Masking Credit Card Numbers in Logs
Application Security Managerâ„¢ (ASM) can mask credit card numbers in request logs. By default, when you create a security policy, the option to mask credit card numbers is enabled. Wherever credit card numbers appear in logs and violation details, they will be replaced by asterisks. By default, the last four numbers of the credit card are exposed to allow legitimate parties to recognize and differentiate the number, such as on invoices.
Keeping the Mask Credit Card Numbers in Request Log option enabled is required for PCI compliance. You must use this option in addition to Data Guard and masking sensitive parameters to comply with the Protect Stored Cardholder Data requirement. Data Guard masks sensitive information, such as credit card numbers and social security numbers, in responses.
Sensitive parameters can conceal sensitive information that is passed as parameters, such as credit card numbers. Making a parameter sensitive guarantees that its values are always masked in logs. Using sensitive parameters is good for form fields that are designated to contain sensitive data (like credit card numbers). But since a user can include credit card numbers in other places, enabling the Mask Credit Card Numbers in Request Log option looks for them anywhere in the request and masks them, providing an additional layer of security.
You can make sure that a security policy is set up to mask credit card numbers in logs and violations. This protects sensitive information, specifically credit card numbers, more securely.
-
On the Main tab, click Security > Application Security > Security Policies > Policies List.
The Policy Properties screen for the current edited policy opens.
-
Enable Mask Credit Card Numbers in Request Log if it is not already enabled.
-
Click Save to save your settings.
The system now looks for occurrences of credit card numbers in request logs, violations, suggestions, and reports and replaces them with asterisks.