How does credit card number and social security number masking work in the PI or FG pod?
PCI/DSS, PI pod, FG pod, masking
Oracle B2C Service
Masking Primary Account Numbers (PANs) is a feature for sites in the PI or FG pod, i.e. credit card and social security numbers.
By default, PANs will be masked when accessing the site via the Agent Desktop or Web interface. These numbers are only masked on the display and not at the data level.
Example: ****-****-****-**** or ***-**-****
Additional helpful masking information:
-Credit card and SSN masking is enabled by default but if you only want one or the other you can submit a Service Request and let us know the type of adjustment you are requesting.
- If your site uses a certain pattern of numbers which should not be masked, we can potentially add that to an exception rule with a request from you with the specific number pattern.
-It will scan everything (subject, body, including custom fields).
-Since forwarding incidents, results in sending emails outside the Oracle B2C Service application, it is not recommended to forward incidents outside of your organization. Credit card and SSN numbers will not be masked outside of B2C. Therefore, if an agent replies to an incident with a credit card number or SSN, while it will appear masked on the agents end, the customer would see that information in the email received.
-There are two types of masking: in the admin console, or on enduser page (for a
- The pods use Luhn algorithm (checksum formula) to determine whether or not the
number is a CC or SSN. Random numbers will NOT be masked.
-Credit card and SSN masking is interface specific for incidents and site wide for chat.
For more information on implementing in a regulated environment such as PCI or HIPAA, please see Answer ID 9570: Guidance for Implementing in PCI or HIPAA Service Cloud Environment for specific deployment considerations.
See also Answer ID 7856: Social Security Number not getting masked in chat transcript for more information on masked formats.