I guess the key requirement here is "I'm about to write this string to a log file, is there a chance there's a credit card number in here?". All other things considered, this is reasonably good safeguard. I'd imaging if the quick and dirty regex I listed picks anything up, you could do a further mod10 to validate against valid credit card numbers etc.
All seems a bit iffy though doesn't it. If a CC # has gotten its way to a log file, you really need to question your developers. On Wed, 18 Dec 2019 at 23:11, Grant Maw <grant....@gmail.com> wrote: > I thought all credit cards use the Mod10 (Kuhn) algorithm. I seem to > remember it being a safeguard against data entry errors back in the day, > so this is possibly a hangover from those days. > > We never validate card numbers. We pass the card data to the processing > gateway and let their APIs handle all that stuff. Less code for us to > maintain. > > On Wed, 18 Dec. 2019, 3:33 pm Preet Sangha, <preetsan...@gmail.com> wrote: > >> Hi Ed, >> >> Thanks for that. We are an large enterprise platform doing thousands of >> transactions via gateways - CC info is normally flowing through our code >> except in the most secure of ways - we are PCI compliant. However to be >> extra careful I'm trying to remove anything that looks like a known CC >> shape from logging. It's to prevent issues in case someone inadvertently >> stores CC in fields that they shouldn't. Yes there education but sometimes >> mistakes happen. >> >> regards, >> Preet, in Auckland NZ >> >> >> >> On Wed, 18 Dec 2019 at 16:57, <eddie.deb...@gmail.com> wrote: >> >>> Hi Preet, >>> >>> >>> >>> I don’t know of any libraries that handle this, but I do have a question >>> for you. >>> >>> >>> >>> Why are you validating credit card info? >>> >>> >>> >>> I ask this because if you are validating card info then you are >>> handling/processing card info. Any business handling credit card >>> information should have PCI-DSS compliance. >>> >>> >>> >>> Personally, I find it is much easier to use external providers (eway, >>> paypal et al) to handle the whole payment process, meaning your code never >>> needs to touch a credit card number and you never have to worry about >>> compliance, *security etc. >>> >>> >>> >>> Just a another random thought, YMMV. >>> >>> >>> >>> *Security of the card information >>> >>> >>> >>> Ed. >>> >>> >>> >>> *From:* ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com> *On >>> Behalf Of *Preet Sangha >>> *Sent:* Wednesday, 18 December 2019 2:41 PM >>> *To:* ozDotNet <ozdotnet@ozdotnet.com> >>> *Subject:* >>> >>> >>> >>> Would anyone know of any credit card validation/detection or similar >>> libraries that we may be able incorporate into our .net framework code >>> (preferably in nuget form) in order to eliminate our own hand coded regexs >>> please? >>> >>> >>> >>> Regards Preet >>> >>> >>> >> -- Alan Ingleby