Masking Personal Identifiable Information (PII) data
As part of GDPR support, application masks the individual's personal sensitive information so that the log tracing does not show this information in the log files.
The application masks the values of PII attributes (for example, @EMailID,
@AlternateEmailId, and @CustomerEMailID) available in the input and
output XMLs that appear in the log files. These attributes are replaced with the string
--masked--.
The application provides following log4j1 layout filters to mask the sensitive PII data.
- PIIXMLFilter - To mask the PII data available in the input or output XMLs that appears in the API or Service log files.
- SPIIFilter - To mask the sensitive PII data that appears in the API or Service log files.
The PIIXMLFilter layout filter replaces the values of the following XML attributes in the API or Service log files with the string --masked--:
| Attribute Category | Attribute Name |
|---|---|
| Personal Details | @FirstName, @LastName, @CustomerFirstName,
@CustomerLastName |
| Contact Address | @AddressLine1, @AddressLine2,
@AddressLine3 |
| Contact Email | @EMailID, @AlternateEmailID,
@CustomerEMailID, @EmailAddress, @EmailId |
| Contact Phone Number | @DayPhone, @EveningPhone, @MobilePhone,
@OtherPhone, @CustomerPhoneNo, @DayFaxNo,
@EveningFaxNo |
| Credit or Debit Card Details | @CreditCardExpDate, @CreditCardName,
@CreditCardNo, @DebitCardNo |
| Account and Payment Details | @CustomerAccountNo, @PrimaryAccountNo,
@SvcNo, @PaymentReference1, @PaymentReference2,
@PaymentReference3 |
The SPIIFilter layout filter replaces the values for the following keywords in the API or Service log files with the string *--masked--*:
| Keyword Category | Keyword Name |
|---|---|
| Credit or Debit Card and Account Details | Password, CVV, CreditCardNo, DebitCardNo, SvcNo, CustomerAccountNo, PrimaryAccountNo |
| Login Details | LOGINID, USER_ID |
The paymentFilter is the default layout filter.
logfilter.filterset.<custom_filter>.includes=PIIXMLFilter,SPIIFilter