General
cancel
Showing results for 
Search instead for 
Did you mean: 

sed - masking credit card numbers

SOLVED
Go to solution
Gary Hines
Advisor

sed - masking credit card numbers

Hi,
I'm hoping someone can help me with a sed statement (or if sed is even appropriate for this). I have a bunch of log files that have credit card numbers in them, and I need to mask the credit card numbers. All the credit cards are 16 digits and start with a 4 or 5. I want to replace the middle 8 digits with an asterisk (*). I've tried a number of things, but haven't been able to get it to work. Can someone please help me out? Thanks for any help or pointers in the right direction.
8 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: sed - masking credit card numbers

Hi Gary:

I prefer Perl since it probably has the most robust regular expressions available:

# perl -pe 's/\b(45\d\d)(\d{8})(\d{4})\b/$1\*\*\*\*\*\*\*\*$3/g' file

This will look for 16-digit numbers beginning with "45" and bounded by word "boundry" (\b) characters (e.g. whitespace) on either end. A '\d' is any digit. We escape the "*" to avoid special meaning. The '{n}' is a shorthand for the number of repetitions.

Regards!

...JRF...
Steven Schweda
Honored Contributor

Re: sed - masking credit card numbers

It might be easier to suggest something
useful if you provided a sample of the data
to be mutilated.
Dennis Handly
Acclaimed Contributor
Solution

Re: sed - masking credit card numbers

Here is something similar with sed:
sed -e 's/\([45][0-9]\{3\}\)[0-9]\{8\}\([0-9]\{4\}\)/\1********\2/' file

This will replace any 16 digit string that starts with 4 or 5. Even if embedded in a longer digit string. If we need to disallow that, we can add delimiters at the beginning and end.
Suraj K Sankari
Honored Contributor

Re: sed - masking credit card numbers

Hi,

With awk also you can do the same
awk '{ if (substr($0,1,2)=="45") printf "%s********%s\n",substr($0,1,4),substr($0,12,4) }'outputfile

Suraj
Suraj K Sankari
Honored Contributor

Re: sed - masking credit card numbers

Hi Again,

Or you can use this also

awk '{ if (substr($0,1,2)=="45") printf "%s********%s\n",substr($0,1,4),substr($0,12,4)
else print $0
}'
Suraj
Steven E. Protter
Exalted Contributor

Re: sed - masking credit card numbers

Shalom,

Allow me to point out the obvious.

Credit card numbers should NEVER exist in clear text on a Unix or Linux system.

They should always be in a secure database, with encrypted access.

The fact you are even trying this scares the hell out of me.

Good luck with the sed command, you got good answers.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
OFC_EDM
Respected Contributor

Re: sed - masking credit card numbers

To add to Stevens comment:

I wonder about the legality of keeping credit card numbers in plain text.

Do a google search and you'll find plenty of information regarding the legal requirements for storing different types of data....the complexity of the information is huge.

To make your life easier contact your Storage Manager and your companies legal department for guidance on how you should store the credit card information.

Without knowing your architecture I have to assume you're not in a good legal position right now.

Regards

Noticed in your profile you're in the US.
Found this link which may assist you
http://www.cit.cornell.edu/security/requirements/secreqs-confidentialdata.html

In that link is another link to https://www.pcisecuritystandards.org/

They look like good starting points to find out your legal requirements for storing the credit card data.
The Devil is in the detail.
Gary Hines
Advisor

Re: sed - masking credit card numbers

We found this problem during an internal security audit in which an older portion of code had been used incorrectly. That has been fixed, and we are erasing all the older log files. I wanted to keep the last two weeks of logs for problem tracking, and so the request for help on the sed statement to mask the numbers. Other than this occurrence, all the numbers are kept in encrypted files/columns.