Data Loss Prevention

 View Only

  • 1.  Inconsistent Data Identifier Matches for CC numbers

    Posted Jun 12, 2014 03:26 PM

    Hello:

    Version: DLP v 11.6.2.

    I'm using Vontu's pre-built data identifier for matching CC numbers in a policy configured at the Medium breadth.

    Within the medium breadth section, it shows the matching data patterns beginning with "2014", as shown below:


    06-12-2014 1-20-15 PM.jpg

     

    I have a department that sends out invoices that require payment from customers where the beginning 4 digits are "2014", as that is the current year, with 11 digits immediately following it.
    It has come to my attention that not all of the invoices have triggered the policy, even though all document have the "2014" prefix.

    For example: Invoice number "201401280000016" triggered the policy but "201401280000003" did not trigger it.
     

    I am not sure why certain invoice numbers will trigger the policy and others will not. I need to determine a root cause for the business unit and propose a solution. I do not want to reduce or raise the breadth as this might increase my false negatives and/or my false positives.
    Currently, we are operating using a static exclusion code I generated so they can conduct business uninterrupted.

    Please advise. I am postponing calling tech support until I hear from the boards.

    Cheers!



  • 2.  RE: Inconsistent Data Identifier Matches for CC numbers
    Best Answer

    Broadcom Employee
    Posted Jun 12, 2014 05:07 PM

    Hello,

    The issue is that you are not detecting credit cards. Your numbers must also pass the Luhn Test on Medium Bredth. You can see from this link that the first number passes, and the second does not.

    http://www.ee.unb.ca/cgi-bin/tervo/luhn.pl?N=201401280000016

    http://www.ee.unb.ca/cgi-bin/tervo/luhn.pl?N=201401280000003

    If you want to use that pattern for a non-CC number, then you would need to make your own DI using the pattern. Then you need to make sure that you do not use the Luhn Test in your validator section.

    I hope this helps.

    Best,

    Ryan



  • 3.  RE: Inconsistent Data Identifier Matches for CC numbers

    Posted Jun 13, 2014 10:36 AM

    Hi Ryan,

    That makes sense to me! Although I did not properly explain my issue you answered it anyway.

    The invoices are generating False Positives on some invoices but not all of them.

    Based upon your links, if the invoice number passes the Luhn test, then it will trigger the policy. If it does not pass the test, then it will not trigger the policy.

    Do I have that right?

    Cheers!




  • 4.  RE: Inconsistent Data Identifier Matches for CC numbers

    Broadcom Employee
    Posted Jun 13, 2014 01:21 PM

    PENguinn,

    That is correct. If the Luhn Test passes, then it is considered a credit card. If it fails the Luhn Test, it will not be considered a credit card and will not generate an incident.

    Best,

    Ryan