I am currently helping our security team with a ‘PCI-DSS’ compliance review of our SIP traffic. We found that the ‘Caller ID’ (ANI) is being sent in the Remote-Party-ID header of our SIP INVITEs, which our security officer (Ver23) is concerned about from a privacy perspective. Is there a way to ‘Strip’ or ‘Anonymize’ specific SIP headers on an outbound BYOC Cloud trunk without breaking the call completion for our external carriers?
I have seen these security requirements for our voice bot deployments. You can definitely customize the SIP headers in the ‘Trunk Configuration’ under the ‘External SIP Headers’ section. You can set the Remote-Party-ID to ‘Private’ or just remove it entirely if your carrier supports the P-Asserted-Identity header instead. This ensures that the caller’s private information is not leaked in the signaling path while still allowing the carrier to identify the source of the call for billing purposes.
I am the security officer mentioned by Mar83. My concern is that even if we strip the Remote-Party-ID, the ANI is still present in the From header. For PCI compliance, we must ensure that no sensitive data (like a customer’s private mobile number) is stored in our SIP logs in plain text. Tar55, is there a way to ‘Mask’ the ANI on the trunk so that it only shows our ‘Main Office Number’ for all outbound calls, while still preserving the original ANI in the analytics records for our internal reporting?
I manage the schedules for our telephony team. Ver23, you can achieve this by setting the ‘Calling Party Number’ and ‘Calling Party Name’ at the Trunk level or within the Architect flow using the ‘Set External Tag’ block. This will override the original ANI for the outbound SIP signaling. As for the analytics, Genesys Cloud will still record the original participant.ani in the interaction details, so your internal reporting will not be affected. It is the perfect balance of security and visibility!