WWLW Ep. 22: The Case of The Credit Card Masking

Tim Deese

WWLW Ep. 22: The Case of The Credit Card Masking

What we know

Tim is working with a retailer based in the Pacific Northwest. One of their challenges is related to handling customer credit card data when they need to process refunds. The legacy payment platform they’re using requires an employee to scroll through a list of transactions to find the charge that needs to be refunded — showing too much information in the process. Rewriting that application wasn’t an option, so they turned to Island to see how we could help mask the credit cards within the web interface.

What we learned

This is a common challenge that Island, the Enterprise Browser, is perfectly positioned to solve. Many organizations have web applications that disclose more information than necessary to a user: credit card numbers, email addresses, or social security numbers, as a few examples. With Island, it’s easy to add a data masking rule that hides the sensitive information from view, with the option to reveal one record at a time as needed. Because it’s applying this masking locally in the browser, there’s no dependency on the backend systems and no code changes required — especially helpful for legacy applications that are difficult or impossible to modify.

What happened next

Tim helped this customer create a policy that obfuscates credit card numbers while leaving the last four digits visible for easy identification. The store managers now have a much improved workflow that allows them to find and issue refunds quickly without displaying every credit card number on the screen. This had been a thorny problem that their other security tools simply couldn’t resolve, until they found the Enterprise Browser. Along the way, Tim helped address several other challenges relating to safe browsing and content filtering and even found a way to open internet access for employees during their break time, while limiting distractions within the store. This is another great example of using the Enterprise Browser to improve the end-user experience while safeguarding sensitive business data.