We are a small company and we just started using Genesys Cloud Web Messaging. Our security officer is worried that customers will start sending us their social security numbers or passwords in the chat window. We do not have a big budget for a complex DLP system. Is there a simple way to use a Data Action or a middleware to scan the incoming messages and mask any sensitive data before it reaches our agents?
Hello Fat59! I manage our gamification programs but I worked on our security setup last year. You can definitely use a Data Action for this! You can point a Data Action at a simple AWS Lambda function that uses a regex to find sensitive patterns. Then, in your Architect flow for the messaging inbound, you pass the message body to that Data Action. If it finds a match, it returns a masked version of the text that you then use for the rest of the interaction. It is very cost-effective!
I build flows for many clients and I have to warn you about the latency. If you run every single message through a Data Action, you will add a few hundred milliseconds of delay to every customer response. This can make the chat feel very slow. Also, remember that the original message is still stored in the interaction history. If you want to be fully compliant, you also have to use the Recording API to redact the transcript after the call is finished. The Data Action only protects the agent in real time, it does not clean up the database.