Data masking

Data masking is a set of actions that protect sensitive personal information in chat messages, such as:

  • credit-card numbers

  • social-security numbers

  • email addresses

Data masking prevents this sensitive information from being stored in historic and realtime transcripts and from being displayed in the user interface of other chat participants.

Data masking hides sensitive customer data that the system recognizes as Personal Identifiable Information (PII):

  • from the agent’s view, in Agent Desktop

  • in each historical engagement transcript, stored in Portal

Data masking must be configured separately for each project.

There are three methods of data masking:

  • Marker-based masking: When a customer enters sensitive information through a form, the sensitive form fields are known and handled accordingly. The form implementation wraps values of sensitive fields into special markers recognized by the backend. The backend masks the wrapped values before sending them to storage.

  • Pattern-based masking: regular expression patterns can be configured to specify parts of messages to mask. For example:

    • masking combinations of 14-16 digits with possible separators, because that is the credit card format

    • masking a combination of 4 digits if the word PIN is present in the last messages

    • Pattern-based masking is not foolproof, because the customer may send sensitive information in a format not anticipated during configuration. Therefore, agents should always use secure forms, which support marker-based masking, to request sensitive information from users. Pattern-based masking supplements marker-based masking, and it is intended for cases when user sends sensitive information without being asked.

  • Manual masking: Message parts that are masked from storage but visible to the agent are displayed in a gray font in Agent Interface. If an agent notices inappropriate content for long-term storage that was not masked automatically but that should be masked, then the agent can manually select this information and use the Mask as Personal Information context menu command to remove this fragment from storage.