A place to ask questions, connect with others, and stay in the know
Genesys Cloud PCI compliance deals only with our handling of information on the Genesys Cloud platform, and its transmission of information to another platform. Your proposed workflow would need to be separately vetted by a PCI auditor, as it extends beyond the boundaries of Genesys cloud, but the Genesys Cloud portion of this would remain in compliance by virtue of leveraging the secure flow and a data action to securely transmit PCI related data to an external platform.
My response was really more in relation the overall security of data actions, and specifically pointing out that the information sent to an external web service via a data action is 1. already encrypted via the TLS transport mechanism, and 2. not logged as part of the data action process. The mention of secure flows had more to do with further limiting logging and blocking recording. Encrypting strings prior to sending data over an encrypted channel is not really necessary if you're simply worried about protecting sensitive data.
Every year, Genesys® delivers more than 70 billion remarkable customer experiences for organizations in over 100 countries. Through the power of the cloud and AI, our technology connects every customer moment across marketing, sales and service on any channel, while also improving employee experiences. Genesys pioneered Experience as a ServiceSM so organizations of any size can provide true personalization at scale, interact with empathy, and foster customer trust and loyalty. This is enabled by Genesys Cloud™, an all-in-one solution and the world's leading public cloud contact center platform, designed for rapid innovation, scalability and flexibility. Visit www.genesys.com.