DLP - Credit Card Testing
| Situation |
|
|---|---|
| Solution | Testing credit card numbers for DLP may not be working properly |
How credit cards are viewed with DLP
Credit card false negatives
Credit card DLP false negatives come primarily in the form of non-valid formatting. Credit cards use a specific algorithm through the appropriate company when they generate card numbers. You cannot simply use any 15/16-digit string. .
- Different card services have various formats.
- traditional 16 digit strings using the format of ####-####-####-####
- Dashes must be used, and in the correct location
- 4-4-4-4 format
- traditional 15 digit strings using the format of ####-######-#####
- Dashes must be used, and in the correct location
- 4-6-5 format
- Some card services uses the formats like these:
- 4-4-5
- 4-4-4-3
- 4-6-4
Formatting
- Generally accepted that dashes are the norm for credit cards. Any other type of separator, even a space, is not recognized
- No spaces, a continuous string of digits, is also an acceptable format (see table below).
Test credit card numbers
If you wish to test against some credit cards, here are a few vendors and test card numbers:
| Credit Card Vendor | Credit Card Number |
| American Express | 371449635398431 |
| Diners Club | 30569309025904 |
| MasterCard | 5555555555554444 |
| Visa | 4111111111111111 |
For additional information on the overall DLP, please see Data Loss Prevention (DLP) FAQs