Home > DLP & PCI DSS, Linux, Security, Windows > REGEX for credit cards

REGEX for credit cards

Pretty useful stuff for DLP & PCI DSS purposes:

  • VISA cards: ^4[0-9]{12}(?:[0-9]{3})?$
  • Mastercard: ^5[1-5][0-9]{14}$
  • American Express: ^3[47][0-9]{13}$
  • Diners Club: ^3(?:0[0-5]|[68][0-9])[0-9]{11}$
  • Discover: ^6(?:011|5[0-9]{2})[0-9]{12}$
  • JCB: ^(?:2131|1800|35\d{3})\d{11}$

With two simple modifications, you could use any of the above regexes to find card numbers in larger documents. Simply replace the caret and dollar with a word boundary, e.g.: \b4[0-9]{12}(?:[0-9]{3})?\b.

If you’re planning to search a large document server, a simpler regular expression will speed up the search. Unless your company uses 16-digit numbers for other purposes, you’ll have few false positives. The regex \b\d{13,16}\b will find any sequence of 13 to 16 digits.

When searching a hard disk full of files, you can’t strip out spaces and dashes first like you can when validating a single card number. To find card numbers with spaces or dashes in them, use \b(?:\d[ -]*?){13,16}\b. This regex allows any amount of spaces and dashes anywhere in the number. This is really the only way. Visa and MasterCard put digits in sets of 4, while Amex and Discover use groups of 4, 5 and 6 digits. People typing in the numbers may have different ideas yet.

Source of the info above is www.regular-expressions.info (good website, by the way…)

Here is a good on-line validator.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: