Skip Navigation
PC or PI (PCI) FG Masking: Incident vs Chat
Answer ID 6541   |   Last Review Date 09/01/2021

How does masking work in each environment?


PC or PI (PCI), FG pod



  • Masking is turned on by default in the PC or PI (PCI) and FG pods using the F5 Load Balancers (the "Application Scanning Modules" or "Web Application Firewalls" in the F5s . The request can be made to turn it on or off.
  • Credit Card (CC) and Social Security Number (SSN) masking are configured separately.
  • It will scan everything (subject, body, also including custom fields).
  • CC and SSN masking is interface specific.

    In the November 2013 and newer releases, you can enable the Incident Thread Masking feature to automatically mask incident thread content that matches common patterns, such as credit card, social security, and telephone numbers. Answer ID 6316 - Enable Incident Thread masking feature

    If the F5 or the Incident Thread Masking product feature is enabled, it will be masked but potentially in a different way depending on which is on.  If they are both on, the Incident Thread Masking feature would take precedence because it masks the data when stored.
    If neither is on it will not be masked.

    With the Incident Thread Masking feature enabled, it masks data as it comes in and the result is stored in the database (i.e. you will see XXX-XXX-XXXX).

    With F5 masking turned on, data remains unmasked in the database, but masked when displayed on the Customer Portal (end-user pages) or in the Oracle B2C Service administration console (i.e. looks like ****-******).  If you have Incident Thread Masking enabled, the F5 will not mask it because it will already be masked, and not match any of the masking patterns.


  • CC and SSN masking are configured separately.
  • When enabled in Chat, the mask will affect both the client and agent. The actual digits for the CC and SSN are visible to the sender and not passed through the chat. (Receiver will see the masked number ex. xxx-xx-xxxx or xxxx-xxxx-xxxx-xxxx)
  • At the point of completion the chat is added to the incident record and the CC and SSN are masked permanently.

For more information, refer to the following resources:

Additional information is available in the 'Masking information in incident threads' section in online documentation for the version your site is running.  To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.


Technical Support Engineers should be following the process outlined in PMT 1136.  This policy applies for all masking exceptions on all sites, including test sites regardless of production site status.

***INTERNAL REFERENCE ONLY!*** Information in the Section above is not available to customers. Do not send content to customers.