We have a use case in which the customer wants to utilize Genesys Cloud Secure Flow for credit card payment purposes. They are expecting Genesys Cloud to perform SHA256 hashing on the credit card information before sending it to the payment gateway. However, as far as I know, there is no built-in function within Genesys Cloud Architect to accomplish this. Please correct me if I'm mistaken. Our suggestion is for the customer to develop a middleware solution between Genesys Cloud and the payment gateway to handle the data hashing. However, they have concerns that the credit card number might be exposed when transmitted from Genesys Cloud to the middleware via data action, which would violate PCI-DSS compliance.
During my research, I came across a built-in action in Secure Flow called Secure Data Action. We would like to understand how the secure data action works in the backend. Does it help prevent sensitive data, such as credit card numbers in this case, from being exposed when sent to external web services? I opened a ticket with support. However, they can't answer that and redirect me to ask in this forum.