transcript-cleanup-mask
Section: settings
Default Value: An asterisk (*)
Valid Values: Any character
Changes Take Effect: Immediately
Modified: 8.5.103
Specifies the character that replaces sensitive data. If more than one character is specified, the first one is used.
In release 8.5.103, this option was renamed default-rep-char and moved to the [transcript-cleanup] section.
default-repchar
Section: transcript-cleanup
Default Value: *
Valid Values: Any character
Changes Take Effect: Immediately
Modified: 8.5.301.06
Specifies the character used to replace sensitive data. If multiple characters are specified, then the first one is used.
Note: This option replaces the "transcript-cleanup-mask" option in the [settings] section, used in previous releases.
transcript-cleanup-typing
Section: settings
Default Value: none
Valid Values: any, message, none, notice
Changes Take Effect: Immediately
Discontinued: 8.5.103 (replaced by typing-preview in the transcript-cleanup section)
Enables/disables masking out sensitive data in typing notifications only (by replacing all digits with the character specified by "transcript-cleanup-mask"). Possible values:
- any: mask out sensitive data both in message part and notice part of notification.
- message: mask out sensitive data only in message part of notification.
- none: disable this functionality.
- notice: mask out sensitive data only in notice part of notification.
In release 8.5.103, this option was renamed typing-preview and moved to the [transcript-cleanup] section.
typing-preview
Section: transcript-cleanup
Default Value: none
Valid Values: any, message, none, notice
Changes Take Effect: Immediately
Enables or disables masking sensitive data only in typing notifications by replacing all digits with characters defined by "default-repchar". Possible values:
- any: masks sensitive data in both the message and notice part of a notification.
- message: masks sensitive data in only the message part of a notification.
- none: disables this functionality.
- notice: masks sensitive data in only the notice part of a notification.
Note: This option replaces the "transcript-cleanup-typing" option in the [settings] section, used in previous releases.
apply-config
Section: transcript-cleanup
Default Value: mix
Valid Values: cfg, mix, ucs
Changes Take Effect: Immediately
Specifies the configuration source which Chat Server reads to mask sensitive data. Possible values:
- cfg: uses Chat Server hardcoded rules.
- mix: tries to use the PII configuration from UCS. If it is not specified for a given chat session, uses Chat Server hardcoded rules.
- ucs: uses the PII configuration from UCS. If it is not specified for the given chat session then do not process session messages.
unmask-live-dialog
Section: transcript-cleanup
Default Value: none
Valid Values: none, agents, all, both
Changes Take Effect: Immediately
Modified: 8.5.314.02
Allows unmasking sensitive data in messages from a customer and from an agent. Unmasking applies only if an active agent (one that is visible to the customer) is present in the session. Coaching and monitoring agents will not see unmasked data. For active agents, only the data sent after the agent joined the session is unmasked.
- none: disables this functionality.
- agents: sensitive data only in customer messages is unmasked only for agents.
- all: sensitive data only in customer messages is unmasked for agents and for the customer.
- both: sensitive data both in customer and agent messages are unmasked for agents and for the customer.
apply-area
Section: transcript-cleanup
Default Value: never
Valid Values: always, history-all, history-final, never
Changes Take Effect: Immediately
Modified: 8.5.301.06
Allows you to enable or disable the masking of sensitive data in chat session messages. Possible values:
- always: masks sensitive data both in real-time and in the transcript (intermediate and final) written to UCS.
- history-all: masks sensitive data in the transcript (intermediate and final) written to UCS. Note: after session restoration in the case of a Chat Server failover, real-time PII data is masked out.
- history-final: masks sensitive data in the transcript (final only) written to UCS.
- never: disables the masking functionality.
Note: This option replaces the "transcript-cleanup-apply" option in the [settings] section, used in previous releases.
apply-config
Section: transcript-cleanup
Default Value: mix
Valid Values: cfg, mix, ucs
Changes Take Effect: Immediately
Specifies the configuration source which Chat Server reads to mask sensitive data. Possible values:
- cfg: uses Chat Server hardcoded rules.
- mix: tries to use the PII configuration from UCS. If it is not specified for a given chat session, uses Chat Server hardcoded rules.
- ucs: uses the PII configuration from UCS. If it is not specified for the given chat session then do not process session messages.
apply-area
Section: transcript-cleanup
Default Value: never
Valid Values: always, history-all, history-final, never
Changes Take Effect: Immediately
Modified: 8.5.301.06
Allows you to enable or disable the masking of sensitive data in chat session messages. Possible values:
- always: masks sensitive data both in real-time and in the transcript (intermediate and final) written to UCS.
- history-all: masks sensitive data in the transcript (intermediate and final) written to UCS. Note: after session restoration in the case of a Chat Server failover, real-time PII data is masked out.
- history-final: masks sensitive data in the transcript (final only) written to UCS.
- never: disables the masking functionality.
Note: This option replaces the "transcript-cleanup-apply" option in the [settings] section, used in previous releases.
default-spec
Section: transcript-cleanup
Default Value: replace-digits
Valid Values: none, replace-all, replace-digits
Changes Take Effect: Immediately
Modified: 8.5.301.06
Specifies how sensitive data is masked. Possible values:
- none: while no data is masked, Chat Server prints a notice in the log that sensitive data was found.
- replace-all: replaces all symbols in a substring that are matched by a regular expression.
- replace-digits: replaces only the digits in a substring that are matched by a regular expression.
- replace-digits-N: is used like replace-digits but leaves the last N number of digits untouched.
Note: This option replaces the "transcript-cleanup-action" option in the [settings] section, used in previous releases.
default-repchar
Section: transcript-cleanup
Default Value: *
Valid Values: Any character
Changes Take Effect: Immediately
Modified: 8.5.301.06
Specifies the character used to replace sensitive data. If multiple characters are specified, then the first one is used.
Note: This option replaces the "transcript-cleanup-mask" option in the [settings] section, used in previous releases.
apply-config
Section: transcript-cleanup
Default Value: mix
Valid Values: cfg, mix, ucs
Changes Take Effect: Immediately
Specifies the configuration source which Chat Server reads to mask sensitive data. Possible values:
- cfg: uses Chat Server hardcoded rules.
- mix: tries to use the PII configuration from UCS. If it is not specified for a given chat session, uses Chat Server hardcoded rules.
- ucs: uses the PII configuration from UCS. If it is not specified for the given chat session then do not process session messages.
Transcript
Section: log-filter-data
Default Value: hide
Valid Values: copy, skip, hide
Changes Take Effect: Immediately
Specifies log filtering type for attribute Transcript.
StructuredText
Section: log-filter-data
Default Value: hide
Valid Values: copy, skip, hide
Changes Take Effect: Immediately
Specifies log filtering type for attribute StructuredText.
message-log-print-size
Section: settings
Default Value: 0
Valid Values: Any integer from 0-7000
Changes Take Effect: Immediately
Specifies the number of characters from the whole client message that the log prints, starting from the beginning of the message.
Masking Sensitive Data
Chat Server logs and chat transcripts might contain sensitive data such as credit card numbers, phone numbers, Social Security numbers, and so on. You can omit this data from logs and mask it in transcripts.
Logs
To omit sensitive data from logs, you must configure both UCS and Chat Server, as follows:
- In the [settings] section, set message-log-print-size to 0. This means that logs do not show the messages sent between chat participants. Where a message occurs, the log shows [truncated from size=x], where x is the number of characters in the suppressed message.
- In the [log-filter-data] section,
- Set StructuredText to hide so that logs will omit the transcript that UCS sends to Chat Server.
- Set Transcript to hide so that logs will omit the transcript that Chat Server sends to UCS.
Chat Transcripts
Overview
Chat Server can mask sensitive data in messages during chat sessions and in saved transcripts by using a regular expression (regex) to find and substitute the data with a configurable replacement character. Regular expressions, specified for Chat Server, must use the same syntax and semantics as defined for Perl 5 (however, Privacy Manager imposes additional constrain by allowing only java.util.regex compatible expressions). When enabled this functionality will:
- Examine each chat message with an ordered set of regex rules. Use the apply-config option to configure the source/location of regex rules that will be applied. Note: all options are located in the transcript-cleanup section.
- Replace any part of the message that matches a regex rule with a replacement character specified by the configuration. The default is specified by the default-repchar option.
- When replacing symbols you can choose to replace all symbols or only digits. When replacing digits, you can also leave the last few digits unmasked —see the default-spec option.
This functionality can be applied for the messages of an ongoing chat session and/or a transcript saved in the contact history (UCS). This is specified by the apply-area option.
- Starting with release 8.5.103, Chat Server supports reading the regex rules from UCS. To do this,
- Set the apply-config option to mix or ucs.
- Use Privacy Manager, a plugin for Genesys Administrator Extension (GAX), to select and activate these rules.
- Prior to release 8.5.103, Chat Server used different options from the settings section for this functionality. Click here to view the previous description.
Deployment steps for Personally Identifiable Information (PII) cleanup
To deploy PII cleanup, set apply-area to always (or to a different value based on your needs; see table below) in Chat Server transcript-cleanup options and, if needed, adjust any other options in section [transcript-cleanup].
By default only hardcoded PII rules are used (as described in Default Rules if No Configuration is Provided). However, if you need to specify your own set of rules, you need to install Privacy Manager , a plugin for Genesys Administrator Extension (GAX), which brings a set of the same default PII rules into UCS, which you can then modify and extend with your own rules.
PII cleanup is applied for:
| Option apply-area value | Messages exchanged between a customer and an agent | Chat session transcript stored in UCS (contact history) |
|---|---|---|
| never | Unmasked | Unmasked |
| always | Masked | Masked |
| history-all or history-final | Unmasked | Masked |
Unmasking Data for Active Agents
Starting with release 8.5.106, Chat Server allows to unmask (i.e. suppress masking) for sensitive data in messages from a customer. It is controlled by the settings of the unmask-live-dialog configuration option. Unmasking is applicable only in the presence of active (visible to customer) agents. Coaching and monitoring agents will not see unmasked data. For active agents, only the data sent after the agent joined the session is unmasked.
Example
Consider the following scenario (assuming that the rule for masking credit cards is enabled):
- The customer initiates a chat session. Without waiting for an agent, the customer sends the credit card number in a message. The credit card number is masked out.
- An agent joins the session. This agent sees the chat session transcript from the very beginning where the credit card number is masked out in the message from the customer.
- The customer sends the credit card number again. Both, the agent and the customer, see it.
- A second agent joins the chat session for a conference conversation. The second agent sees the chat session transcript from the very beginning where the credit card number is masked out in all messages.
- The customer sends the credit card number again. Now both agents and the customer see it.
After this chat session is finished, the transcript, saved in the contact history (UCS), has all credit card numbers masked out.
Default Rules if No Configuration is Provided
If the apply-config option has a value of cfg or is set to mix and no UCS PII configuration has been provided for the given chat session, Chat Server uses the following default rules to find sensitive data:
| Order | Name | Regular Expression |
|---|---|---|
| 1. Credit card | GCTI_CreditCards | (?>^|(?<=[\s[:alpha:](),.:;?!"'`]))(?>4\d{3}|5[1-5]\d{2}|6011|622[1-9]|64[4-9]\d|65\d{2})[ -.]?\d{4}[ -.]?\d{4}[ -.]?\d{4}(?>$|(?=[\s[:alpha:](),.:;?!"'`])) |
| 2. Social Security number | GCTI_SSN | (?>^|(?<=[\s[:alpha:](),.:;?!"'`]))(?!000|666|9)\d{3}[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}(?>$|(?=[\s[:alpha:](),.:;?!"'`])) |
| 3. Phone number using the North American Numbering Plan | GCTI_PhoneNANPA | (?>^|(?<=[\s[:alpha:](),.:;?!"'`]))(?:\+?1[-. ]?)?(?:\(?[2-9][0-9]{2}\)?[-. ]?)?[2-9][0-9]{2}[-. ]?[0-9]{4}(?>$|(?=[\s[:alpha:](),.:;?!"'`])) |
Typing Preview
Typing preview allows an agent to see text that a customer types before the text is submitted to the chat session. You can have Chat Server mask all digits in the typing preview by setting the typing-preview (called transcript-cleanup-typing before release 8.5.103) option to a value other than none. Chat Server then replaces all digits in the typing preview with the character specified by default-repchar (called transcript-cleanup-mask before release 8.5.103).