Users sometimes enter sensitive information such as credit card numbers in tickets when they shouldn't. In addition to being visible to anybody with access to the ticket, the credit card number automatically gets stored in a database with the rest of the ticket.
You can use a feature called Automatic Redaction to redact, or remove digits from credit card numbers found in ticket comments or custom fields so that the numbers are no longer useful. The data is redacted when the ticket is created, and on future comments and internal notes, to prevent the full credit card number from being stored with Zendesk. This helps keep confidential information out of Zendesk. Redacting credit card numbers already in the system is not supported.
Credit card numbers are identified in incoming tickets and comments/internal notes by using the Luhn algorithm and by looking for the prefixes and lengths of common credit card types. The checks don't guarantee that all credit card numbers will be identified. They also don't guarantee that some numbers that aren't credit card numbers will be skipped. The system does check for phone number and URL patterns and skips them. For example, some international phone numbers may pass the Luhn check -- though if the numbers start with a +, they won't be redacted.
Numbers that appear to be valid credit card numbers are redacted by replacing some digits with a replacement character, leaving the first 6 digits and the last 4 digits intact. Example:
- String in incoming ticket: "I want a refund. My card number is 12 345123 451234 8."
- String stored in Zendesk: "I want a refund. My card number is 12345 1▇▇▇▇ ▇2348."
In this example, the string of numbers shown above would not be redacted. To be redacted, the number you use must be in a valid credit card format.
Numbers are redacted if they're between 12 and 19 digits long. Most bank card numbers are within this range.
The original credit card number isn't simply masked in the UI but completely redacted from logs and database entries. It's kept in memory only long enough to check it. The only exceptions to this are MIME-encoded emails and custom ticket fields in suspended tickets, but these two exceptions will be removed in the near future.
A tag is automatically added to tickets with redacted credit card numbers. You can create a view to see all tickets with this tag in one place.
To start redacting credit card numbers
- In Admin Center, click the Account icon () in the sidebar, then select Security > More settings.
- On the Zendesk Support tab, select the Enabled checkbox in the Automatic Redaction section.
- Save your changes.
To list the tickets with redacted credit card numbers
- Create a view of tickets that contain the tag '"system_credit_card_redaction."
For information about creating views, see Adding views.
I made a Minerva interactive step-by-step guide to help you walk through automatically redacting credit card numbers in Zendesk. Minerva is a guide that shows you where to click, and what to do next, so you can set this up on your own account. You can follow the link here for the step by step instructions:
Interestingly, geolocation lat/lon coordinates sometimes look like credit card numbers to the redaction feature. I had to turn redaction off because it was blanking out part of my lat/lon coordinates in a custom field. Took me a while to figure out what was going on. Luckily it's not likely my users will be putting CC numbers in tickets or this could be a real problem.
What about if a user puts in a Social Security number, is there any way to redact that?
Numbers are redacted if they're between 12 and 19 digits long. As it turns out, Social Security number is only 9 digits long. Therefore, it will not be part of the automatic redaction.
There's an option to manually redact it. Please refer to Redacting ticket content in the Zendesk Agent Workspace.
What about redacting credit card numbers from the recordings? Is there a way to automate redaction in a conversation?
Hi Joseph Reppen,
Strac automatically detects and redacts sensitive information like SSN, DL, Passport, Identity Documents, Credit Card, Bank Numbers, and more. You can check it out here: https://www.strac.io/integrations/zendesk
Is there a way to stop the redaction for gift cards with the same amount of digits as credit cards in Web Chat and Emails?
Hi @Lisa Setford,
Yes, with Strac redactor - you can redact claim codes, gift card codes, promo codes.
Please let us know if you’d like to try it out. Our website: https://strac.io
Thank you, will have a look to see if suitable for our needs.
Hey guys, does it support Messaging tickets?
Hi Andrei Kamarouski yes automatic redaction supports Messaging tickets too :)
Please sign in to leave a comment.