K8638: Data Guard Credit Card Matching

K8638: Data Guard credit card matching

Non-Diagnostic

Original Publication Date: Oct 20, 2015

Update Date: Mar 1, 2021

Topic

The BIG-IP ASM Data Guard feature allows you to configure response scrubbing for sensitive user information, such as credit card numbers or social security numbers. When Data Guard accumulates a response for the purpose of data scrubbing, the system uses the following criteria to determine whether a credit card number exists in the response and is eligible to be scrubbed:

A credit card number must be a series of 12 to 19 digits that may or may not have delimiters between groups. The delimiter is one of the following characters: space ( ) minus sign ( - ) period ( . ) The following table outlines credit card numbers that are supported by the BIG-IP ASM system.

Card type Prefix Length 34 American Express 15 37 560221- Bankcard 560225* 16 5610 62 China UnionPay 16-19 88 4 4175 Dankort 16 4571 5019 Diners Club Carte Blanche 300-305 14 2014* Diners Club enRoute 15 2149* 300-305 309* Diners Club International 36 14 38 39* Diners Club United States and 54 Canada 55 16 6011 622126- Discover Card 622925 16, 19 644-649* 65* InterPayment 636 16-19 InstaPayment 637-639 16 1800 15 JCB 2131 3528-3589 16 6304 6706 Laser 16-19 6709 6771 50 Maestro 56-69* 12-19 6761-6763 2221-2720* MasterCard 16 51-55 NSPK MIR 2200-2204 16 6334 16, 18, Solo 6767 19 4903 4905 16 4911 4936 Switch 564182 633110 16, 18, 6333 19 6759 UATP 1 15 506099- 506198 Verve 16, 19 650002- 650027* Visa 4 13, 16

*These prefixes are supported starting from BIG-IP 13.0.0.

The following is an example of a 16-digit value that is a valid Luhn number:

4012 8888 8888 1881 Note: The BIG-IP ASM Data Guard feature does not block or mask 13-digit MasterCard numbers.

After Data Guard locates a pattern matching a credit card number, the BIG-IP ASM system applies the Luhn algorithm (MOD 10) to the number. If the number is a valid Luhn number, and the length and prefix matches a valid credit card number, Data Guard blocks or scrubs the data.

Supplemental Information

K12240: Data Guard does not recognize some credit card numbers K15511: Commonly used PCREs in the BIG-IP ASM Data Guard feature for masking sensitive data

Applies to:

Product: BIG-IP, BIG-IP ASM 16.X.X, 15.X.X, 14.X.X, 13.X.X, 12.X.X, 11.X.X, 10.X.X