Skip to content

Fix mask_amount_rounded type mismatch and add missing PII maskers to financial services #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
puichinglee wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix mask_amount_rounded type mismatch and add missing PII maskers to financial services #22

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 66 additions & 6 deletions shared/industries/financial_services.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ identifiers:
- transfer_amount
format: "Decimal currency value"
sensitivity: confidential
masking_function: mask_amount_round
masking_function: mask_amount_rounded
category: transaction

- name: Customer SSN
Expand Down Expand Up @@ -80,6 +80,28 @@ identifiers:
masking_function: mask_email
category: customer_pii

- name: Phone Number
column_hints:
- phone
- phone_number
- mobile
- contact_phone
format: "Various formats"
sensitivity: confidential
masking_function: mask_phone
category: customer_pii

- name: Customer Address
column_hints:
- address
- street_address
- mailing_address
- billing_address
format: "Free text"
sensitivity: confidential
masking_function: mask_address
category: customer_pii

masking_functions:
- name: mask_account_last4
signature: "mask_account_last4(acct STRING) RETURNS STRING"
Expand Down Expand Up @@ -114,13 +136,13 @@ masking_functions:
ELSE '[REDACTED]'
END

- name: mask_amount_round
signature: "mask_amount_round(amount DOUBLE) RETURNS STRING"
- name: mask_amount_rounded
signature: "mask_amount_rounded(amount DECIMAL(18,2)) RETURNS DECIMAL(18,2)"
comment: "Transaction amount — round to nearest thousand for non-privileged users"
body: |
CASE
WHEN amount IS NULL THEN NULL
ELSE CONCAT('$', CAST(ROUND(amount, -3) AS STRING))
ELSE ROUND(amount, -3)
END

- name: mask_ssn_last4
Expand All @@ -144,6 +166,37 @@ masking_functions:
ELSE '[REDACTED]'
END

- name: mask_email
signature: "mask_email(email STRING) RETURNS STRING"
comment: "Email address — mask local part, preserve domain for analytics"
body: |
CASE
WHEN email IS NULL THEN NULL
WHEN INSTR(email, '@') > 0 THEN
CONCAT(LEFT(SUBSTRING_INDEX(email, '@', 1), 1), '****@', SUBSTRING_INDEX(email, '@', -1))
ELSE '[REDACTED]'
END

- name: mask_phone
signature: "mask_phone(phone STRING) RETURNS STRING"
comment: "Phone number — show last 4 digits only"
body: |
CASE
WHEN phone IS NULL THEN NULL
WHEN LENGTH(REGEXP_REPLACE(phone, '[^0-9]', '')) >= 4 THEN
CONCAT('***-***-', RIGHT(REGEXP_REPLACE(phone, '[^0-9]', ''), 4))
ELSE '[REDACTED]'
END

- name: mask_address
signature: "mask_address(addr STRING) RETURNS STRING"
comment: "Street address — full redaction for financial services compliance"
body: |
CASE
WHEN addr IS NULL THEN NULL
ELSE '[ADDRESS REDACTED]'
END

- name: filter_aml_compliance
signature: "filter_aml_compliance() RETURNS BOOLEAN"
comment: "AML row filter — only compliance and fraud teams see all rows"
Expand Down Expand Up @@ -197,7 +250,7 @@ prompt_overlay: |

**Transaction Data:**
- Transaction Amount: Decimal currency. Columns: `transaction_amount`, `txn_amount`, `amount`.
Use `mask_amount_round` — round to nearest thousand for non-privileged users.
Use `mask_amount_rounded` — round to nearest thousand for non-privileged users.

**Customer PII:**
- SSN: 9 digits. Columns: `ssn`, `social_security`, `tax_id`.
Expand All @@ -206,14 +259,21 @@ prompt_overlay: |
Use `mask_name` — show first initial only.
- Customer Email: Columns: `customer_email`, `email_address`.
Use `mask_email` — mask local part, keep domain.
- Phone Number: Columns: `phone`, `phone_number`, `contact_phone`.
Use `mask_phone` — show last 4 digits only.
- Customer Address: Columns: `address`, `street_address`, `billing_address`.
Use `mask_address` — full redaction.

**Available Financial Services Masking Functions:**
- `mask_account_last4(acct STRING) RETURNS STRING` — last 4 digits visible
- `mask_routing(rtn STRING) RETURNS STRING` — last 4 digits visible
- `mask_card_last4(card STRING) RETURNS STRING` — PCI compliant, last 4 digits
- `mask_amount_round(amount DOUBLE) RETURNS STRING` — rounded to nearest thousand
- `mask_amount_rounded(amount DECIMAL(18,2)) RETURNS DECIMAL(18,2)` — rounded to nearest thousand
- `mask_ssn_last4(ssn STRING) RETURNS STRING` — last 4 digits visible
- `mask_name(name STRING) RETURNS STRING` — first initial only
- `mask_email(email STRING) RETURNS STRING` — first initial + domain visible
- `mask_phone(phone STRING) RETURNS STRING` — last 4 digits visible
- `mask_address(addr STRING) RETURNS STRING` — full redaction

**Suggested Group Structure:**
- `fraud_team` / `compliance_officer`: Full access to all data (AML/SOX compliance)
Expand Down