Skip to main content
  • English
  • Hindi
  • العربية
  • 繁體中文
  • Dansk
  • Čeština
  • Nederlands
  • Suomi
  • עִברִית
  • Français
  • Deutsch
  • Italiano
  • 日本語
  • 简体中文
  • 한국어
  • Norsk
  • Polski
  • Portugues
  • Español
  • Svenska
  • ภาษาไทย
  • Türkçe
  • українська
About the Resource Center

FAQs: Sensitive data masking

Can I use a recording policy to delete recordings that contain sensitive data?

No, for compliance reasons Genesys does not have a recording policy that deletes recordings with sensitive data.

You can build a custom solution using the Content Search APIs to find interactions that contain sensitive data, and invoke the Purge APIs to delete the recordings.

How do I enable Automated Sensitive Data Masking?

As an administrator, enable Automated Sensitive Data Masking as follows:

  1. Click Admin.
  2. Under Account Settings, click Organization Settings.
  3. Click the Settings.
  4. Under Security & Compliance, turn on the Sensitive Data Redaction for Payment Cards, or turn the Sensitive Data Redaction for Personal Information toggle switch to on or off:
    • ON — Enables automatic redaction of sensitive customer information in recordings and voice transcripts.
    • OFF — Disables automatic redaction of sensitive customer information in recordings and voice transcripts.

For more information, see Enable automatic redaction of sensitive information.

What permissions control access to sensitive data?

If you have the Recording > Recording > ViewSensitiveData permission, you can access recordings and voice transcripts that do not include masking. An administrator must explicitly grant this permission.

Note: Roles that have the Recording > Recording > All permission also have the Recording > Recording > ViewSensitiveData permission.

 

 

 

Which entities are masked?

Under PCI (Payment Card Industry) data, Genesys Cloud masks the following entities:

  • Credit card and debit card numbers [card number]
  • Card expiration date [card expiry date]
  • Card Verification Value (CVV) or Card Identification (CID) number, a three-digit or four-digit number printed on the front or back of the card [card number]
  • Person name [card number]

Under PII (Personally Identifiable Information) data, Genesys Cloud masks the following entities:

  • User information such as usernames [user info]
  • Phone number [phone]
  • Email address [email]
  • Person name [name]
  • Zip or postal code [postal code]
  • Passwords [user info]
  • Locations [location]
  • National Identification Number [national id]
  • Other PII such as license plate number and bank account number [personal info]
Note:
  • Person name is classified as PCI if it appears in proximity to a credit card. Otherwise, it is considered as PII.
  • Locations encompass countries, cities, and addresses.
  • The coverage for National Identification Number includes only the following countries:
    • Australia
    • Canada
    • UK
    • US

Currently, you can turn on/off PCI and PII data masking using the following two toggles, but you cannot select which individual entities to mask:

  • Sensitive Data Masking for Payment Cards
  • Sensitive Data Masking for Personal Information

Is Automated Sensitive Data Masking and PCI DSS compliant?

No, Automated Sensitive Data Masking feature is not PCI DSS compliant. Automated Sensitive Data Masking is a safety measure when agents forget to use Secure Pause.

Genesys recommends that you use Secure Pause or Secure Call Flows as the first line of defense. Only Secure Pause and Secure Call Flows are valid by an external Qualified Security Assessor as Level 1 PCI DSS compliant.

For more information about PCI DSS compliance, see PCI DSS compliance.

Can I enable Automated Sensitive Data Masking for a queue or a division?

No, you currently cannot configure the Automated Sensitive Data Masking for a queue or a division. Configure this feature as on or off for the entire organization.

Which media types are supported for Automated Sensitive Data Masking?

Currently, Automated Sensitive Data Masking only supports voice interactions.

What technology is used to perform masking sensitive data and what languages are supported?

NER (Named Entity Recognition) detects entities in the transcript that contain sensitive information. NER systems use machine learning and statistical techniques to automatically analyze and tag named entities. They are trained on large, annotated datasets where human annotators manually label named entities in text. In addition to NER, Genesys Cloud also looks at the context of surrounding words and phrases to flag sensitive information; for example, when the user says, ‘My account number is xxx’ or ‘My password is xxx.’

For more information about language support, see: Genesys Cloud supported languages

For information about masking sensitive data, see: FAQs: Sensitive data masking

Can I search for interactions that contain sensitive data?

Yes, you can use Content Search to search for interactions that contain either PCI data, PII data, or both. Find the following filters in the Content Search View:

  • Contains PCI Data (Yes/No)
  • Contains PII Data (Yes/No)

Can I bulk download masked recordings?

No, Genesys does not support bulk download of masked recordings that contain sensitive data with Batch APIs and S3 Bulk Export Integration. If you do not have the Recording > Recording > ViewSensitiveData permission, then Genesys Cloud excludes recordings with sensitive data from the export.

You can download a single masked recording with Genesys Recording APIs.