Set Up Information Privacy Dialog Box

Getting there

You can configure Information Privacy features to protect sensitive data so that it is not displayed on the screen or in productivity features, such as Screen History.

If you need to...

Do this...

Redact certain patterns of data that are outside the realm of credit card formats (e.g., US Social Security numbers).

Set up Privacy Filter Redaction Rules and Privacy Filters.

Redact credit card Primary Account Numbers (PANs) to meet PCI DSS requirements.

Set up Primary Account Number (PAN) Redaction Rules and Primary Account Number (PAN) Detection Rules.

Require secure connections
(as may be required for PCI DSS compliance).

Set up PCI DSS Rules.

Notes:

  • You can use Privacy Filters together with Primary Account Number (PAN) detection. To improve performance, do not duplicate existing PAN patterns in privacy filters.
  • Information Privacy settings do not apply to IBM host printer emulation.
  • If redaction is enabled, HLLAPI functions are disabled to prevent access to unredacted data through HLLAPI.

For detailed explanations, instructions, and examples that show how to set up Information Privacy features, see Setting up Information Privacy at http://support.attachmate.com/manuals/reflection2014.html

Privacy Filters Redaction Rules

Use privacy filters when you need to:

  • Redact certain patterns of data that are outside the realm of credit card formats (for example, US Social Security numbers or proprietary sensitive account numbers).
  • Redact Primary Account Numbers (PANs) that are outside of a 13-16 digit range. (PAN detection does not detect PANs that are outside of this range.)

The redaction rules specify how to redact sensitive data, based on the filters that you specify in Privacy Filters.

 

Redact data when used outside the terminal

Redacts sensitive data so that it is not displayed in productivity features, such as Office Tools integration, Screen History, Recent Typing, and Auto Complete. This option also obscures data from the Print Screen and Cut/Copy/Paste commands.

 

Redact display data (IBM terminals only)

Redacts data on screens after you navigate out of the current field.

Redact data while typing (IBM terminals only) redacts sensitive data as you type it in.

Privacy Filters

 

Add

Opens the Add Privacy Filter dialog box where you can define the filter.

 

Modify

Opens the Modify Privacy Filter dialog box where you can modify the regular or simple expression that defines the filter.

 

Delete

Deletes the selected filter.

Primary Account Number (PAN) Redaction Rules

You can set up redaction rules to redact PANs (credit card numbers) that appear in screen histories, the clipboard, and Microsoft Office applications. You can also choose to redact PAN data displayed on screens, either as the PAN is typed or after it is entered.

 

Enable Redaction

Redacts sensitive data, based on the rules that you specify in Primary Account Number (PAN) Detection Rules.

 

Portion of PAN to redact

Specifies how many digits of the PAN to redact.

 

Redact display data (IBM terminals only)

Redacts data after it is entered.

Redact data while typing (IBM terminals only) redacts data as it is typed.

 

Do not store typed PANs

Prevents PAN data from being saved in an external file or any component that saves screen data. This includes the data saved for the Screen History, Recent Typing, Auto Complete, Auto Expand, and Macro Recording features. It also includes data returned by the Reflection API CreditCardRecognized event.

Primary Account Number (PAN) Detection Rules

 

Custom Detection Rules

Add, modify, or delete the regular expressions used by the PAN Detection methods to detect PAN data.

 

Reflection PAN detection

Reflection PAN detection allows you to set up regular expressions to detect PAN data. Use this option when:

  • You need to define custom card issuer patterns to detect, such as oil company or department store cards.
  • PANs in your application appear in a non-contiguous format, such as multiple input fields of data arranged in a vertical table, or are entered using non-standard digit group separators.

 

 

Note: For more about how to use regular expressions to define rules or exceptions for PAN data, see Setting up Information Privacy at http://support.attachmate.com/manuals/reflection2014.html

Custom Exception Expressions
Use regular expressions to define additional exclusion patterns that prevent false positives or preserve data that you do not want to redact.

Note: By default Reflection does not redact digit patterns such as North American phone numbers containing area code information and optional country code, common short date/time formats (MM/DD/YYYY, YYYY/MM/DD, HH:MM:SS, HH:MM, etc), and US Social Security numbers.

 

Simple PAN detection

Simple PAN detection matches either a credit card number sequence (a 13-16 digit number) or preceding text (e.g., keywords like "Account") followed by a credit card number sequence. Use Simple PAN detection when:

  • All credit card data in host applications are always displayed and entered as a single continuous string (e.g. 1211-1441-1311-1551).
  • You need to redact account numbers only from: Visa, MasterCard, American Express, Discover, Diner’s Club, Carte Blanche, Voyager, JCB, or enRoute. (If you need to detect other card issuers, use Reflection PAN detection or Privacy Filters.)
  • All host application screens containing credit cards are very well defined, and credit card information is always "labeled" in predictable ways. (For instance, credit card numbers are always preceded by a label such as "Account: ").

 

 

Detect PANs based on 13-16 digit numbers with separators matches a credit card number sequence.

Detect PANs based on preceding text matches preceding text followed by a credit card number sequence. To use this option, you will need to add the preceding text (e.g., Account) to the Text Items box.

PCI DSS Rules

You can configure Reflection to require secure connections for all network connections or for only wireless connections. You can also choose to fire a Reflection API event when an unredacted PAN (or credit card number) is displayed.

 

Do not require secure host connections

Allow non-secure connections, such as Telnet. Select this option only when testing or when your sessions do not require PCI DSS compliance.

 

Require secure host connections on all networks

Allows only secure connections, regardless of the type of network. This applies to wired, wireless, and VPN connections.

 

Require secure host connections on wireless networks

Allows non-secure connections on wired networks but requires secure connections for wireless networks.

Note: VPN connections are not subject to the wireless restrictions. Because of VPN's inherent security, VPN connections are handled in the same way as wired connections. To secure VPN connections, choose the Require secure host connections on all networks option.

 

Enable API events when PANs are viewed by the user

Fires the CreditCardRecognized .NET API and VBA event when unredacted PAN data is copied from the terminal to the clipboard or to a productivity tool. For IBM systems, the event is also fired when unredacted PAN data is displayed on the screen.

You can handle this event to create logs or perform other actions required for compliance. (See the Reflection VBA Guide or the Reflection .NET API Guide.)

Note: This event is fired only when a PAN is copied or displayed in its entirety ("in the clear"). It is not fired when only redacted PANs are copied or displayed.