Setting Up Information Privacy

You can customize the Reflection workspace to control its appearance and behavior or to lock down access to Reflection settings and controls.

Reflection® Desktop products include support for several information privacy features that are designed to help you comply with industry and government regulations, like Payment Card Industry Data Security Standards (PCI DSS) that address data protection concerns. You can configure Reflection to protect sensitive data so that it is not displayed in Reflection productivity features like Screen History, and when sharing host data using Windows copy/paste for integration with other applications. For IBM hosts, you can mask sensitive data so that it is not displayed on host screens. You can also require secure connections for sessions that handle sensitive data.This guide shows how to configure Reflection to support PCI DSS requirements.

  • PCI DSS and Reflection Desktop on page 3 describes Reflection support for PCI DSS and provides references to relevant documentation.

  • What You Need to Do on page 3 is a high level summary of how to configure Reflection to protect information privacy.

  • Setting up Redaction of Primary Account Numbers (PAN) on page 4 provides in-depth information about the three Reflection options for credit card PAN (Primary Account Number also referred to as “credit card number”) detection: Simple PAN Detection, Simple PAN Detection with Preceding Text, and Reflection PAN Detection. This section includes suggestions about when to use each option, the considerations of each, and examples of how to set them up.

  • Setting up Privacy Filters on page 10 includes suggestions for using simple expressions to create privacy filters that redact personal data such as phone numbers or US Social Security numbers.

  • References on page 11 provides references to general industry PCI DSS documentation and tutorials for creating regular expressions (used for PAN identification).

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a proprietary information security standard comprising technology requirements and process requirements designed to prevent fraud when handling credit card information. All companies who handle credit cards are subject to this standard.

To be PCI DSS compliant, organizations must meet twelve PCI DSS requirements. (Reflection aids compliance with the requirements shown in bold).

  1. Install and maintain a firewall configuration to protect cardholder data.

  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

  3. Protect stored cardholder data.

  4. Encrypt transmission of cardholder data across open, public networks.

  5. Use and regularly update antivirus software.

  6. Develop and maintain security systems and applications.

  7. Restrict access to cardholder data by business need-to-know.

  8. Assign a unique ID to each person with computer access.

  9. Restrict physical access to cardholder data.

  10. Track and monitor all access to network resources and cardholder data.

  11. Regularly test security systems and processes.

  12. Maintain a policy that addresses information security.

What You Need to Do

To set up Reflection to protect sensitive data, you’ll need to configure the following options in the Information Privacy Dialog Box:

  1. Under Primary account PAN Number Redaction Rules, choose Enable Redaction and then select options for displaying redacted data. If you want to prevent PAN data from being saved in an external file, end user messaging devices, or any component that saves screen data, such as the Reflection Recent Typing feature, select Do not store typed PANs.

    NOTE:“Redact display data” and “Redact data while typing” options for both privacy filters and PAN detection currently apply only to IBM emulation sessions. They are not currently implemented for VT.

  2. Set up Primary Account Number (PAN) Detection Rules. You will need to choose a redaction method and configure it as shown in Setting up Redaction of Primary Account Numbers on page 4.

  3. If you want to use Privacy Filters, you will need to configure the Privacy Filter Redaction Rules and then create a simple or regular expression for the filter as shown in Setting up Privacy Filters on page 10.

  4. Under PCI DSS Rules, set up requirements for secure connections. You can require secure connections for all network connections or for wireless only. (See Configuring PCI DSS in the Reflection Desktop Help.)

  5. If you want to log access to credit card data, select Enable API events when PANs are viewed by the user. Then follow the instructions in the NET API Guide or the VBA Guide for an example of how to handle an event to log access to cardholder data.