Can DTMF be hacked or decoded?
Can it be Decoded?
DTMF suppression cannot be decoded because we’ve suppressed and it hasn’t actually entered the environment. So, there’s nothing to decode. There is no encryption key. It’s just simply not there. The data leg of that call has been suspended and held back within our data center. We’ve simply delivered an audio channel which contains no DTMF, we’ve clamped that and removed it.
Can it be hacked?
Well, anything can be hacked. That DTMF, we’ve stopped it from leaving our data center, so it sits within our data center during processing. We don’t store it because that would be crazy. We simply purge it once we’ve sent it to the gateway. However, as part of our level one PCI compliance, we have to bring ethical hackers, not only pass the 24/7 security guards, but we have to take them to our secure environment with a security guard and let the ethical hacker plug their laptop into the front of our servers, to see whether they can actually get to the card data, find it, capture it, and decrypt it.
If we weren’t absolutely rock-solid at that point, we wouldn’t get our AOC accreditation, which we’ve just renewed again and passed with flying colours.
Presented by Mark Kelly – Chief Commercial Officer (CCO) at Key IVR