Hi all,
I have been emailed the question below by a colleague and was wondering if someone could assist with answering points 1 and 2 in bold below.
The context of my question is as part of a PCI DSS compliance project, and the reason is to determine what controls we need to put in place around the router/Cisco call management.
We are looking at a solution for taking customer card payments where the call flow is:
- Customer rings the branch
- Branch forwards the customer to an external third party – then hangs up (forwarded call remains open)
- Third party calls the person in the branch immediately back
This results in a secure three way call (facilitates by the third party), where the ECP colleague cannot hear the touch tones when the customer enters their credit card number using the buttons on their phone, because the ECP colleague is on a detached ‘clean’ line and the third party filters out this information.
After point ii), there is an incoming call from the customer and the outgoing call to the third party which is hanging off our Cisco router, but which I believe sits on the ISDN interface only – my questions to Cisco are:
- Are there any circumstances in which this call can be intercepted, and if so, by what means (would it need a physical connection to the router or line, can it be done via Call Manager control servers, is there any possibility for interception from the LAN or WAN side interfaces, etc)
- What causes the line to drop – does the router manage it when the customer hands up, or does the Call Management server control this process?
