Hard Masking of PII Content
Updated
Hard masking of PII (Personally Identifiable Information) content refers to a technique used to protect sensitive personal data by partially or completely obscuring specific information within a message. PII includes data elements such as names, addresses, social security numbers, phone numbers, and other identifiable information that can be used to identify or contact an individual.
When applying hard masking, the PII content is replaced with non-sensitive, randomized, or obfuscated values. This ensures that the original PII data is not accessible or identifiable, even if unauthorized individuals gain access to the database.
Data Masking like this has two broad logical steps -
Identifying PII data in the message - this is done using Regular Expression or Regex, i.e. whether a PII will be identified or not depends on the Regex chosen.
Once the PII is identified then the rule replaces the identified text with obfuscated value.
Both of this is configured in rule engine where you can define regex and add action to obfuscate the PII data
Steps to configure in Sprinklr Rule Engine -
Sensitive information can be masked by configuring an inbound or queue rule and adding the action to mask the matched terms with any symbol as desired. It is important to note that this is a one-way process, and the information cannot be restored.
Create an Inbound or Queue rule in the Rule Engine.
While configuring a rule condition in the Edit Condition pane, select Account from the Condition drop-down menu under Condition Applies to The properties of the Message and select the account(s) containing sensitive information.
While configuring a rule action in the Edit Action pane, select Search Pattern and take action from the Action drop-down menu under Actions to Change properties of Message and set its value as Yes.
In the associated Text field, enter the specific search regex pattern (i.e. a specific sequence of ASCII or unicode characters) of sensitive information.
Next, click Add Action and add the Mask matched terms action as XXXX. You can add the any symbol as desired.
When agent asks for credit/debit card details from customer, they can see the number in masked format.
The information is masked in Sprinklr database as well.
Examples of Masking Use Cases (Regex Used, Input & Output Values)
1. Credit Card Number Masking Scenario 1
Regex: (\d{4} \d{4} \d{4} \d{4})|(\d{16})
Mask With: XXXX XXXX XXXX XXXX
Input: 1234 1234 1234 1234 OR 1234123412341234
Output: XXXX XXXX XXXX XXXX
2. Credit Card Number Masking Scenario 2
Regex: (?<=\b\d{4}[-]\d{2})\d{2}[-]\d{4}[-](?=\d{4}\b)
Mask With: XX-XXXX-
Input: 1234-1234-1234-1234
Output: 1234-12XX-XXXX-1234
3. OTP Masking
Regex: ^[0-9]{6}$
Mask With: XXXXXX
Input: 123456
Output: XXXXXX
4. Social Security Number (SSN) Masking
Regex: (\b)(\d{3})([-]?)(\d{2})([-]?)(\d{4})(\b)
Mask With: XXX-XX-XXXX
Input: 123-12-1234
Output: XXX-XX-XXXX