How does masking work in each environment?
PC or PI (PCI), FG pod
- Masking is turned on by default in the PC or PI (PCI) and FG pods using the F5 Load Balancers (the "Application Scanning Modules" or "Web Application Firewalls") in the F5(s) .
- Credit Card (CC) and Social Security Number (SSN) masking is interface specific.
- It will scan everything (subject, body, also including custom fields).
- This masks the data only when displayed and uses ***** to mask the data.
In addition to the default masking done at the F5 level on these pods, beginning in the November 2013 and newer releases, you can enable the Incident Thread Masking feature to automatically mask incident thread content that matches common patterns, such as credit card, social security, and telephone numbers. This is available on all pods. Answer ID 6316 - Enable Incident Thread masking feature.
If the F5 or the Incident Thread Masking product feature is enabled, it will be masked but potentially in a different way depending on which is on. If they are both on, the Incident Thread Masking feature would take precedence because it masks the data when stored. If neither is on it will not be masked. If you have Incident Thread Masking enabled, the F5 will not mask it because it will already be masked, and not match any of the masking patterns.
With the Incident Thread Masking feature enabled, it masks data as it comes in and the result is stored in the database (i.e. you will see XXX-XXX-XXXX).
With F5 masking turned on, data remains unmasked in the database, but masked when displayed on the Customer Portal (end-user pages) or in the Oracle B2C Service administration console (i.e. looks like ****-******).
- CC and SSN masking are configured separately.
- When enabled in Chat, the mask will affect both the client and agent. The actual digits for the CC and SSN are visible to the sender and not passed through the chat. (Receiver will see the masked number ex. xxx-xx-xxxx or xxxx-xxxx-xxxx-xxxx)
- At the point of completion the chat is added to the incident record and the CC and SSN are masked permanently.
For more information, refer to the following resources:
- Answer ID 5622: Credit Card and Social Security Number Masking in the PC (PCI) or FG Pod
- Answer ID 5623: PCI (PC Pod) Frequently Asked Questions
- Answer ID 6316: Enable Incident Thread masking feature
Additional information is available in the 'Masking information in incident threads' section in online documentation for the version your site is running. To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.