Information on Merchant Accounts,
Ecommerce and Credit Card Processing

June 7th, 2010 by Jamie Estep

VOIP + Credit Card Terminal = Bad Idea

Filed in: Merchant Accounts | 1 comment

I’ve heard an alarming trend from a number of sources about how to hook up a credit card terminal to a VOIP (Voice Over Internet Protocol) telephone system. Several of the examples I’ve seen probably worked as well, so let’s get right to the point.

Do not connect your dial-up credit card terminal to a VOIP connection!

Even if you get this to properly work, which is apparently possible using an analog adapter, you are now violating a number of PCI regulations regarding data security. When you process using a dial-up connection, the data transmission is not encrypted. Since the transaction is going over a phone network which operates differently, with regards to security, than internet, it’s OK by PCI and issuer data security standards (Whether the existing security is enough, is another debate). When you put that terminal on a VOIP connection, you are now transmitting unencrypted data directly over the internet.

Encrypt transmission of cardholder data across open, public networks

Do not do this, do not try to do this, and do not let your cable or other internet provider tell you that it’s safe and secure. I’ve heard of both Time Warner and ATT service reps telling customers that it is perfectly secure to do this. It’s not. Same thing goes for Magic Jack, Vonage, Packet 8, Comcast, or any other VOIP provider out there.

There is almost no way to encrypt data from your terminal over the internet unless your terminal supports end-to-end encryption, which realistically barely exists as of yet, or you have some extremely fancy and expensive telecom equipment. You would certainly know if you fall into this category.

If you have a VOIP only connection, you need to purchase an Ethernet compatible terminal, like a Verifone VX570 or VX510 (Dual Comm), Nurit 8400 (Dual Comm) or a Hypercom T4220. The T4220 and VX510 are the lowest cost out of this group. Get your new terminal programmed to connect over the internet by your processor. Connect your Ethernet terminal to a spare port on your Ethernet switch, hub or router.

Don’t try to get your dial-up terminal to work over VOIP even though it may be possible.

One Response to “VOIP + Credit Card Terminal = Bad Idea”

  1. Credit Card Processing June 25, 2010 at 8:12 pm

    There are some serious security considerations to using this method and the article is right on the money… If convenience is your thing, fine, but you might be doing your customer a serious disservice.