Setting up and Using Simple PAN Detection with Preceding Text
When Simple PAN Detection is selected, Reflection matches preceding text (e.g., keywords like "Account") followed by a credit card number sequence (a 13-16 digit number).
The credit card character sequences can also include whitespace and hyphen characters as digit grouping separators.
When to use Simple PAN Detection with Preceding Text
Use Simple PAN Detection with Preceding Text when your application meets all of the following conditions:
All of the credit card account numbers in your host applications are displayed and entered in a "contiguous" fashion. In other words, the PANs always appear or are always entered as a single continuous string (e.g. 1111-1111-1111-1111, 2222 2222 2222 2222, 444444444444444 etc.).
All of the account numbers that need to be redacted are from one or more of the following issuers: Visa, MasterCard, American Express, Discover, Diner's Club, Carte Blanche, Voyager, JCB, or enRoute.
Your host application screens that contain credit cards are very well defined, and credit card information is always "tagged" or prefixed in predictable ways. For instance, your host application has only a handful of screens that contain (or potentially can contain) credit card numbers, and those numbers on the screen are always preceded by a label such as "Account Number: "or "Credit Card."
Advantages of Simple PAN Detection with Preceding Text
Simple PAN Detection with Preceding Text has the following advantages:
This method further restricts the data subject to potential redaction and can serve to virtually eliminate "false positives" in other areas of the screen that do not contain credit card data.
Any potential card numbers, even valid ones, are not considered unless they immediately follow one of the defined strings and the digits do not contain any other data but digits, whitespace, and hyphen separators. This is appropriate for host applications that contain a lot of other numeric data that should not be considered for redaction.
If your host applications have a large numbers of "digit intensive" screens, especially ones that contain lengthy digit data such as part/SKU numbers, ISBN numbers, etc., use of this option greatly reduces the chance of accidental "false positives" in data that could mistakenly be detected as a credit card number.
Considerations for Simple PAN Detection with Preceding Text
Simple PAN Detection with Preceding Text has a few items to consider when using this method:
Before you deploy Reflection, you will need to define the text strings that precede card numbers. This means examining your host applications and noting the strings that precede areas where credit cards are either displayed (protected) or entered (unprotected).
Redaction occurs only after defined text strings. The entire PAN must appear immediately after one of the defined strings, without any additional non-digit, non-whitespace or hyphen separator characters appearing.
How to set up Simple PAN Detection with Preceding Text
In your host application screens, identify all of the keywords that precede credit card numbers.
From the Reflection File menu or the Reflection button (if using the Office 2007 Look and Feel), select Reflection Workspace Settings.
Under Trust Center, click Set Up Information Privacy.
On the Information Privacy dialog box, select Enable Redaction and then select Simple PAN Detection.
In the Information Privacy dialog box, select Detect PANs based on preceding text and add the keywords to the Text Items table.
To "lock down" these settings, see Control Access to Lock Down Settings and Controls.
To package this file for deployment, see Package Configuration Files.
Privacy filter settings are saved in the
PrivacyFilters.xmlfile. All other Information for Privacy settings is saved in the
PCIDSS.settingsfile. You can deploy these files to one of the following locations:
Location for a single user:
[AppDataFolder]is the full path of the Roaming folder for the current user. The default is
Location for all users:
[CommonAppDataFolder]is the full path to application data for all users. The default is