Field Masking

Field Masking is a privacy-enhancing technology that allows a customer to enter confidential data into a web form while an agent is assisting them in a co-browsing session. The customer can see what they are typing, but the agent's view shows masked characters (like asterisks ****) or a blank field. This allows for seamless, secure collaboration even on pages that contain Personally Identifiable Information (PII) or payment details.

The technology works by identifying specific input fields on a webpage that are meant to contain sensitive data. This identification can be done in a few ways:

• Automatic Detection: The system can automatically recognise common sensitive fields like those for credit card numbers, security codes (CVV), or passwords.
• Manual Configuration: Administrators can specify which fields to mask using their HTML attributes, such as their name, id, or CSS selector. This provides granular control to protect any type of proprietary or personal data.

In the context of Surfly, this process is handled by the Interaction Middleware. As the webpage content passes through Surfly's proxy, it identifies the designated fields and modifies the HTML before it's sent to the agent's browser, replacing the actual data with masked content. The customer's browser receives the original, unmodified page, so their experience is unaffected.

Field masking directly improves customer trust and business compliance in digital interactions. By ensuring sensitive data remains private during co-browsing, it enables secure, efficient collaboration without compromising privacy.

Key Benefits for Stakeholders:

• Achieve Regulatory Compliance: For businesses in regulated industries, it is a key control for meeting compliance standards. It directly supports adherence to PCI DSS (for payment card data), HIPAA (for protected health information), and GDPR (for personal data privacy).
• Build Customer Trust: Customers are often hesitant to share their screen or get help when personal data is involved. Field masking removes this barrier, showing customers that the company takes their privacy seriously. This trust leads to higher adoption of digital support channels and lower call abandonment.
• Enable Complete Journey Support: Without field masking, an agent would have to end a session when the customer reaches a payment or personal information page. With it, the agent can guide the customer through the entire process, from start to finish, improving first-call resolution and customer satisfaction.
• Reduce Insider Threat Risk: It minimizes the risk of internal fraud or accidental data exposure by ensuring support agents never have access to sensitive customer information. All data is masked before it ever reaches their screen.