1. Using B2C Service
  2. Email Security

Email Security

Although most email sent over networks is not encrypted, we recommend encrypting all data that you deem sensitive.

B2C Service is designed to prevent the inadvertent release of information, but there are also a number of configuration settings related to email that you can use to increase your protection.

Authentication

Authentication assures the message recipient that the sender is who it appears to be and that no other parties are misrepresenting themselves as the sender.

Note: If you use a general Service mailbox supplied by Microsoft, such as Outlook or Office 365, you need to configure your mailbox settings in B2C Service to use OAuth authentication. This is in keeping with Microsoft’s end of service support for Exchange mailboxes. When you implement this email authentication correctly, you can continue to send emails to contact centers using Microsoft mailboxes without any mail delivery problems. For more information, see Configure OAuth Authentication Settings.

Certificates

Secure sockets layer (SSL) protocol provides encryption services for client-server communication security. To accomplish this, digital certificates are used to convey identification information and encryption keys. Since all agent desktop communication is over SSL, your site already uses a certificate issued by Oracle. This certificate can be used for other secure communication links, including staff member and customer access and email. See Configure SSL Security Settings, Configure SMIME Security Settings, and Certificate Validation Options.

For a list of configuration settings you can use to protect your site and improve your security, see Site Protection.

Emailing Links to Answers

You can email links to answers from the customer portal or the administration interface. If a login is required for customers to access an answer, a user name and password will be required.

Answer visibility depends on who is trying to access the answer—a customer or a staff member—and where they are accessing it from—the customer portal or the administration interface. From the customer portal, visibility is controlled by a number of fields, including the Status field, which is defined on the administration interface. For example, if an answer status has been set to Private, then that answer is not visible to customers. See How to Control Answer Visibility.

For customers accessing answers from the customer portal, each answer link is protected by a security token with a limited lifetime that is defined in the SEC_EU_EMAIL_LINK_EXPIRE configuration setting. The default value is eight hours, meaning that a customer has eight hours to click the link and read the information published in the answer. We recommend using this security token to limit the time answers are available to customers. Because attackers need time to build phishing sites (for luring a user into clicking a link), the smaller the window of time you allow for access to your answers, the more secure your site will be.

For example, if an email with an answer link is copied by an attacker, access to the security token and the link has been compromised. If your site requires customers to log in to see an answer, the answer itself is safe, but the attacker can create a phishing scenario using a modified link that takes customers to an external site where their login credentials are stolen. It takes time to accomplish this, so the shorter the window of opportunity, the lower the likelihood of success. Setting the security token expiration in SEC_EU_EMAIL_LINK_EXPIRE helps discourage attackers. See How You Secure Customer Passwords.

From the administration interface, profile permissions control staff members’ access to answers. Permissions of the staff member who sends an email link to an answer do not transfer to the receiver, so data security is maintained.

Image Links in Incoming HTML Email

When HTML is rendered from a customer email, the EGW_VISUAL_EMAIL configuration setting defines how inline images are retrieved and rendered. These HTML image links could be used for unauthorized data transfer and tracking purposes. For example, when an incident is opened, a web page revealing an agent’s location (IP address) or browser type might be automatically accessed.

You can disable image links in incoming HTML email by setting the EGW_VISUAL_EMAIL configuration setting to No. Keep in mind that this setting not only disables image links when creating the incident thread, but also renders the email as plain text, without any formatting. There are also cases where EGW_VISUAL_EMAIL does not affect HTML threads with images, for example, when some kind of integration has taken place. It is also important to note that even after the setting is disabled, existing incidents might still be vulnerable.