec for input and after 60 seconds call comes back to same Agent,
the scenarios is like this ,if customer calls land on CVP self service and customer will breakout to agent depending upon many situation like PIN change/credit card payment...etc when customer breakout to agent and agent will do temp transfer on the CVP for inputting those digits (PIN CHANGE, Credit card number or PAN number) after 60 seconds the calls comes back to same agent subsequently a validation code will be sent to Agent desktop as successful/Failed ,but agent should will not see any PIN/credit card number .....
above scenario i feel the the way how ICM /CVP scripts written and but the transfer to CVP is temp and there is time out like 60 sec calls should come back to same agent,i was also thinking Conferencing the same scenario but in the conferencing scenario can i mute while customer inputting the PIN/CARD NUMBER .............don¿t know i thought of above solution ,please if any one has done this solution please requested to share and your help will be much appreciated .....
Regards
Labels:
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
Customers Also Viewed These Support Documents