Data Masking
Data masking hides sensitive information on a screen, ensuring it is not exposed to
unauthorized users while keeping the masked data useful for legitimate purposes. The
detection and redaction of the data are based on the configurations selected under the
following options.
- Mask card numbers
-
Custom regular expression
-
Don't redact in unprotected fields
Mask card numbers
This option enables masking for card numbers based on the selected configurations.
Luhn algorithm check is performed to validate the card numbers. Card numbers can
contain only numeric values and delimiters. Only valid card numbers which match the
selected configuration are masked on the screen. Users can configure the card number
masking parameters as given below:
- Detection by digit count - This parameter specifies the number of
digits that the card number can contain. The system will detect card numbers
based on the value you select here.
- 16 digits - Detects and masks 16-digit card numbers only.
- 14 digits - Detects and masks 14-digit card numbers only.
- Both 14 and 16 digits - Detect and masks both 14- and 16-digit card numbers.
- 13 to 16 digits - Detects and masks 13- to-16-digit card numbers.
- Portion to redact - This parameter decides which part of the detected
data to be masked.
-
Show last four digits - All digits except the last four digits will be redacted.
-
Redact all - Redacts all digits of the card number.
-
- Delimiter - Users can select one or more delimiter(s)from the
following options.
- Comma [,]
- Hyphen [-]
- Space [ ]
- No delimiter
Only those card numbers containing the selected delimiter(s) will be masked.If none
of the delimiter options are selected, then ‘No delimiter’ will be considered by
default if card number masking is enabled. There should be a space boundary before
and after the card number to be identified and masked correctly.
Note: A card number can contain only single type of delimiter.
Card number should follow the below mentioned patterns. Card numbers not
following the patterns below will not be detected.
- 16-digit card numbers - ####D####D####D####
- 15-digit card numbers - ####D######D#####
- 14-digit card numbers - ####D######D####
- 13-digit card numbers - ####D###D###D###
Here '#' represents any numeric value and 'D' represents delimiter.
Custom Regular Expression
This option allows users to provide custom regular expressions for data detection and
redaction. To add the regular expression, enter the required regex in the 'Enter
a regular expression' field field and click the Add button.
Note:
- If there is more than one regular expression, separate them using a '~'. Hence ‘~’ should not be used as a part of custom regex. For example: [6-9]\d{9}~\d{4}-\d{2}. To update or delete a regular expression, modify or remove it from the regular expression text field.
- A maximum of five regular expressions are allowed and cannot have duplicate values.
- To remove a regex, select the required regular expression(s) from the list and click the Delete button.
The data redaction using the regular expression is based on the following
configurations:
- Portion to redact - This parameter decides which part of the detected data to be redacted in case of custom regular expression.
- Show last portion - Redacts all digits except the last portion. The portion here is decided based on the length of the match. If the length is lesser than eight digits, then only last two digits are shown, and rest is redacted. If the length is greater than or equal to eight digits, then last four digits will be shown, and rest of the digits will be redacted.
- Redact all - Redacts all digits.
Mask unprotected fields
This option allows users to control data masking in the unprotected, editable areas of the screen as plain text. By default, this option is enabled which indicates that any data in the unprotected fields that gets detected will be masked. To disable this option, clear the Mask unprotected fields checkbox.