Architecture of PCI Compliance

Updated 

1 year ago

Encryption of secure forms enhances security by safeguarding sensitive customer data during online interactions. This critical security measure ensures compliance with PCI standards, providing robust protection for customer information.

Sprinklr Encryption of Secure Forms

  1. Data is first encrypted using 2048 bit RSA public key within the chat widget before being transmitted to Sprinklr PCI backend via TLS 1.2 using one-time data submit token.

  2. When an agent views the form, the filled form is fetched from Sprinklr’s PCI environment using a short time-based view token and shown to the agent.

  3. Transmission of data occurs through secure API calls using TLS 1.2. No data within the message is ever stored in Sprinklr.

  4. Sensitive data collected can only be temporarily accessed within the platform.

  5. An unfilled form has an automatic expiration for customers outside the valid submission window.

  6. By default, PCI data stays in the segmented PCI environment for 60 minutes. The expiration time can be changed upon request.

  7. Agents can view data as many times as needed until data expires

  8. Sensitive information is masked by default in the platform.

Client Encryption of Secure Forms

Before you begin

Create a Secure Form with External Callback.

Here's an overview of the data flow in a client-side encrypted PCI compliance setup:

  1. Customer connects with the helpcenter Live Chat on a web browser.

  2. The customer's request is transmitted to Sprinklr.

  3. Sprinklr assigns the case to an Agent or the case is with Conversational AI.

  4. On the Sprinklr Care Console, the Agent or Conversational AI sends a secure form to the customer to capture sensitive details.

  5. The customer receives the secure form and enters sensitive data.

  6. Once the customer submits the secure form, the data received is transferred to the brand's web browser via Live Chat UI widget.

  7. The brand encrypts the data using their custom encryption logic and sends back the encrypted tokens and unencrypted values.

  8. The encrypted tokens and values are submitted to the Sprinklr PCI Environment (CDE) and stored in the Redis cache.

  9. The CDE sends a token for the PCI-sensitive data stored in CDE to the browser (secure form).

  10. The Live Chat widget sends the token to the Sprinklr backend database, and Sprinklr stores the token.

  11. Agents can view the data as needed until it expires. Sensitive information is masked by default on the platform.

Note: Sprinklr will not be able to decrypt any client-side encryption.

SDK Information

To implement secure form encryption, use this SDK information.

Was this article helpful?

Related Articles

Loading...