Credit Card Number Redaction
Do you have credit card numbers stored in your corporate systems
that need to be removed?
Local councils hold a rich repository of highly sensitive personal information including residential addresses, health-related data, business and development proposals, tenders, ratepayer credit card details, tax file numbers, employee payroll files and much more.
Whilst working with a council on a Freedom of Information related redaction project, we discovered the presence of credit card numbers (CCN) within council’s corporate systems.
The presence of this sensitive data represented a compliance and privacy risk that council wanted to address. So, we developed a custom-built solution to assist clients to remove CCN and other sensitive data from corporate systems – in bulk.
Redaction of different file formats
We’ve found that credit card information is usually held in a variety of formats, both typed and hand-written, across a variety of systems. The transmission of credit card details via email systems as attachments, or as plain text is also often the major area of concern for clients.
Consequently, we’ve developed bespoke software that sifts through multiple systems to find and redact credit card numbers inside electronic records and then return those redacted records back to the system.
Experience and reference sites
We appreciate that this could be a sensitive issue for your council and you may want to speak with another council who has been through a similar process. We’d be happy to make a confidential introduction to a client that has been through the process.
PCI DSS Compliance
As a response to increased theft of credit card information, the different card brands (MasterCard, Visa, American Express and others) developed a minimum set of requirements for their merchants to follow. The standard created is called the Payment Card Industry Data Security Standard (PCI DSS).
The redaction of credit card details from document management systems is only one element required to comply with the PCI DSS. For further information about the standard and how organisation might obtain compliance we recommend referring to the Payment Card Industry Security Standards Council website www.pcisecuritystandards.org.