Skip to content

Setting up Information Privacy

InfoConnect Desktop products include support for several information privacy features that are designed to help you comply with industry and government regulations, like Payment Card Industry Data Security Standards (PCI DSS) that address data protection concerns. You can configure InfoConnect to protect sensitive data so that it is not displayed in InfoConnect productivity features like Screen History, and when sharing host data using Windows copy and paste for integration with other applications. For IBM hosts, you can mask sensitive data so that it is not displayed on host screens. You can also require secure connections for sessions that handle sensitive data.

This guide shows how to configure InfoConnect to support PCI DSS requirements.

  • What is PCI DSS describes PCI DSS and shows which requirements InfoConnect aids compliance with.

  • Configure Information Privacy Settings is a high level summary of how to configure InfoConnect to protect information privacy.

  • Setting up Redaction of Primary Account Numbers provides in-depth information about the three InfoConnect options for credit card PAN (Primary Account Number also referred to as "credit card number") detection: Simple PAN Detection, Simple PAN Detection with Preceding Text, and Reflection PAN Detection. This section includes suggestions about when to use each option, the considerations of each, and examples of how to set them up.

  • Configure Information Privacy with Group policy shows how to use Group Policy files to set up Information Privacy.

  • Setting up Privacy Filters includes suggestions for using simple expressions to create privacy filters that redact personal data such as phone numbers or US Social Security numbers.

  • More About Information Privacy provides references to general industry PCI DSS documentation and tutorials for creating regular expressions (used for PAN identification). You can choose from three methods for redacting credit card PAN data: Simple Primary PAN Detection, Simple PAN Detection with Preceding Text, or Reflection PAN Detection.

Method Use when Considerations
Simple PAN Detection matches a credit card number sequence. All of the credit card data in your host applications are displayed and entered in a "contiguous" fashion. You are only detecting PANs for the prepackaged major credit card issuers. Easy to set up
Simple PAN Detection with Preceding Text matches preceding text (e.g., Account) followed by a credit card number sequence. Same as above except credit card data in your host applications are always labeled in predictable ways. Relatively easy to set up Avoids false positives
Reflection PAN Detection uses regular expressions to detect PANs. You need to define custom card issuer patterns to detect, such as oil company or department store cards. PANs appear in a non-contiguous format or are entered using non- standard digit group separators. You want PAN detection to be especially "aggressive" or "greedy" in that any digit grouping on any screen should be considered for redaction, and you need to be able to redact without regard to what other text or digit separators may appear between single or groups of digits in the PAN. Allows the greatest degree of flexibility and customization for unique detection needs Computationally-intensive— can degrade performance on PCs with limited processing power or memory The likelihood of "false positive" redaction is much greater with this method than the other two, especially if your host screens are very digit-laden