THE STACK

In a previous article, we discussed the changing regulations and compliance issues affecting organizations that process or transmit credit card information.

While most every company that process online credit card payments have placed a lot of effort and time into becoming compliant with the Payment Card Industry Data Security Standard (PCI DSS). Many do not put as much effort into the challenges that they must meet on an annual basis which is to remain compliant. 

Of the many compliance requirement challenges one of the most laborious and time-consuming tasks is the quarterly PCI compliance scan. 

Depending on the type of organization you work for, your Unified Communications (UC) systems may be required to be PCI compliant. This is generally the case when credit card transactions are processed on the phone, as is the case in some customer service contact centers. The new release of the Payment Card Industry Data Security Standard (PCI DSS), version 3.2, introduces many significant changes that you should be made aware of. Although the changes in PCI DSS version 3.2 are vast, for this article, we will focus on the new aspects of the standard that directly affect UC systems, namely the migration from Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) versions.