Hello friends! I am working at a large BPO and we are super excited to be implementing a new payment validation flow using Data Actions! We are calling a third-party gateway and it is working perfectly.
One small thing I noticed is that when we look at the ‘Test’ execution results or the logs, the response from the gateway (which includes a partial authorization code) is visible in plain text. Since we are a 5000-agent shop, we have a lot of admins who can see these logs. Is there a way to mask these specific fields in the Data Action UI? We want to stay super compliant while keeping our workflow fast!
I am actually in the middle of a SOC2 audit right now and this makes me very nervous. You should never be able to see that data in the logs. Genesys Cloud does not have a native ‘masking’ toggle for Data Action test results.
If that data is hitting the platform, it is already a finding. We had to stop using the Test tool in production entirely because it logs everything to the browser console.
This is a massive security hole that needs to be addressed.
This is a nightmare to deal with. I spent all morning troubleshooting why our Chrome extension was not capturing the ‘Secure Pause’ event correctly, and now I have to worry about the backend logging credit card fragments too? If you are passing sensitive data through a Data Action, it is not just the UI you need to worry about. The data is stored in the interaction metadata for a short period.
You need to use a ‘Secure Flow’ in Architect and ensure that the ‘Secure Data’ toggle is enabled, but even then, the Data Action logs are a liability.