AWS Contact Center

Collecting sensitive information with Amazon Connect Chat

In today’s digital-first world, businesses increasingly rely on chat interactions to serve customers efficiently and cost-effectively. Many common customer service scenarios require collecting sensitive information – from processing payments and updating shipping addresses to verifying identity and accessing account details. However, gathering this data securely while maintaining compliance with regulations like PCI DSS, GDPR, and CCPA has been a challenge, especially in chat channels where sensitive information could potentially be exposed in transcripts, contact records, or logs.

Consider a customer chatting with an online retailer’s automated assistant about updating their shipping address for an upcoming delivery. The automated assistant would need to direct the customer to log into their account on a separate webpage to make the change – interrupting the conversation flow and creating a disjointed experience. Or, imagine a customer wanting to pay their monthly bill during a chat interaction. Without a secure way to collect credit card information in the chat, they would need to be transferred to a voice call or payment portal, leading to longer handle times and potential customer frustration.

Amazon Connect provides a solution to these challenges with sensitive data collection capabilities for chat interactions. Using the no-code UI builder, businesses can create forms to collect sensitive customer information directly within chat. The solution ensures that sensitive data is not recorded in chat transcripts or contact records, while still enabling secure transmission to backend systems for processing payments, updating customer profiles, or other key transactions.

This seamless approach maintains security and allows you to build PCI-compliant architecture without sacrificing customer experience. Forms can be triggered contextually during conversations, with the sensitive data flowing directly to the intended systems, while being excluded from normal chat logging and storage. Consider how this can be integrated into common use cases like:

  • Collecting payment information for purchases and bill payments
  • Gathering shipping/billing addresses for account updates
  • Capturing account numbers and identifiers for look-ups
  • Verifying identity with collection of sensitive personal information

In this blog, we’ll explore how to implement sensitive data collection in Amazon Connect Chat, examine the architecture that enables compliant handling of sensitive information, and walk-through example implementations for common use cases. You’ll learn how to use the no-code UI builder to create forms, integrate them into your chat flows, and enable seamless yet secure customer experiences.

Let’s dive into how this works and how you can start implementing it in your contact center.

Architecture overview

The secure data collection capability in Amazon Connect Chat uses an architecture that prioritizes both security and user experience. At its core, the solution uses Amazon Connect step-by-step guides with enhanced security controls specifically for sensitive data handling.

There are two phases to enabling secure data collection within chat:

  1. Form creation and configuration
  • Forms are created using the Amazon Connect no-code UI builder
  • Forms are configured within contact flows using the Show View block
  • The “This view has sensitive data” option is enabled to trigger secure handling
  1. Runtime flow
  • When a self-service chat utilizes a view, forms and other configured guide components are rendered in the customer’s chat interface
  • Data entered by the customer is encrypted in transit
  • Sensitive information bypasses normal chat processing
  • AWS Lambda functions can securely process the data for backend integration

An architecture diagram showing an end-customer starting a chat from a desktop website or mobile application. The chat is answered by either an Amazon Connect agent or by and Amazon Lex bot. When sensitive data needs collected, a step-by-step guide is presented to the customer in the active chat. The sensitive data is handled by an AWS Lambda function, and passed to the respective back-end system for processing.

Note on Security Responsibility

While Amazon Connect provides secure infrastructure and tools for protecting sensitive data, customers remain responsible for properly configuring and implementing these features according to their security requirements. This follows the AWS Shared Responsibility Model – AWS secures the cloud infrastructure, but security ‘in’ the cloud, including proper configuration of secure forms, logging controls, and data handling procedures, is the customer’s responsibility. Always consult your security and compliance teams when implementing solutions handling sensitive data.

By utilizing Amazon Connect step-by-step guides and flows, you can:

Build secure forms with the no-code UI builder:

  • Drag-and-drop interface for easy form creation
  • Customizable fields for various data types (e.g., credit card numbers, SSNs, addresses)
  • Built-in validation rules to ensure data accuracy
  • Ability to add custom branding and styling

Secure the handling of sensitive data:

  • No storage or logging of sensitive data
  • Data available only in memory during the active session
  • Integration with AWS Lambda for secure processing when needed
  • Automatic data purge at the end of each chat session

Maintain compliance:

  • Data isolation prevents unauthorized access
  • Encryption and secure transmission of data
  • Granular control over data collection

Data handling and security

This feature implements multiple layers of security to protect sensitive data:

  • Zero persistence: By default, sensitive data is never written to logs, transcripts, or contact records
  • Secure transit: All data is encrypted in transit using TLS 1.2+
  • Access controls: Only authorized Lambda functions can access the sensitive data
  • Automatic cleanup: Data is automatically purged after processing or on session end

This feature provides the technical controls needed for compliance, but organizations should always consult with their compliance and legal teams to ensure their specific implementation meets all applicable requirements.

This secure data collection architecture enables businesses to confidently collect sensitive information while maintaining security and compliance. In the next section, we’ll explore specific use cases and implementation examples for common scenarios.

Key use cases for secure data collection

Let’s explore how to implement secure data collection for common customer service scenarios. Each use case includes example configurations and best practices to help you get started quickly while maintaining security and compliance.

Secure payment processing

One of the most common needs is securely collecting credit card information during chat interactions. This enables customers to make payments, process refunds, or update payment methods without switching channels.

An Amazon Connect step-by-step guide collecting credit card information in a chat

Profile information updates

Enabling customers to securely update their personal information during chat interactions improves data accuracy while maintaining privacy. This information can be used to update an Amazon Connect Customer Profile, or information stored in other back-end systems.

An Amazon Connect step-by-step guide collecting mailing address information in a chat

Account lookup and identity verification

Secure collection of account numbers enables efficient customer verification and account management while protecting sensitive identifiers. Collecting sensitive personal information for identity verification requires extra security measures while maintaining usability.

An Amazon Connect step-by-step guide collecting information to verify an identity in a chat

You can create similar or different views based on your use case while maintaining the required security and compliance. The forms can be triggered contextually based on customer intent, providing a seamless experience within the chat interaction.

These implementations provide a foundation for secure data collection while maintaining a smooth customer experience. In the next section, we’ll walk through the step-by-step process of deploying these solutions in your Amazon Connect instance.

Creating secure forms with the no-code UI builder

The Amazon Connect no-code UI builder makes it simple to create secure data collection forms. Here’s how to create forms that protect sensitive information:

  1. Access the UI builder
    • Navigate to Routing -> Flows -> Views
    • Open an existing view, or select Create View to access the Step-by-Step Guides no-code UI builder
  2. Configure form fields
    • You can select the Payment template to quickly see an example of how to collect credit card or address information
    • Alternatively, you can add input fields for required data (e.g., credit card fields, address fields) from the component library
    • One your view is configured, select Publish so it can be used within your flow
  3. Create flow module
    • If you already have a customer-facing Chat guide flow configured you can open that and include the new view
    • Otherwise, navigate to Routing -> Flows -> Modules and select Create flow module
    • Add a Set logging behavior block to the start of the module and disable logging
    • Add a Show View block, and select the view that you created earlier
  4. Enable sensitive data handling
    • In the Show View block settings, enable This view has sensitive data
    • Set up error handling and timeout behaviors

An Amazon Connect Show View contact flow block open. The block is configured as a Form view and named Data Collection Form. The “This view has sensitive data” option is selected and has a box around it highlighting the configuration option

  1. Set-up Lambda integration
    • If you need to process collected data outside of Amazon Connect, create a new AWS Lambda function
    • Associate the Lambda function to your instance, and add it to the contact flow being used
    • In the output of your Show View block, connect the AWS Lambda function that will process the collected inputs
  2. Complete the flow configuration
    • After the Lambda function has been processed, re-enabled logging with the Set logging behavior block
    • Add a Return block at the end of the module to continue with the previous flow experience

A completed sample contact flow module showing the configuration outlined in the steps above. There is a disable logging block, a show view block, a Lambda function processing the data from the show view block, and another block re-enabling logging before returning to the main flow. There is a block for error handling that advises proper handling of errors in production.

 

Note on Modules

Create reusable Flow Modules for secure data processing. By encapsulating the secure data collection pattern in a module, you can maintain consistent security practices and save development time across multiple contact flows.

See it in action

Watch this demonstration to see how secure data collection works in Amazon Connect Chat. In this video, we’ll walk through a real-world scenario where a customer needs to update their payment information during a chat interaction. You’ll see how the secure form seamlessly integrates into the chat experience, allowing the customer to safely enter their credit card details.

This demonstration highlights how businesses can maintain security and compliance while delivering a smooth, uninterrupted customer experience. Notice how the sensitive data is never displayed in the chat transcript or agent’s view, yet the transaction can be completed efficiently within the chat channel.

Conclusion

As businesses strive to deliver seamless customer experiences while protecting sensitive data, the secure data collection capabilities in Amazon Connect Chat provide a powerful solution that balances security, compliance, and user experience. By enabling secure form collection directly within chat interactions, organizations can transform previously disjointed processes into smooth, secure conversations that build customer trust and improve operational efficiency.

As customer expectations for seamless digital experiences continue to grow, the ability to securely handle sensitive data within chat interactions becomes increasingly crucial. The secure data collection capabilities of Amazon Connect provide a foundation for building trusted customer experiences while maintaining the security and compliance controls modern businesses require.

By implementing these capabilities, organizations can:

  • Scale their digital customer service operations confidently
  • Adapt quickly to changing security requirements
  • Innovate on customer experience without compromising security
  • Reduce costs while improving service quality

The future of customer service demands both security and seamlessness – with the secure data collection capabilities of Amazon Connect, that future is within reach today.

Resources to get started

  • Do you want to learn more about step-by-step guides? Watch the videos on the step-by-step guides YouTube playlist to see how you can get started.
  • Do you want to get started building your first step-by-step guide in Amazon Connect? Follow this step-by-step guides workshop to learn more about how to build, deploy, and test a sample guides that interacts with Amazon Connect attributes to provide a personalized, dynamic, and contextual experience.
  • Do you want to dive-deep with step-by-step guides? Learn more in the Amazon Connect Administrator Guide.

Author bio

Alex Schrameyer (he/him) is a Worldwide Solutions Architect Lead for Agent Experience at Amazon Web Services (AWS) based in Indianapolis, Indiana. He believes that exceptional agent experiences are the cornerstone of outstanding customer service, and focuses on creating environments where agents excel and customers are delighted. Alex enjoys traveling around the world, and you might find him at your local baseball stadium or theme park.