Question
Is there any requirement to mask data that appear to be account numbers and BSB codes or any other potentially sensitive data in transaction description detail? Alternatively, is this left to the Data Holder's standard practices, preferences, and alignment to other digital channels?
Answer
The Standards and the Rules do not have any specific requirement outside of the specific requirements for the account number fields in the account payloads. For fields outside of these specific requirements data holders should abide by their standard practices as you suggest. As noted in one of the links below is a convention that credit card numbers should be masked wherever they appear as good practice.
See:
Comments
0 comments
Please sign in to leave a comment.