Answer is using Encrypted Fields.
Encrypted Custom Fields are a new field type (released after winter 08) that allows users to store sensitive data in encrypted form and apply a mask when the data is displayed (e.g., Credit Card Number: XXX-XXX-XX-1234)
Now how I can use encrypted fields in my organisation?
You need get Encrypted Field Enabled from salesforce.com. Once you get it enabled from salesforce, you will see a new data type option when creating a new custom field.
We can also specify the mask for the field.
Some important points :
- User profiles who have the “View Encrypted Data” configuration enabled will be able to view the field normally.
- Users who do not have the “View Encrypted Data” profile will see the mask.
- User profiles that have the “Modify All Data” permission will not be able to see the value of encrypted data fields.
- The field length is restricted to 175 characters in size.
- Encrypted Field cannot be type cast as Unique or External ID.
- An encrypted field cannot be configured with a default value.
- You can’t use encrypted fields in report filters and list views.
- You can’t use the encrypted fields in SOQL “where/order” clauses.
- Also we can not use encrypted field formula fields, workflow rules, workflow field updates, approval process entry criteria, and approval step criteria.
- If you clone a record that has encrypted custom fields, Salesforce will copy the data from the field ONLY if the user has the “view encrypted data” permission.
- You can access the data of encrypted field in apex, i.e value is always unmasked.