Search for existing answers to your product and support questions.
Familiarize yourself with our support site and learn best practices in working with our team.
Manage Service Requests, View and update service requests submitted by you and others in your organization.
Submit a new issue to our technical support team.
Oracle B2C Service insights from our Technical Support team subject matter experts
Browse resources to assist you in launching your implementation and ensure a successful go-live.
Access your OCI account.
Find product documentation for supported versions of B2C and documentation libraries for related service solutions.
You will have the tools to improve your customers' experience when you learn about all the things our products can do.
Find links for API documentation, Custom Processes, Customer Portal, and Agent Browser UI Extensibility Framework.
Explore how accelerators are designed to demonstrate how an integration scenario could be built using the public integration and extension capabilities of the Oracle B2C Service.
Prepare for a successful transition by reviewing upcoming release changes and enhancements.
Explore webinars, events, and feature kits to learn about B2C Service features, functionality, and best practices from the technical experts.
Oracle MyLearn offers a portfolio of free and paid subscription-based learning resources to help you gain valuable skills, accelerate cloud adoption, increase productivity, and transform your business.
Empower your team with the skills to implement, configure, manage, and use your applications with Customer Experience Cloud Training.
Our goal is to facilitate a friendly, supportive environment where members can easily collaborate with each other on solutions and best practices.
Ask and answer questions specific to B2C.
This is an exciting resource intended to help with your Oracle Service Cloud Analytics.
Share product improvement ideas and enhancement requests with Oracle Development, while collaborating with other Oracle customers and partners.
Update your phone number, email notification preferences, and severity 1 and severity 2 contact preferences.
View the contact managers within your organization.
Find contact information of the Technical Account Manager (TAM) and Client Success Manager (CSM) for your organization.
Environment:
PCI pods (Includes US Federal Government pods)
Resolution:
Below are just a few considerations for implementing an Oracle B2C Service site within a PCI pod. See the Guidance documentation (link below) for more information.
1. What level of certification are the Payment Card Industry (PCI) environments?
Oracle B2C Service is certified as a Payment Card Industry Data Security Standard (PCI DSS) Service Provider Level I, which is the highest level available/possible.
2. Will our customers' credit card information be masked and/or encrypted?
By default, any Personal Account Numbers (PANs) captured will be masked on the user interface when accessing the site via the Agent Desktop Console or Browser User interface. Example: ****-****-****-**** or ***-**-**** Any PAN captured intentionally must be stored in an encrypted custom attribute and appropriate profile established for those users that are permitted to see PAN. Documentation on how to setup these types of fields can be found here: https://docs.oracle.com/en/cloud/saas/b2c-service/famug/t-Add-a-field-to-a-custom-object-bf1194075.html All accidentally provided PAN must be removed from your site. There are several features available to assist in preventing the capture: Incident Thread Masking – automatically and permanently truncate personal account number (PAN) when stored if entered into Incident Thread field. Chat Inlays Masking – automatically and permanently truncate personal account number (PAN) when entered into a Chat Message prior to being sent from the end-user’s window. Chat Masking using Enhanced Business Rules – automatically and permanently truncate personal account number (PAN) when stored if entered into Chat Question or Message field.
By default, any Personal Account Numbers (PANs) captured will be masked on the user interface when accessing the site via the Agent Desktop Console or Browser User interface.
Example: ****-****-****-**** or ***-**-****
Any PAN captured intentionally must be stored in an encrypted custom attribute and appropriate profile established for those users that are permitted to see PAN. Documentation on how to setup these types of fields can be found here: https://docs.oracle.com/en/cloud/saas/b2c-service/famug/t-Add-a-field-to-a-custom-object-bf1194075.html
All accidentally provided PAN must be removed from your site. There are several features available to assist in preventing the capture:
3. Can we still use our custom domain in the PCI environment?
Yes, however, an SSL certificate from a vendor (DigiCert is recommended) and SSL support will need to be purchased. It is recommended to reach out to your Sales Account Executive for purchasing information. Another option would be to use a custhelp.com domain that we provide you.
Yes, however, an SSL certificate from a vendor (DigiCert is recommended) and SSL support will need to be purchased. It is recommended to reach out to your Sales Account Executive for purchasing information.
Another option would be to use a custhelp.com domain that we provide you.
4. How do we obtain vulnerability scans and/or penetration tests of your site?
Customers sometimes request to perform their own vulnerability scans or penetration tests on their PCI site(s). Oracle B2C Service does not permit this under any circumstances for routine audits. We will provide third-party scan and audit reports to current PCI customers, under an NDA. Speak to your Sales Account Manager for additional information.
5. Is HTTP supported in the PCI environment?
All sites in the PCI Pods must use HTTPS. We do not support HTTP traffic to these environments. Any work-around solution will require an Oracle Consulting Services engagement, to securely transport the data.
6. What will happen to my customizations?
Site customizations in the PCI environment must be reviewed prior to being moved into your production site. They are reviewed during this pre-screening process as well as during the regular security audit process. Customizations are assessed by your Technical Account Manager (TAM). The outcome of these reviews results in one of the following: an approval to move forward, or assistance by TAM with the technical team to adjust accordingly, or a recommendation to work with Oracle Consulting or an external Partner/resource to ensure the customizations won’t compromise your data security.
Site customizations in the PCI environment must be reviewed prior to being moved into your production site. They are reviewed during this pre-screening process as well as during the regular security audit process. Customizations are assessed by your Technical Account Manager (TAM). The outcome of these reviews results in one of the following:
7. What protocols are supported for secure channel pop email?
- SSL/TLS for transmission of web inquiries and chat conversations - S/MIME for end-to-end secure delivery of email - Opportunistic TLS on our SMTP gateways - We do not support pop3s for email retrieval
- SSL/TLS for transmission of web inquiries and chat conversations
- S/MIME for end-to-end secure delivery of email
- Opportunistic TLS on our SMTP gateways
- We do not support pop3s for email retrieval
For additional information, please see the PCI DSS Responsibility Matrix.
For more information on implementing in a regulated environment such as PCI or HIPAA, please see Answer ID 9570: Guidance for Implementing in PCI or HIPAA Service Cloud Environment for specific deployment considerations.
If additional information is needed, please speak to your Sales Account Manager.