You can configure Information Privacy features to protect sensitive data so that it is not displayed on the screen or in productivity features, such as Screen History.
If you need to... |
Do this... |
---|---|
Redact certain patterns of data that are outside the realm of credit card formats (e.g., US Social Security numbers). |
Set up and . |
Redact credit card Primary Account Numbers (PANs) to meet PCI DSS PCI DSS (Payment Card Industry Data Security Standard) is a worldwide standard comprising technology requirements and process requirements designed to prevent fraud and is published by PCI Security Standards Council, LLC. All companies who handle credit cards are likely to be subject to this standard. requirements (see PCI Security Standards Council). |
Set up and . |
Require secure connections (as may be required for PCI DSS compliance). |
Set up . |
NOTE:
You can use Privacy Filters together with Primary Account Number (PAN) detection. To improve performance, do not duplicate existing PAN patterns in privacy filters.
Information Privacy settings do not apply to IBM host printer emulation.
If redaction is enabled, HLLAPI functions are disabled to prevent access to unredacted data through HLLAPI.
For detailed explanations, instructions, and examples that show how to set up Information Privacy features, see Setting up Information Privacy.
Use privacy filters when you need to:
Redact certain patterns of data that are outside the realm of credit card formats (for example, US Social Security numbers or proprietary sensitive account numbers).
Redact Primary Account Numbers (PANs) that are outside of a 13-16 digit range. (PAN detection does not detect PANs that are outside of this range.)
The redaction rules specify how to redact sensitive data, based on the filters that you specify in
.
Enable redaction (exported data only) |
Redacts sensitive data so that it is not displayed in productivity features, such as Office Tools integration, Screen History, Recent Typing, and Auto Complete. This option also obscures data from the Print Screen and Cut/Copy/Paste commands. |
|
Redacts data on screens after you navigate out of the current field. |
|
Redacts sensitive data as you type it in. |
|
Opens the Add Privacy Filter dialog box where you can define the filter. |
|
Opens the Modify Privacy Filter dialog box where you can modify the regular or simple expression that defines the filter. |
|
Deletes the selected filter. |
You can set up redaction rules to redact PANs (credit card numbers) that appear in screen histories, the clipboard, and Microsoft Office applications. You can also choose to redact PAN data displayed on screens, either as the PAN is typed or after it is entered.
(exported data only) |
Redacts sensitive data, based on the rules that you specify in . |
|
Specifies how many digits of the PAN to redact. |
|
Redacts data after it is entered. |
|
Redacts data as it is typed. |
|
Prevents PAN data from being saved in an external file or any component that saves screen data. This includes the data saved for the Screen History, Recent Typing, Auto Complete, Auto Expand, and Macro Recording features. It also includes data returned by the Reflection API CreditCardRecognized event. |
|
Allow you to add, modify, or delete the regular expressions used by the PAN Detection methods to detect PAN data. |
|
Allows you to set up regular expressions to detect PAN data. Use this option when:
NOTE:For more about how to use regular expressions to define rules or exceptions for PAN data, see Setting up Information Privacy. |
|
Use regular expressions to define additional exclusion patterns that prevent false positives or preserve data that you do not want to redact. NOTE:By default Reflection does not redact digit patterns such as North American phone numbers containing area code information and optional country code, common short date/time formats (MM/DD/YYYY, YYYY/MM/DD, HH:MM:SS, HH:MM, etc), and US Social Security numbers. |
|
Matches either a credit card number sequence (a 13-16 digit number) or preceding text (e.g., keywords like "Account") followed by a credit card number sequence. Use Simple PAN detection when:
|
|
Matches a credit card number sequence. |
t |
Matches preceding text followed by a credit card number sequence. To use this option, you will need to add the preceding text (e.g., Account) to the box. |
You can configure Reflection to allow APIs to read redacted data or to allow copying of redacted data with a session.
|
Allows programs or macros using the Reflection .NET and VBA APIs to read redacted data as clear text. For example, you could set up Information Privacy features to mask credit card numbers so that users are unable to see them. With this option enabled, you can also run some automation that scrapes the screen and retrieves all the data on the screen, even the redacted data. |
|
Allows users to copy redacted data from a screen in an IBM session to another screen in the same session or to a screen in another IBM session. When enabled, users can select redacted data on the screen, and then copy and paste it to another location. For example, if a user is navigating a mainframe session in a workspace configured to redact credit card numbers and they receive a host screen that contains a credit card, it appears as a series of asterisks and numbers (e.g., ************3267). When this option is enabled, the user can copy this redacted credit card number, navigate a few more screens, and then paste the data. NOTE:When this option is selected, the Clipboard setting is not supported and pasted text that exceeds the length of a field is truncated instead of being pasted to the next unprotected field. |
You can configure Reflection to require secure connections for all network connections or for only wireless connections. You can also choose to fire a Reflection API event when an unredacted PAN (or credit card number) is displayed.
|
Allow non-secure connections, such as Telnet. Select this option only when testing or when your sessions do not require PCI DSS compliance. |
|
Allows only secure connections, regardless of the type of network. This applies to wired, wireless, and VPN connections. |
|
Allows non-secure connections on wired networks but requires secure connections for wireless networks. NOTE:VPN connections are not subject to the wireless restrictions. Because of VPN's inherent security, VPN connections are handled in the same way as wired connections. To secure VPN connections, choose the option. |
|
Fires the CreditCardRecognized .NET API and VBA event when unredacted PAN data is copied from the terminal to the clipboard or to a productivity tool. For IBM systems, the event is also fired when unredacted PAN data is displayed on the screen. You can handle this event to create logs or perform other actions required for compliance. (See the Reflection VBA Guide or the Reflection .NET API Guide.) NOTE:This event is fired only when a PAN is copied or displayed in its entirety ("in the clear"). It is not fired when only redacted PANs are copied or displayed. |