Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

To mask Credid Card Information in a non VSAM PDS

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics
View previous topic :: :: View next topic  
Author Message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Fri Feb 06, 2009 3:49 pm    Post subject: To mask Credid Card Information in a non VSAM PDS
Reply with quote

I need to mask some Credit Card Information in a non VSAM PDS before writing to a GDG tape. Can i use regular expression in REXX to do that or is this possible using SORT utility? The Credit Card Information is available in a regular format which starts like "PMT+1:"
Back to top
View user's profile Send private message

enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10274
Location: italy

PostPosted: Fri Feb 06, 2009 4:07 pm    Post subject: Reply to: To mask Credi Card Information in a nov VSAM PDS.
Reply with quote

data masking is a security and privacy issue that should not be based on forum replies,

too many legal issues and concern

it should be planned at the highest organization levels
and implemented using proper tools and techniques
( auditable and certified )

speak to Your security support group / Your manager

P.S. output being a GDG is irrelevant to the process
a non VSAM PDS is a redundancy
a dataset is VSAM or PDS
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8117
Location: East Dubuque, Illinois, USA

PostPosted: Fri Feb 06, 2009 4:25 pm    Post subject:
Reply with quote

I don't believe masking credit card data meets PCI (Payment Card Industry) requirements -- encryption is the requirement. If the data is encrypted, masking is not necessary since the data is not available in plain text. If the data is unencrypted, PCI compliance fails and there is signifcant exposure to legal liability -- as TJ Maxx and Hannaford have found out -- so there is a major management issue there.
Back to top
View user's profile Send private message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Fri Feb 06, 2009 8:40 pm    Post subject: Reply to: To mask Credi Card Information in a nov VSAM PDS.
Reply with quote

I should probably term it Override with a wild character like X or * instead of masking. The intention is to prevent reading the credit card number in a file being sent to a VM system.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8117
Location: East Dubuque, Illinois, USA

PostPosted: Fri Feb 06, 2009 8:52 pm    Post subject:
Reply with quote

You can call it masking, or you can call it override, but the credit card industry standard is that credit card number not be stored on disk in the clear. And if you're needing masking (override, or whatever you call it) your site is not complying with PCI rules. My recommendation is to change the source data so you don't have the issue.
Back to top
View user's profile Send private message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Mon Feb 09, 2009 4:25 pm    Post subject: Reply to: To mask Credid Card Information in a non VSAM PDS
Reply with quote

You are right, and they are going to encypt the data at the source in future. Right now i have some past data in tapes which is what i need to hide from someone reading.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8117
Location: East Dubuque, Illinois, USA

PostPosted: Mon Feb 09, 2009 5:55 pm    Post subject:
Reply with quote

Recommendation 1. Implement very tight security rules through your security product on the tapes with credit card data.
Recommendation 2. There are commercially available products that do field level encryption; use one of them to encrypt the data as you copy from one tape to another.
Recommendation 3. If Recommendation 2 is not possible, develop some in house encryption routine (but be aware that it is almost certainly not going to be secure enough to meet PCI requirements -- it is extremely difficult to do a good encryption routine). Copy the tapes using your in house routine.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts VSAM Space Allocation mrgnndhmk JCL & VSAM 7 Sat Apr 22, 2017 12:42 am
No new posts how to mask the phone number kumarinfy DB2 4 Mon Apr 03, 2017 5:23 pm
No new posts Updating a VSAM file with DISP=OLD sheersh JCL & VSAM 8 Tue Mar 14, 2017 6:14 pm
No new posts SORT VSAM file with each field one by... maxsubrat DFSORT/ICETOOL 6 Tue Mar 14, 2017 1:07 pm
No new posts VSAM RLS=NRI while doing IDCAMS sheersh JCL & VSAM 1 Tue Mar 07, 2017 1:55 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us