Welcome to Vodafone Community
As a new business customer we have plugged our router in and are up and running but as we take card payments and handle customer information we must by PCI DSS compliant. Having run a search we are not compliant due to Port 8088 being open. Vodafone say this is to use their app but it presents a security risk that does not comply with PCI. We must close this port to use the Vodafone Router. Can anyone help because Vodafone Technical Support can't and this security fault in their router will impact on every business customer that takes card payments?
Unfortunately I've not made any progress with them. The issue is that Port 8088 is open for your App. Unfortunately this fails a PCI DSS scan because: SSL Certificate with Wrong Hostname & TLS Version 1.0 Protocol Detection. The issue with the certificate is that you are using *.mynet.vodafone.it and not a *.vodafonexdsl.co.uk which is what ends my StaticIP and you have to use TLS 1.1 or above to pass PCI DSS as of June 2016.
I have asked if you can help close this port as I don't need to use the App and have been told to 'Google' it! Sorry but even Google can't help with this and Tech Support are unable to tell me how to because 'they can't'.
I also asked if there is a way to make the router, modem only and have been told no.
I have also asked if I can get a 3rd party VDSL modem and have been told no because Vodafone won't give me my username and password to get on to your network.
Can you think of any other solutions or are all Business Customers stuck unable to use Vodafone to take payments from their customers?
Thanks @Becca_P I'm not sure why this is account specific, I have a standard account with a standard router. I was hoping there could be a Vodafone directed, public solution given the wide reaching impact this could have on other business customers and their PCI DSS compliance whilst using Vodafone as their ISP.
I too would like this port closed please.
I find it unacceptable that you provide unreliable equipment with random ports opened that I do not want and then completely disallow the customer from fixing the issues you have created by allowing them to use their own hardware!.
Hi. Did you manage to get this resolved? I'm just going through PCI testing and have hit the same issue.