Skip Navigation
Expand
Collapse
Submit a Service Request
Contact Information for Technical Support

My Service Notifications
Encrypting Data in the Database
Answer ID 12667   |   Last Review Date 07/21/2023

How can I encrypt data in the database?

Environment:

PCI pods (Includes US Federal Government pods)

Resolution:

If you need to limit viewing sensitive data to those that ‘need-to-know’ you should utilize a custom attribute and set it up to encrypt the data when stored. This feature allows you to mask the data in the Agent Desktop for all but those that are given permission to decrypt/unlock the field, and store the data encrypted in your Oracle B2C Service database. While this feature meets Payment Card Industry standards, it can be used for other sensitive data you wish to store.

This feature enables you to add a custom field to one of your custom objects or to either the Incident or Contact objects.  Once setup, it is available for Agents to enter data when using the Agent Browser User Interface. If given permissions via a Profile, an Agent can view/decrypt the data from the Agent Browser User Interface. Additionally, every addition and decryption are recorded for audit purposes and viewable through Audit Logs.

These types of attributes are available to be placed onto a workspace through the Workspace Designer. However, there are several limitations on usage due to expected behavior related to sensitive data. 

  • There are no public APIs for capturing or decrypting encrypted custom attributes.
  • Archived Incidents will not store or retrieve these types of custom attributes.
  • Business Rules cannot be applied to encrypted custom attributes.
  • Creating an index against one of these attributes is not possible.
  • Encrypted custom attributes cannot be used in an Analytics report.

A few final words on data management of these attributes. If you find a need to rotate the master key, a Service Request can be created at Ask Technical Support so the team can generate. To prevent the overpopulation of the transaction tables with the new ‘decrypt’ transactions, the Data Life Cycle Manager supports purging of these transactions based on age.

The Overview of Custom Attribute Encryption in the Administering the Agent Browser User Interface documentation provides more details as well as pointers on using the features.

Was this answer helpful?

Still have questions?

Notify Me
Forgot your username or password?
The page will refresh upon submission. Any pending input will be lost.