You can choose from three methods for redacting credit card PAN data: Simple Primary PAN Detection, Simple PAN Detection with Preceding Text, or Reflection PAN Detection.
|
Method |
Use when |
Considerations |
|---|---|---|
|
Simple PAN Detection matches a credit card number sequence. |
All of the credit card data in your host applications are displayed and entered in a “contiguous” fashion. You are only detecting PANs for the prepackaged major credit card issuers. |
Easy to set up |
|
Simple PAN Detection with Preceding Text matches preceding text (e.g., Account) followed by a credit card number sequence. |
Same as above except credit card data in your host applications are always labeled in predictable ways. |
Relatively easy to set up Avoids false positives |
|
Reflection PAN Detection uses regular expressions to detect PANs. |
You need to define custom card issuer patterns to detect, such as oil company or department store cards. PANs appear in a non-contiguous format or are entered using non- standard digit group separators. You want PAN detection to be especially “aggressive” or “greedy” in that any digit grouping on any screen should be considered for redaction, and you need to be able to redact without regard to what other text or digit separators may appear between single or groups of digits in the PAN. |
Allows the greatest degree of flexibility and customization for unique detection needs Computationally-intensive— can degrade performance on PCs with limited processing power or memory The likelihood of “false positive” redaction is much greater with this method than the other two, especially if your host screens are very digit-laden |