Per the TrustedForm EULA, the TrustedForm service may not be used to capture sensitive consumer data. Examples of sensitive data include credit card numbers, bank account numbers, social security numbers (SSNs), and driver license numbers. If you place the TrustedForm script on a site that collects sensitive data, you must flag these fields as such with this feature.
How Do I Protect Fields with Sensitive Data Flagging?
TrustedForm allows you to flag any or all sensitive fields of consumer data. When this feature is used, we apply a cryptographic hash to the flagged fields making it infeasible for anyone, including us, to store, retrieve, reverse-engineer, or utilize the data that was volunteered by the End User in that flagged data field.
When a TrustedForm VideoReplay is viewed, the data in a flagged field will be seen only as a series of asterisks. In order for you to protect sensitive data and still have a recognizable certificate for compliance, we recommend only flagging fields that truly collect sensitive data.
Flagging Individual Fields as Sensitive Data
By default, fields data collected in form inputs is not considered sensitive by the TrustedForm script. If you use the TrustedForm script as provided and do not flag any fields as sensitive, the script will capture any fields filled out while the script is active on the page.
To protect data, flag the individual, sensitive fields as follows:
An example field would look like:
<input type=“text” name=“ssn” data-tf-sensitive=“true” />
Flagging Images as Sensitive Data
By default, all images on the page are captured as part of the video replay. If you wish to hide an image on the page, you may use the
data-tf-sensitive=“true” attribute on the image tag. The image will be replaced by a placeholder that indicates it's been hidden by you.
An example image would look like:
<img src=“graphic.jpg” data-tf-sensitive=“true” />
Treating All Fields as Sensitive Data
TrustedForm also supports the ability to treat all fields as sensitive data. When this option is selected, you can flag individual fields that you don't want to be treated as sensitive.
When the invertFieldSensitivity variable toggle is enabled, you must explicitly mark fields you want TrustedForm to capture like so:
<input type=“text” name=“phone” data-tf-sensitive=“false” />