PCI Audit

A permissive policy for detecting potential credit-card-numbers. The policy contains several rules to address corner cases, such as numbers that appear as part of a long sequence, with user-defined delimiters etc. Most of the rules in the policy may cause high rate of false positives and are not recommended for usage in production mode. The rules for this policy are:

• PCI Audit: No Word Boundaries
• PCI Audit: Non-Delimited
• PCI Audit: User-Defined Delimiter
• PCI Audit: CCN and Expiration Date
• PCI Audit: CCN and CVV
• PCI Audit: CCN Without Validation
• PCI Audit: Credit Card Number (Extra Wide)
• PCI Audit: Credit Card Number (Default)
• PCI Audit: Credit Card Magnetic Strip
• PCI Audit: Masked Credit Card Number
• PCI Audit: CCN in Non-English Characters
• PCI Audit: User-Defined IIN (Wide)
• PCI Audit: User-Defined IIN (Default)
• PCI Audit: User-Defined IIN (Narrow)