Credit Card Encrypted Fields
I was attracted to Zendesk knowing there were credit card encrypted fields. For the life of me, I cannot figure out how they could possibly be useful. After input, the card is masked. I see no value in capturing a masked credit card.
Rather, I expected to have a PCI compliant capture of the card, and expiry date, allowing our agent with appropriate permission the ability to expose this card and log the time stamp and user that viewed the card. The card should then be redacted.
Or, a secure way to pass this card using the API to a 3rd party application in a PCI compliant way.
If none of these are possible, I do not see any value in the field type unless I am missing something. It seems we have to build our own forms to capture these cards, and being advised to use a Text field to capture the card in a non-compliant way makes no sense to me.
-
Hi, Richard –
Thanks for the note. The field is definitely not valuable for all use cases, and I think you've done a great job laying that out. We are definitely interested in doing more in this space. The intent of the field as built was to allow the capture of a credit card without revealing that information to the user, but I agree there is limited utility in that without creating all the necessary compliance around it.
We're not currently working on PCI compliance, and I don't think we've made a decision about whether that is something we intent to pursue in the long term (there are other compliance standards we're focussed on at the moment), but I certainly think that data security is something we're interested in improving. For the moment, unfortunately, we don't have a very helpful answer to this.
サインインしてコメントを残してください。
1 コメント