Any need for a Credit Card Filter?

Kevin_K · November 25, 2008, 2:07pm

We currently have openfire deployed in our company.

As part of PCI certification, we had the need to filter CC#'s out of all IM messages.

I wrote a quick plugin to do this (based very closely on the content filter plugin).

If there is any interest, I could post the plugin for all to enjoy.

Does anyone else have a need for this type of plug in?

Here are the basic differences between this and the content filter (or reasons why I didn’t just use the content filter).

The CC #'s are more than just a reg-exp. There is an additional checksum calculation to ensure it’s a CC #.
Masking. I made the masking a more like what you would get on a receipt (leave the last 4 #'s)
Different audience. The notification’s are identical to the content filter, but in our environment, who should get notified of PCI violations is different than who should get notified of “content violations”
Pre-defined reg-exp/Card types. By hard coding the reg-exp there is no chance for a mess up. Also The filter allows you to select which card type (Visa, MC, AmEx) you want to filter on.

There are probably some other differences, but that’s all I can think of for now.

NO_MESSAGES_OR_FRIEN · November 25, 2008, 2:45pm

I think there may be value in posting this.

Jason_L · November 25, 2008, 7:16pm

I would like to see this plugin and thanks.

Also with the plugin, does it or can it log when someone tries to transmit a CC# or will it just XXX it out.

sounds good and I can’t wait to see it.

Kevin_K · November 25, 2008, 7:22pm

Currently the plugin (because I copied it from the content fileter), has the options of:

im someone, send an email or do nothing.

In our environment sending an email is the appropriate action, so I didn’t do anything above and beyond what the content filter had.

If there is the need for a log message, it should be trivial to add in

Nicolas_de_C · November 25, 2008, 7:43pm

Can you please post it, This would be great one to protect the users that use my Jabber service.

Jason_L · November 25, 2008, 9:09pm

I am not a programmer so I have no idea on the difficulty of adding this, but can it filter social security #'s also? maybe then just release it as a pci plugin.

Jason_L · December 4, 2008, 1:11pm

any chance we can see this plugin?

Ray_Robertson · December 5, 2008, 5:07pm

We are also going through the PCI certification process and would find this very useful.