Credit card number data masking policy
The credit card number data masking policy generates an appropriate mask for credit card numbers based on the source data. The Data Masking stage supports data masking for American Express, MasterCard, Visa, and Discover credit cards.
Supported data types
The credit card number masking policy can be applied to one of the following data types:
| SQLType | Extended | Length | Scale | Nullable | Note |
|---|---|---|---|---|---|
| Char | 13 or longer | N/A | Yes or No | Cannot contain null characters. | |
| Char | Unicode | 13 or longer | N/A | Yes or No | Cannot contain null characters. |
| NChar | 13 or longer | N/A | Yes or No | Cannot contain null characters. | |
| VarChar | 13 or longer | N/A | Yes or No | Cannot contain null characters. | |
| VarChar | Unicode | 13 or longer | N/A | Yes or No | Cannot contain null characters. |
| NVarChar | 13 or longer | N/A | Yes or No | Cannot contain null characters. | |
| BigInt | Unsigned | N/A | N/A | Yes or No |
Masking policy options
- Mask Mode
Use one of the following options to specify modes of masking data:
- Repeatable Masking
- The first four digits of the credit card number are copied from the source to the output and the rest of the digits are masked. This type of masking is repeatable for data from the same source, regardless of the order.
- Use 4 issuer digits
- The first four digits of the credit card number are copied from the source to the output. The remaining part of the credit card number is appended with the masked account number and a check digit. A check digit is a digit added to a number that validates the authenticity of the number. When this option is used, different runs for the same input can result in different numbers. The uniqueness of the number is guaranteed only when the Data Masking stage job runs in the sequential mode or runs on one node.
- Use 6 issuer digits
- The first six digits of the credit card number are copied from the source to the output. The remaining part of the credit card number is appended with the masked account number and a check digit. When this option is used, different runs for the same input can result in different numbers. The uniqueness of the number is guaranteed only when the Data Masking stage job runs in the sequential mode or runs on one node.
Examples
The following examples show what the masked data might look like after the masking policy is applied. In these examples, the original value is 3400 1100 0000 063.| Parameter | Example of masked data |
|---|---|
| Repeatable masking | 3400 1065 4300 068 |
| Use 4 issuer digits | 3400 4100 0000 011 |
| Use 6 issuer digits | 3400 1165 4300 066 |