Protecting customer information, everywhere
In the digital age, protecting PII has become a paramount concern for businesses across industries. Capital One wanted to take action and empower our Customer Service Representatives, who often handle sensitive information, to outright delete PII when possible and safely store it when needed. PII Shield was developed to address this challenge, offering a seamless solution for identifying, masking, and securely managing PII during customer interactions.
The problem
The Capital One Lab was approached by our customer service team with a request to help reduce PII being accidently stored in invalid input fields within our customer service software. Customer Service Representatives may need to process PII to assist during a call, but storing or viewing this data poses significant security risks and becomes a compliance issue. Even with training, human error could cause PII to be handled improperly and become a risk. There was a pressing need for an automated, secure method to protect PII without disrupting the customer service workflow.
The solution
With the fast paced environment of the Capital One Lab, I was part of the small team that was set up to tackle the problem within a week. I started by interviewing our customer service representatives, collecting data on their day-to-day workflow, and understanding the tooling they were using to learn where they could and where they couldn't accidentally or purposefully input PII. Given all of our customer service tooling was browser based, the logical solution was to design a light-weight Google Chrome Extension that could easily be deployed and managed by the enterprise. With direct browser integration, we could provide real-time detection, deletion, or encryption of PII within any text field or customer interaction platform accessed through Chrome.
- PII Detection: Utilizing advanced pattern recognition and machine learning algorithms, the extension identifies PII such as social security numbers, credit card details, and email addresses within text.
- Removing Data: Once PII is detected, it is automatically highlighted, and gives the Customer Service representative two options; delete the data or encrypt it. Ideally the representative will quickly delete the PII, however, there is an option for the PII to be retained and masked, where the sensitive information is replaced with an encrypted string. This process ensures that PII is not visible or stored in its original form, reducing the risk of data leaks.
- Encryption and Decryption: The masked data is encrypted using secure cryptographic methods. Representatives can request to decrypt the information by providing a valid business justification, which is logged for audit purposes.
Results
PII Shield significantly enhanced the security posture of customer service operations. Accomplishing the following:
- Enhanced Data Security: Automated PII delete, masking, and encryption drastically reducing the risk of accidental exposure or data breaches
- Compliance with Privacy Regulations: Helped Capital One comply with regulations such as GDPR and CCPA by ensuring that PII is handled securely and access is logged and justified.
- Efficiency: Representatives can focus on providing quality service without being bogged down by manual data protection procedures. The automated process also reduces the likelihood of human error.