• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

3 Technology Upgrades Required to Ensure PCI DSS Compliance

Heads up: Does your organization accept credit card payments by phone? If so, you may fall under the purview of a new set of data privacy regulations. On June 30, the Payment Card Industry PCI DSS compliance(PCI) Standards Council officially rolled out its Data Security Standard (DSS). As part of PCI DSS compliance, organizations must phase out SSL and TLS 1.0 and replace them with more secure protocol. However, complying with that requirement could kick off a string of upgrades to your communication environment.

Before we get into what that upgrade chain could look like, first let’s take a closer view of PCI DSS. It consists of 12 baseline directives and mandates data security and privacy best practices for merchants, card issuers, and any other “payment service providers.” PCI DSS applies to businesses that store, process, or transmit cardholder data and/or payments. Failure to comply with PCI DSS could lead to penalties of anywhere from $5,000 to $100,000 per month.

In order to avoid those stiff noncompliance penalties, organizations will need to take swift action throughout their communication environment. Let’s run through a few Cisco communication and collaboration solutions affected by PCI DSS compliance – and some possible upgrade paths.

  • Cisco Voice Endpoints – Businesses still leaning on legacy Cisco phones, including the 3900, 6900, and 9900, have two ways to ensure PCI DSS compliance . The most straightforward method is upgrading to modern endpoints (ex. 7800, 8800). If upgrading isn’t an option, you could also choose to disable the HTTPS interfaces on legacy devices. This is complex and it will result in a loss of features for reconfigured devices, but it is an option. Note: Select phones from the 7900 series (7902, 7912, 7935, etc.) cannot be reconfigured and must be upgraded.
  • Cisco Jabber – Jabber versions prior to 11.7 don’t support the advanced TLS protocol necessitated by PCI DSS. As such, you will need to initiate an organizational upgrade to 11.7 or a newer version. Those still leveraging Cisco IP Communicator will also need to upgrade to Jabber 11.7 or later as that solution lacks the ability to run advanced TLS protocol.
  • Cisco Video Endpoints –If your communication strategy includes legacy Cisco TelePresence solutions (such as CTS 500, CTS 1000, TX 9000, etc.), you should upgrade immediately. Suggested upgrade paths include the Cisco WebEx (formerly Spark) Room Series or Cisco’s TelePresence IX5000. Meanwhile, businesses using video endpoints such as Cisco MX, Cisco C-Series, etc. can upgrade to either TC 7.3(11), CE 9.1(3) or deploy a newer hardware model.

Next Steps: Don’t take on PCI DSS compliance alone

Want to learn more about the potential impact of PCI DSS on your communication and collaboration environment? Arraya’s team is ready to help. Our collaboration experts can assess the state of your current solutions. They will work closely with you to design and execute an appropriate strategy to implement any necessary upgrades. Get the conversation started today by visiting us at: https://www.arrayasolutions.com//contact-us/.

As always, feel free to leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. Once you’ve let us know what you think, follow us to stay updated on our industry insights and special events.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}