|
|
|
|
|
|
by StudentStuff
2804 days ago
|
|
|
DTMF is being pulled out of band by Twilio (or more likely the underlying CLECs they partner with), thus the agent should not hear it. This is very common for most VOIP carriers, DTMF is carried in the signaling messages rather than in-band in the audio stream. The only person being protected from having access to your card data is the agent who asked you to key in your card. |
|
|
So, if attackers wants to get card details, they need not attack the business or Twilio (because it might redact these when they see <Pay>, but they can simply access logs of the middlemen for DTMFs. Concatenate all those per call, and there we should have all card numbers, expiry dates and CVC/4DBC.
Not sure how Twilio is doing it though. Unless they use some awesome encryption method to encrypt all these numbers so no one in middle can see them.