During SOC2 review we identified potential PCI-DSS violations in call metadata. We are running Genesys Cloud version 23.10.0 on AWS US-East-1. The API endpoint /api/v2/routing/targets allows custom parameters during the routing decision process. Audit logs show customer identifiers passed within the JSON payload. These fields must be masked before storage per compliance policy. Does Predictive Routing log these custom parameters to the execution history? We require confirmation that PII is scrubbed automatically or via a Data Action.
The Performance dashboard shows interaction duration but does not break down latency caused by external API calls for predictive routing. Business units require specific SLA reporting based on these delays. We cannot correlate call center operations with technical routing times currently.
This gap prevents accurate capacity planning reports from being generated for executive review.
In CIC we used to assign agents to skills for routing logic. Now Predictive Routing uses targets and queues differently. The configuration feels less intuitive than the legacy interface.
Data Actions must be created manually before any routing can function. Here is a sample JSON payload for target definition:
{
“routingTargetId”: “sample-target-id”,
“name”: “compliance-check-target”
}
Implementing these security changes will delay the migration by at least three weeks. We planned to go live next month. Adding Data Action validation layers increases technical debt and testing scope.
Management needs a risk mitigation plan for this compliance blocker immediately. The timeline is not flexible for additional integration work.