PCI masking: a feature dive

Sometimes, customers get ahead of themselves and share personal information in a live chat session. A common one is card numbers. But this can present problems.

You need to keep their data safe — and displaying it in your chat sessions doesn’t help that. What does help, is WhosOn’s handy PCI masking feature.

Here, we dive into the specifics of this data-protecting feature.


What is PCI masking?

PCI is shorthand for PCI DSS, which in turn stands for ‘payment card industry data security standard’. Any personally identifiable information associated with cardholders is PCI data. It includes account numbers, card numbers and expiration dates.

PCI masking is a security feature that hides this information if a customer tries to provide it via chat. So, for instance, it masks any card numbers sent via a WhosOn chat session, before the agent sees the message.

WhosOn can automatically censor PCI data. In the process, it can trigger a warning message to alert the customer and agent that it has detected sensitive data. It can also proceed to mask the sensitive chat data stored in your databases and chat transcripts.

So, not only is the sensitive data masked in the first instance of the chat window, but also more comprehensively across your logs and database entries.

Plus, a chat transfer won’t compromise PCI data. If an agent needs to transfer the chat, WhosOn can start a new chat instead, or mask individual lines of the chat to keep sensitive data safe.


How does it work?

PCI masking works by using rules to detect payment card number patterns. You set these rules in the WhosOn settings portal by building conditions. 

Once set, WhosOn will then scan each message the chatting customer sends for card numbers.

The rules you set also allow you to determine how you want WhosOn to respond when it detects the patterns you’ve specified.

For example, you can specify different messages for agents and visitors in response to sensitive data detection. (For example, an agent might see an explanation of why text is masked, while the visitor might see an advisory or reassurance message.)

You can also tune options such as how text is masked (e.g. via ###,) and choose whether to automatically close chat sessions in response to shared PCI data.


Why is it useful?

PCI masking helps you comply with strict PCI security standards. In other words, it helps you maintain high security standards that protect you and your customers.

Cybersecurity is an ongoing concern, with hefty consequences for data breaches. As such, any measure to protect personal data is worth using. With such an emphasis on data and security in the media, it’s in the forefront of your customer’s minds too.

As a result, PCI masking doesn’t just benefit your data security team. It can help you build and maintain customer trust. With it, a momentary lapse in judgement on the customer’s part doesn’t cost them their sensitive information. They’ll notice your effort to keep their information safe and feel more comfortable dealing with you further.


PCI masking

Great live chat software does more than connects agents and customers. It helps keep them safe while they chat, too.

PCI masking is just one of the great features WhosOn has to offer. So, why not try it out — and explore further — with a 30-day free trial?


Useful links

A quick note re live chat transcript etiquette

Small but mighty: the power of brand advocacy

WhosOn free trial