IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

To mask Credid Card Information in a non VSAM PDS


IBM Mainframe Forums -> All Other Mainframe Topics
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Fri Feb 06, 2009 3:49 pm
Reply with quote

I need to mask some Credit Card Information in a non VSAM PDS before writing to a GDG tape. Can i use regular expression in REXX to do that or is this possible using SORT utility? The Credit Card Information is available in a regular format which starts like "PMT+1:"
Back to top
View user's profile Send private message
enrico-sorichetti

Superior Member


Joined: 14 Mar 2007
Posts: 10872
Location: italy

PostPosted: Fri Feb 06, 2009 4:07 pm
Reply with quote

data masking is a security and privacy issue that should not be based on forum replies,

too many legal issues and concern

it should be planned at the highest organization levels
and implemented using proper tools and techniques
( auditable and certified )

speak to Your security support group / Your manager

P.S. output being a GDG is irrelevant to the process
a non VSAM PDS is a redundancy
a dataset is VSAM or PDS
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8696
Location: Dubuque, Iowa, USA

PostPosted: Fri Feb 06, 2009 4:25 pm
Reply with quote

I don't believe masking credit card data meets PCI (Payment Card Industry) requirements -- encryption is the requirement. If the data is encrypted, masking is not necessary since the data is not available in plain text. If the data is unencrypted, PCI compliance fails and there is signifcant exposure to legal liability -- as TJ Maxx and Hannaford have found out -- so there is a major management issue there.
Back to top
View user's profile Send private message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Fri Feb 06, 2009 8:40 pm
Reply with quote

I should probably term it Override with a wild character like X or * instead of masking. The intention is to prevent reading the credit card number in a file being sent to a VM system.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8696
Location: Dubuque, Iowa, USA

PostPosted: Fri Feb 06, 2009 8:52 pm
Reply with quote

You can call it masking, or you can call it override, but the credit card industry standard is that credit card number not be stored on disk in the clear. And if you're needing masking (override, or whatever you call it) your site is not complying with PCI rules. My recommendation is to change the source data so you don't have the issue.
Back to top
View user's profile Send private message
RanjitRaveendran
Warnings : 1

New User


Joined: 24 Nov 2008
Posts: 20
Location: Bangalore

PostPosted: Mon Feb 09, 2009 4:25 pm
Reply with quote

You are right, and they are going to encypt the data at the source in future. Right now i have some past data in tapes which is what i need to hide from someone reading.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8696
Location: Dubuque, Iowa, USA

PostPosted: Mon Feb 09, 2009 5:55 pm
Reply with quote

Recommendation 1. Implement very tight security rules through your security product on the tapes with credit card data.
Recommendation 2. There are commercially available products that do field level encryption; use one of them to encrypt the data as you copy from one tape to another.
Recommendation 3. If Recommendation 2 is not possible, develop some in house encryption routine (but be aware that it is almost certainly not going to be secure enough to meet PCI requirements -- it is extremely difficult to do a good encryption routine). Copy the tapes using your in house routine.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> All Other Mainframe Topics

 


Similar Topics
Topic Forum Replies
No new posts Access to non cataloged VSAM file JCL & VSAM 18
No new posts JCL sort card - get first day and las... JCL & VSAM 9
No new posts Capturing Job Execution Information All Other Mainframe Topics 3
No new posts Merge two VSAM KSDS files into third ... JCL & VSAM 6
No new posts CVDA value for RRDS VSAM dataset. CICS 2
Search our Forums:

Back to Top