This feature offers options for the responsible handling of sensitive data, like credit card numbers, in your OTRS system. With the help of this function, it is possible to hide credit card numbers for new tickets and articles, as well as articles already stored in the system. Additionally, flexibly configurable warning messages for the credit card number can be automatically set and showed.
This mechanism for recognizing credit cards works for cards with 13, 15 or 16 digits. All articles of a ticket in the system will be scanned for valid credit card numbers before storing. Then, the majority of the digits will be encoded before storage in the system.
- Benefits
-
-
Improved data protection.
-
Less security risks for credit card data.
-
- Target Groups
-
-
Customer service
-
Finance
-
Sales
-
Order management
-
Complaint management
-
Legacy Credit Card Masking
A console command exists to treat already stored credit card numbers in the system. This command will mask any unmasked valid credit card number in the article database table.
Note
This feature is only available to On-Premise customers. If you are a Managed customer, this feature is taken care of by the Customer Solutions Team in OTRS. Please contact us via support@otrs.com or in the OTRS Portal.
To mask the existing credit card numbers:
-
Make sure that setting
OTRSCreditCardFilter::ActiveMaskEnabled
is not enabled. -
Create one or more tickets with valid credit card information.
Issuing Network,Card Number JCB,3528988095245935 JCB,3112606824580636 JCB,3096030869937728 JCB,3112437499296450 JCB,3096010732100407 JCB,3528461498782367 JCB,3112892137191440 JCB,3088814635323630
-
Open the ticket detail view to make sure that the credit card numbers are not masked.
-
Execute the following command in the command line to mask the credit card numbers:
otrs> /opt/otrs/bin/otrs.Console.pl Maint::Ticket::MaskCreditCard --restart yes
-
Refresh the ticket detail view. The article the body will shown as:
Issuing Network,Card Number JCB,352898xxxxxx5935 JCB,311260xxxxxx0636 JCB,309603xxxxxx7728 JCB,311243xxxxxx6450 JCB,309601xxxxxx0407 JCB,352846xxxxxx2367 JCB,311289xxxxxx1440 JCB,308881xxxxxx3630
This script starts masking the credit card numbers on last articles first, since they are the most common used, so the results can be seen faster.
See also
For more information about the Maint::Ticket::MaskCreditCard
parameters, execute the following command:
otrs> /opt/otrs/bin/otrs.Console.pl Maint::Ticket::MaskCreditCard --help
The architecture of this script is designed to avoid affecting the system performance by working in batches and waiting between each batch. The number of processed articles per batch and the wait time between batches can be fine tuned to match system performance.
The script is also designed to remember last processed article and start again from that, allowing to stop the process at a certain time and resume later. There is an override to force starting again from the beginning.
You could specify an end date so only articles until that date will be processed (e.g. if you started automatic masking at a certain date), also it is possible to specify the number of articles to process per run.
Mask Credit Card
This feature is a complete subsystem that allows the following:
-
Automatically show a warning message next to a credit card number (not storable).
-
Mask credit card numbers for new tickets and articles.
-
Mask credit card numbers contained in articles already stored in the system.
The credit card detection mechanism requires credit card numbers of 13, 15 or 16 digits. These credit card numbers should be at least potentially valid numerically, which means they pass the Luhn algorithm test.
For the current version only a subgroup of all potentially valid credit card number are detected. This is the list of the credit cards numbers that are considered valid:
-
Visa 16 digits starting with a 4.
-
Visa 13 digits starting with a 4.
-
MasterCard 16 digits starting with 51 to 55.
-
Discover 16 digits starting with 6011, 6121-29 to 6229-25, 644 to 649 or 65.
-
JCB 16 digits starting with 3088, 3096, 3112, 3158, 3337 or 3528 to 3589.
-
JCB 15 digits starting with 1800, 2100 or 2131.
-
American Express 15 digits starting with 34 or 37.
For successful detection, the digits of these credit card numbers are allowed without separation or with a single separator in groups of digits as 4-4-4-4, 4-4-4-3, 4-4-4-1 or 4-6-5 (the last combination for American Express only). Allowed separators are -
, +
, /
, .
or a combination thereof.
Valid credit card numbers that are a subset of a bigger number are not considerate as credit card numbers. This is to avoid false positives, e.g. a serial number that contains a (not intentionally) valid credit card number. Valid credit card numbers should be enclosed by at least one non-numeric character.
Active Credit Card Masking
When this feature is enabled, every article will be scanned for valid credit card numbers before it is saved on the database. In case of any findings in subject or body, all but the first six and the last four digits will be replaced by a configurable masking character.
See also
The behavior can be changed with the following settings in the system configuration:
-
OTRSCreditCardFilter::ActiveMaskEnabled
-
OTRSCreditCardFilter::MaskedCharacter
For example 1234-5678-9012-3456 becomes 1234-56xx-xxxx-3456.
Warning
This procedure is permanent and irreversible!
To use this feature:
-
Create a ticket with the following article body:
Issuing Network,Card Number JCB 15 digit,180061388939823 JCB 15 digit,180079668437698 JCB 15 digit,180001434886883 JCB 15 digit,180044208063503 JCB 15 digit,180010497338476 JCB 15 digit,210004248524033 JCB 15 digit,210012319871803 JCB 15 digit,180094846333594 JCB 15 digit,210084424984649 JCB 15 digit,210012951351973 JCB 15 digit,210008094074787 JCB 15 digit,210081171733450
-
Open the ticket detail view to see the created ticket. The body of the article will shown as:
Issuing Network,Card Number JCB 15 digit,180061xxxxx9823 JCB 15 digit,180079xxxxx7698 JCB 15 digit,180001xxxxx6883 JCB 15 digit,180044xxxxx3503 JCB 15 digit,180010xxxxx8476 JCB 15 digit,210004xxxxx4033 JCB 15 digit,210012xxxxx1803 JCB 15 digit,180094xxxxx3594 JCB 15 digit,210084xxxxx4649 JCB 15 digit,210012xxxxx1973 JCB 15 digit,210008xxxxx4787 JCB 15 digit,210081xxxxx3450
-
You can also try with valid credit card numbers in the subject or fetch a mail with valid credit card information using a postmaster account.
Credit Card Warning Message
It is possible to display a warning message next to the credit card number.
To use this feature:
-
Make sure that setting
OTRSCreditCardFilter::ActiveMaskEnabled
is not enabled. -
Make sure that setting
OTRSCreditCardFilter::WarningTextEnabled
is enabled. -
Define your custom message in setting
OTRSCreditCardFilter::WarningText
in the system configuration. -
Create a ticket with the following article body:
Issuing Network,Card Number JCB,3528988095245935 JCB,3112606824580636 JCB,3096030869937728 JCB,3112437499296450 JCB,3096010732100407 JCB,3528461498782367 JCB,3112892137191440 JCB,3088814635323630
-
Open the ticket detail view. The warning message should appear next to the credit card number.
Issuing Network,Card Number JCB,3528988095245935 Reminder: You should not store credit card numbers in this product! JCB,3112606824580636 Reminder: You should not store credit card numbers in this product! JCB,3096030869937728 Reminder: You should not store credit card numbers in this product! JCB,3112437499296450 Reminder: You should not store credit card numbers in this product! JCB,3096010732100407 Reminder: You should not store credit card numbers in this product! JCB,3528461498782367 Reminder: You should not store credit card numbers in this product! JCB,3112892137191440 Reminder: You should not store credit card numbers in this product! JCB,3088814635323630 Reminder: You should not store credit card numbers in this product!
You can also try with valid credit card numbers in the subject or fetch a mail with valid credit card information using a postmaster account.