Financial Service Communications

Try preventing a sales person from taking a credit card or other account information over the phone.  To do so is to discourage closing the  sale. Yet, many business users of VoIP phone systems are violating PCI credit card standards. Google this to understand the fines https://www.google.com/search?q=pci+fines&oq=pci+fines

While we provide hundreds of useful communication features, our financial  services customers tell us that data and communications security is the #1 feature. Beyond PCI, VoIP telephone systems are subject to other security standards. We list these standards below.

  • FIRNA – FINRA is dedicated to protecting investors and safeguarding market integrity.
  • HIPPA -Health Insurance Portability and Accountability Act of 1996
  • PCI-If you process credit card transactions, you are bound by these rules.
  • SOX – In 2002, congress passed to protect the general public from accounting errors and fraudulent practices in enterprises.
  • Personal Data Privacy and Security Act –  prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches.
  • FCC E911 – Federal Communications Commission regulations on emergency calling.

What is the compliance of VoIP providers?

  • Vonage VoIP goes into great detail to explain the dangers of using VoIP if you verbally take credit card information over the phone. Their web site specifically states “What can you do to protect yourself?, DON’T USE VOIP.
  • Ring Central use of encryption started in late in 2018 according to bulletins.
  • Many smaller VoIP providers are not compliant with these regulations. We offer a simple audit at no cost and will provide a written report to your current provider so that they can meet compliance. 

Infotel Systems designs for VoIP security.

Many security standards have similar VoIP security compliance methods.  Interpreting some standards can make your head spin. This, we take an “old school” approach. Some would say it’s a lean six sigma approach. In short, we make it impossible to fail or just over engineer to comply.  Just a few examples are;

  • VPN– We encapsulate your voice transmission in a VPN. This is the only way we connect. Unlike a software switch on a phone, the VPN can not be forgotten.
  • Voice Recordings – Complying with PCI and HIPPA, Internet access to voice recordings may violate regulations. We can provide a local recording server at your premise with no Internet connection or provide web access via a PC on the voice network. Again, we design for 100% successful outcomes.
  • Separation of voice & data networks – We run separate cable for phones. Phones and computers DO NOT exist on the same cable and thus it’s impossible to be on the same network.
  • Internet backup – We offer 4G Internet backup to meet business continuity guidelines.

Voice (and data) security does not come from remembering a 500 page rule book as you go about your day.  Security comes from following the rules at the time of design such that security compliance is the only possible outcome.