This document proposes a solution for anonymously tracking a customer’s ratings using non-sensitive data elements that are part of the payment transaction. This solution called TruTrace generates a unique value, or token and it applies specifically to card present payment transactions using Payment Cards. The solution proposed may not apply to payment transactions made by customers through other channels (e.g. Web, Phone, NFC, etc.).
As part of its commitment to providing merchants with innovative and valuable information about customer sentiment, TruRating needs to be able to anonymously group ratings records from each customer at an outlet and across outlets. To do this TruRating needs to be able to anonymously identify when the same Payment Card is used in different transactions. Anonymity is required to:
- Retain Customer trust;
- Meet data privacy legislation; and,
- Comply with TruRating Data Policy.
The data collected and stored by TruRating does not include any data that can be associated with a named customer nor does it contain any sensitive payment data within PCI scope. Although these constraints limit what data can be used to track a customer, the algorithm presented here, called TruTrace 1, does so in a manner that enhances the uniqueness of key data elements associated with non-sensitive and non-PCI payment elements without breaching PCI guidelines regarding sensitive data.
TruTrace is based on obfuscating certain selected non-sensitive card data elements using SHA256. Using a combination of non-sensitive card elements such as the last four digits of the PAN, results in a hash which, while not guaranteed to be unique, will be unique enough for TruRating to anonymously track a customer’s ratings across their purchases where TruRating is installed.
The key features of TruTrace include:
- Preservation of the anonymity of the customer and their card;
- Only non-sensitive non-PCI (i.e. out of PCI scope) payment elements are used;
- Allows a payment card to be followed from transaction to transaction independent of the merchant, outlet or Acquirer;
- Is universal across all regions;
- Guarantees that the generated hashes are unique enough within a region so that a particular payment card within that region can be tracked with sufficient precision; and,
- Is secure and non-reversible.
TruTrace is implemented as part of the TruModule development done by our partner. The resultant ‘hash’ value is all that is sent to and stored by TruRating.
1 The algorithm was formerly called Card Data Hash (CDH). It has been renamed to TruTrace which more accurately reflects what it is used for.