Description
The Message Rules under the "Filtering" tab include a credit card template as an option. The template can be applied to email that is inbound, outbound, or both. Increased regulations and compliance rules demand that sensitive information is protected, and the credit card template provides a quick option to take action on detection of credit card numbers in an email.
The credit card template evaluates the raw body content of a message for credit card matches. The rule has some intelligence to look for valid credit card numbers rather than just a digit count or pattern. However, this means the rule is not perfect, and there is a possibility of card numbers being missed or having false positives due to code in the raw body content.
IMPORTANT NOTE: If you are managing a domain with credit card templates that have been enabled prior to December 11, 2017, please disable and immediately enable the policy template to ensure the latest template is applied.
Applies to:
Console, Message Rules, CloudFilter, SafeSend, Bracket
Using the Template
Requirements
The credit card template can be applied to the domain, user group, and individual user levels. Some of the template's features have requirements to make actions available.
- Inbound Email
- Available with CloudFilter
- Template is not turned on by default
- Outbound Email
- Requires a user group enabled with SafeSend
- Template is not turned on by default
- Encrypt Email
- Requires a user group enabled with Bracket encryption
- Template is not turned on by default
- Default template action is to quarantine outbound email
Enabling the Template
To enable the credit card template, go to the Message Rules under the "Filtering" tab for the domain or a user group. If setting the rule at the domain level, find the link at the top of the domain page under the "Filtering" tab as shown in Figure 1.
Fig. 1
The credit card templates are turned off by default. If the domain or user group you are managing has SafeSend enabled, you will be able to enable the credit card rule as an outbound rule. You can adjust the rule being inbound or outbound by using the drop-down shown in Figure 2.
Fig. 2
As shown in Figure 3, you can select the Credit Card template. Once this is selected, you can name the rule and select "Create." Once you select create, you will be placed into a section that allows you to edit the rule. If you want to leave the rule as is, you can select the back arrow in the top left-hand corner as shown in Figure 4.
Fig. 3
Fig. 4
Changing the Action with Bracket Encryption
Managing a user group with Bracket encryption enabled will provide the additional setting option to change the action taken when an outbound email matches the credit card template rule. By default, the response will be to quarantine the outbound message to the policy quarantine. The action can be changed to Encrypt with Bracket which will send the message through Bracket encryption regardless of the subject line's content. The setting for outbound email to be encrypted when matching the credit card template is shown in Figure 3.
Fig. 3
Template Criteria
Matching the Rule
Credit card numbers are not a random set of digits in a particular pattern. Each bank or card issuer has a set of numbers that identify the bank, called an Issuer Identification Number (IIN). The credit card template looks for valid card issuer numbers to reduce the false positives that would otherwise occur.
For detailed information about IINs, please visit the Wikipedia page on Issuer Identification Numbers.
The credit card template looks for and recognizes the following credit card issuers:
- American Express
- Discover Card
- JCB
- MasterCard (including the new 2221 - 2739 range)
- Visa
The rule will evaluate a number if it begins with whitespace or on a new line. The rule will recognize 15- or 16-digit strings of numbers as well as spaces or dashes in the appropriate places traditionally found with credit card numbers.
False Positives and Misses
The rule attempts to be inclusive of the common ways users send credit card information while reducing false positives by checking for valid card issuer numbers. However, a "perfect credit card" rule does not exist, and users can type in numbers that may create a false positive or missed match situation.
Also, keep in mind, the rule evaluates emails on the raw body content which can include HTML, MIME, and other encoding information that can trigger a false positive. The rule attempts to reduce those false positives by looking for white space before the beginning of the number and possible punctuation at the end.
Despite best efforts and the possibility that card issuers make a change, please be aware the credit card template should not be considered "fool-proof."
If you have additional questions about the credit card template and how it may or may not have matched on a particular email, please contact Mailprotector Support.
Comments