I understand the Auditor's concern, but I dont think this is a re Doc, I understand the Auditor's concern, but I dont think this is a realistic request. If your shop is like most shops there are Terabyte and Terabytes of data. Maybe a better approach would be to review application programs and see if any of them are asking or passing CC info to create files or DBs.. Scott J Ford www.identityforge.com
________________________________ From: Doc Farmer <[email protected]> To: [email protected] Sent: Tuesday, September 1, 2009 9:05:02 AM Subject: Dumb Question - Credit Card Number Scanner Okay, this one came to me yesterday. Somebody asked me if there were a way to search all files on a mainframe for credit card number information (you know, the 16-digit jobs) for a PCI audit. I know, I know, it could be 16 Alphanumeric, 16 Numeric, 9 Packed Decimal, or 8 Binary. I also know it would require searching EVERY file, and would probably need to use "test" card numbers in order to determine if they really exist. However, for some reason they want to know if a scanner is available. I'm figuring this could be done with ISPF's SuperC, or with CA-Easytrieve or CA-PanAudit, but if anybody knows of a PCI scanner for z/OS, I'd appreciate some names/links. Many thanks. Doc Farmer Senior Security Specialist InfoSec, Inc. Website: http://www.InfoSecInc.com e-Mail: [email protected] LI: http://www.linkedin.com/in/DocFarmer ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
