Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

To mask Credid Card Information in a non VSAM PDS

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics
View previous topic :: :: View next topic  
Author Message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Fri Feb 06, 2009 3:49 pm    Post subject: To mask Credid Card Information in a non VSAM PDS
Reply with quote

I need to mask some Credit Card Information in a non VSAM PDS before writing to a GDG tape. Can i use regular expression in REXX to do that or is this possible using SORT utility? The Credit Card Information is available in a regular format which starts like "PMT+1:"
Back to top
View user's profile Send private message

enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10210
Location: italy

PostPosted: Fri Feb 06, 2009 4:07 pm    Post subject: Reply to: To mask Credi Card Information in a nov VSAM PDS.
Reply with quote

data masking is a security and privacy issue that should not be based on forum replies,

too many legal issues and concern

it should be planned at the highest organization levels
and implemented using proper tools and techniques
( auditable and certified )

speak to Your security support group / Your manager

P.S. output being a GDG is irrelevant to the process
a non VSAM PDS is a redundancy
a dataset is VSAM or PDS
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7931
Location: Bellevue, IA

PostPosted: Fri Feb 06, 2009 4:25 pm    Post subject:
Reply with quote

I don't believe masking credit card data meets PCI (Payment Card Industry) requirements -- encryption is the requirement. If the data is encrypted, masking is not necessary since the data is not available in plain text. If the data is unencrypted, PCI compliance fails and there is signifcant exposure to legal liability -- as TJ Maxx and Hannaford have found out -- so there is a major management issue there.
Back to top
View user's profile Send private message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Fri Feb 06, 2009 8:40 pm    Post subject: Reply to: To mask Credi Card Information in a nov VSAM PDS.
Reply with quote

I should probably term it Override with a wild character like X or * instead of masking. The intention is to prevent reading the credit card number in a file being sent to a VM system.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7931
Location: Bellevue, IA

PostPosted: Fri Feb 06, 2009 8:52 pm    Post subject:
Reply with quote

You can call it masking, or you can call it override, but the credit card industry standard is that credit card number not be stored on disk in the clear. And if you're needing masking (override, or whatever you call it) your site is not complying with PCI rules. My recommendation is to change the source data so you don't have the issue.
Back to top
View user's profile Send private message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Mon Feb 09, 2009 4:25 pm    Post subject: Reply to: To mask Credid Card Information in a non VSAM PDS
Reply with quote

You are right, and they are going to encypt the data at the source in future. Right now i have some past data in tapes which is what i need to hide from someone reading.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7931
Location: Bellevue, IA

PostPosted: Mon Feb 09, 2009 5:55 pm    Post subject:
Reply with quote

Recommendation 1. Implement very tight security rules through your security product on the tapes with credit card data.
Recommendation 2. There are commercially available products that do field level encryption; use one of them to encrypt the data as you copy from one tape to another.
Recommendation 3. If Recommendation 2 is not possible, develop some in house encryption routine (but be aware that it is almost certainly not going to be secure enough to meet PCI requirements -- it is extremely difficult to do a good encryption routine). Copy the tapes using your in house routine.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts how to recover an uncataloged VSAM da... archanamuthukrishnan All Other Mainframe Topics 3 Wed Jan 11, 2017 6:18 pm
No new posts Underlying DB2 VSAM LDS - SMF recording vasanthz All Other Mainframe Topics 6 Thu Jan 05, 2017 4:20 am
No new posts BWO option in VSAM blayek CICS 3 Sat Nov 05, 2016 10:47 am
This topic is locked: you cannot edit posts or make replies. How to use 2 input files in control c... Gunapala CN DFSORT/ICETOOL 23 Thu Oct 13, 2016 3:42 pm
No new posts VSAM define for large file jerryte JCL & VSAM 9 Wed Oct 05, 2016 1:51 am


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us