Detecting Credit Card Numbers in Network Traffic

The Payment Card Industry Data Security Standard (PCI-DSS for short), requires that credit card numbers are not transmitted in clear and are not presented to users unmasked. Naturally a network monitoring systems such as an IDS or an IPS seems like a natural enforcement system to ensure that such information is not sent against the regulation over a network. But closer examination shows that implementation is far from trivial. This writeup would discuss several aspects of implementing a network monitoring system to detect leakage of credit card numbers.

Read the article HERE.