Identifying and masking sensitive client-defined data, like credit card or phone numbers, involves replacing it with generic characters.
This irreversible process ensures permanent obscuration; for instance, masking 4-digit numbers changes "1593" to "****".
Utilizing Regex (Regular Expression) becomes imperative for tailoring the identification and concealment of specific patterns within the data.
The 2 types of data masking are:
1. Real-time masking: | 2. Data-at-rest masking: |
|---|
The method involves promptly identifying and masking sensitive consumer information before reaching the agent, ensuring prevention of agent access to such data. | The process of identifying and masking sensitive information from the consumer upon conversation/chat conclusion ensures post-conclusion inaccessibility, allowing the agent to review the original text. |
To configure either Real-time Masking or Data-at-Rest Masking, simply contact your dedicated LivePerson representative. They will handle the configuration process based on your specific needs, ensuring a secure setup for your sensitive data.
Real-time data masking is an essential security feature that ensures sensitive information is protected during chat and messaging interactions. This article will guide Customer Success Managers (CSMs) and project managers through the key aspects of real-time data masking for chat and messaging, highlighting what you need to know and how to implement it effectively.
Real-Time Masking
Real-Time Data Masking for Chat
Real-time data masking within chat windows is configured through a taglet, a small piece of functionality downloaded to the visitor’s browser. The specific taglet used for real-time masking is called “cleanCCPatterns,” which is designed to mask sensitive information such as credit card numbers as soon as they are entered.
Before you can use the taglet, ensure that the relevant Account Config feature is activated:
ℹ️ You can reach out to your LivePerson Account Manager to ensure the configuration settings are set.
- Log in to Houston: Access the platform.
- Navigate to the AC Features App: Scroll to the feature named “UnifiedWindow.Block_CC_Patterns.”
- Activate the Feature: If the feature is turned off, switch it on and click “UPDATE FEATURES.”
Once activated, this feature will automatically mask credit card numbers in real-time. When a visitor enters a credit card number and submits it, the text will be converted into stars (e.g., **** **** **** 1234), and a notice will inform the visitor that part of their input has been blocked.
It’s possible to combine real-time and at-rest masking within the same account, but caution is required to avoid conflicts. For instance, if a brand wants to mask credit cards in real-time and email addresses at rest, there is no overlap, and both masking types can function effectively. However, masking numbers of varying lengths in real-time and at rest could cause issues, as partially masked data might reach the agent, rendering it unreadable and inadequately protected.
To verify that the taglet is properly configured, use the following JavaScript command in the browser’s developer tools:
javascriptCopy codelpTag.taglets.lpUnifiedWindow.inspect().conf
Check for the parameter “supportBlockCCPattern” and ensure its value is set to “true.”
Real-Time Data Masking for Messaging
Web Messaging
Real-time data masking for web messaging is identical to chat masking, utilizing the same taglet and configuration process.
In-App Messaging
For in-app messaging, real-time data masking is configured within the app’s code. This configuration requires a new app version release by the brand whenever changes are made. Two types of masking are available:
- Client-Only Masking: The text is masked on the consumer’s device but sent unmasked to the server. This is useful for scenarios where the agent needs to see the unmasked data, but it should not remain visible to the consumer.
- Real-Time Masking: The text is masked before being sent to the server, ensuring that no one can read it. This is crucial for protecting highly sensitive information.
For more detailed configuration steps, refer to the public documentation specific to iOS and Android.
Real-Time Data Masking for External Messaging Channels (Agent Masking)
External messaging channels like SMS, WhatsApp, and others use the ‘Agent Masking’ feature, which performs real-time data masking on LivePerson’s servers. This feature adds an additional layer of security by masking both agent and consumer messages based on a specified regular expression.
Key Points
- Permission-Based Viewing: Only users with the ‘View masked data’ permission can see the unmasked text. Others will see the text replaced with asterisks.
- Permanent Masking: Once masked, the text remains masked in the historical transcript.
- Channel-Agnostic: This feature works across all channels and applies even if other real-time masking configurations are in place.
To set up this feature:
- Enable the ‘Messaging.AgentMasking’ AC Feature: Do this in Houston.
- Add the Regex: Enter the relevant regex in the ‘messaging.transcript.agent.masking.regexp’ site setting.
- Assign Permissions: Configure the ‘Agent’ and ‘Agent manager’ profiles with the ‘View masked data’ permission according to the brand’s requirements.
Testing and Considerations: It’s crucial to test all predefined content items before going live, as any string that matches the regex will be masked. Adjust the regex or content as necessary.
Data encryption at REST
LivePerson is committed to protecting its customers data and therefore we allow our customers to store their data in LivePerson storage in an encrypted format. The encryption handles different sensitive data types. Once enabled the sensitive data is stored in an encrypted format at rest within the LivePerson storage.
There are different data types that can be encrypted, and encryption is configurable per account.
It is possible to encrypt any of the following data types:
- Chat Transcripts
- Messaging Transcripts
- Agent Summary (for messaging)
- Unauthenticated engagement attributes for messaging and chat
- Authenticated engagement attributes for messaging and chat
Enabling encryption works differently for chat as it does for messaging. The encryption is based on a 192bit AES algorithm. Once encryption is enabled, you are assigned with a unique encryption key. Additionally, a unique random key is generated for each piece of sensitive data. The encryption mechanism uses these unique keys to encrypt the data and stores it in that format in LivePerson storage.
Encryption will work from the time it is enabled and going forward. There is no ability to run encryption retroactively. If encryption has been disabled after it was enabled, the following data will not be encrypted.
You must contact your LivePerson Account Manager to enable encryption.
⚠️ Note: Product Implications and Conflicts
Chat Transcripts encryption:- Hot Topics feature is not available
- Data Access API - this API exposes the transcripts and once the data is encrypted it is expected that the customer will provide LP with a PGP key that will allow LP to encrypt the transcripts with it. In case such key will not be provided and the transcripts are encrypted, Data Access API will mask the data in order to avoid storing it unencrypted.
- The following analytics reports will not be available once encryption is enabled:
- Predefined content
- Topics toolkit
- Deflection and Escalation Risk Predictor
For more information about the report see here.