Users sometimes enter sensitive information such as credit card numbers in tickets when they shouldn't. In addition to being visible to anybody with access to the ticket, the credit card number automatically gets stored in a database with the rest of the ticket.
You can use a feature called Automatic Redaction to redact, or remove digits from credit card numbers found in ticket comments or custom fields so that the numbers are no longer useful. The data is redacted when the ticket is created, and on future comments and internal notes, to prevent the full credit card number from being stored with Zendesk. This helps keep confidential information out of Zendesk. Redacting credit card numbers already in the system is not supported.
Related articles:
Credit card numbers are identified in incoming tickets and comments/internal notes by using the Luhn algorithm and by looking for the prefixes and lengths of common credit card types. The checks don't guarantee that all credit card numbers will be identified. They also don't guarantee that some numbers that aren't credit card numbers will be skipped. The system does check for phone number and URL patterns and skips them. For example, some international phone numbers may pass the Luhn check -- though if the numbers start with a +, they won't be redacted.
Numbers that appear to be valid credit card numbers are redacted by replacing some digits with a replacement character, leaving the first six digits and the last four digits intact. Example:
- String in incoming ticket: "I want a refund. My card number is 12 345123 451234 8."
- String stored in Zendesk: "I want a refund. My card number is 12345 1▇▇▇▇
▇2348."
In this example, the string of numbers shown above would not be redacted. To be redacted, the number you use must be in a valid credit card format.
Numbers are redacted if they're between 12 and 19 digits long. Most bank card numbers are within this range.
The original credit card number isn't simply masked in the UI but completely redacted from logs and database entries. It's kept in memory only long enough to check it. The only exceptions to this are MIME-encoded emails and custom ticket fields in suspended tickets, but these two exceptions will be removed in the near future.
A tag is automatically added to tickets with redacted credit card numbers. You can create a view to see all tickets with this tag in one place.
To start redacting credit card numbers
- In Admin Center, click Account in the sidebar, then select Security > More settings.
- On the Zendesk Support tab, select the Redact credit card numbers checkbox in the Redaction section.
- Click Save.
To list the tickets with redacted credit card numbers
- Create a view of tickets that contain the tag
'"system_credit_card_redaction."
For information about creating views, see Adding views.
19 comments
Dan Vega
I made a Minerva interactive step-by-step guide to help you walk through automatically redacting credit card numbers in Zendesk. Minerva is a guide that shows you where to click, and what to do next, so you can set this up on your own account. You can follow the link here for the step by step instructions:
https://www.minervaknows.com/howto/minervateam-zendesk-com-how-to-automatically-redact-credit-card-numbers-woslgsg568p7.html?utm_source=forums&utm_medium=dan&utm_campaign=zendesk
-2
Gregory Clapp
Interestingly, geolocation lat/lon coordinates sometimes look like credit card numbers to the redaction feature. I had to turn redaction off because it was blanking out part of my lat/lon coordinates in a custom field. Took me a while to figure out what was going on. Luckily it's not likely my users will be putting CC numbers in tickets or this could be a real problem.
1
Joseph Reppen
What about if a user puts in a Social Security number, is there any way to redact that?
5
Dane
Joseph Reppen,
Numbers are redacted if they're between 12 and 19 digits long. As it turns out, Social Security number is only 9 digits long. Therefore, it will not be part of the automatic redaction.
There's an option to manually redact it. Please refer to Redacting ticket content in the Zendesk Agent Workspace.
0
Myron
What about redacting credit card numbers from the recordings? Is there a way to automate redaction in a conversation?
1
Hello Strac
Hi Joseph Reppen,
Strac automatically detects and redacts sensitive information like SSN, DL, Passport, Identity Documents, Credit Card, Bank Numbers, and more. You can check it out here: https://www.strac.io/integrations/zendesk
1
Lisa Setford
Is there a way to stop the redaction for gift cards with the same amount of digits as credit cards in Web Chat and Emails?
1
Hello Strac
Hi @Lisa Setford,
Yes, with Strac redactor - you can redact claim codes, gift card codes, promo codes.
Please let us know if you’d like to try it out. Our website: https://strac.io
1
Lisa Setford
Thank you, will have a look to see if suitable for our needs.
1
Andrei Kamarouski
Hey guys, does it support Messaging tickets?
0
Audrey Ann Cipriano
Hi Andrei Kamarouski yes automatic redaction supports Messaging tickets too :)
0
Simon Blum
Hi,
When in the workflow does automatic redaction take place? ie will webhooks / events with ticket data contain unredacted information? Thanks
Simon
1
Noly Maron Unson
Hi Simon,
The data is redacted when the ticket is created, and on future comments and internal notes, to prevent the full credit card number from being stored with Zendesk. The events will not contain unredacted information.
Hope this helps.
0
Simon Blum
Thanks for the reply Noly Maron Unson
0
Mackenzie R.
We have automatic redaction enabled but it was my understanding that this is only for customer-submitted text. We had an automatic redaction on an internal comment today because the account number we linked was too long. How can we ensure that does not happen automatically?
0
Mackenzie R.
Francis Casino I do not have "Redaction" or "Content Redaction" settings other than the automatic redaction that you can enable or disable.
1
Francis Casino
I want to express my apologies for any confusion caused. To resolve the issue you're facing, I will initiate the process of opening a support ticket. This will allow our team to thoroughly investigate the problem, gather additional details, and work towards a resolution. Please be assured that we are committed to resolving this matter promptly. If you have any additional information that you believe would be helpful for our investigation, please feel free to share it within the ticket.
-2
Zanes Pullin
We also do not have this feature, despite paying for it.
0
Audrey Ann Cipriano
Hi Zanes Pullin I'll create a ticket on your behalf so we can check on your account, you'll receive an email shortly, thank you!
1