Protecting Credit Card Data with Spirion’s Data Discovery

Credit card numbers have been targeted by hackers for years and are a major source of data breaches.
To combat the issue, the Payment Card Industry Security Standards Council (PCI SSC) assembled the Payment
Card Industry Data Security Standard (PCI DSS). This is a worldwide information security standard to
help organizations that process card payments to prevent credit card fraud through increased controls
around data. Despite these efforts, data breaches continue to occur and credit card fraud is still a
major business. Spirion helps organizations prevents data loss and comply with PCI DSS by helping
organizations intelligently find and secure credit card numbers.

Credit card numbers have an internal structure that share a common numbering scheme. Many credit cards
contain a single-digit Major Industry Identifier (MII), a six-digit Issuer Identification Number (IIN),
an account number, and a single digit check sum calculated using the Luhn algorithm. The ANSI Standard
X4.13-1983 is the system used by most national credit-card systems. Spirion finds MasterCard,
Visa, Discover, American Express, Diners Club, Carte Blanche, JCB/Enroute, and Australian BankCards.

Our proprietary algorithms perform a variety of real-time analytics to
maximize accuracy
and minimize false positives. Spirion first starts with
deep, deep data analysis. When Spirion comes across data that could potentially be a match,
it applies all the validation techniques it knows exist to determine whether the data
meets the minimum requirements for being a legitimate Credit Card Number. For example, Spirion
applies the Luhn algorithm, which every credit card number must pass before it is considered a legitimate
number issued by a credit agency.

Beyond deep data analysis, Spirion also performs contextual analysis to increase
the accuracy of returning relevant information. By performing contextual analysis, Spirion can
ascertain whether the data is being referred to in a way that would also indicate it is relevant to
an end user. Finally, Spirion puts all of this power into the hands of the user. Although the
software supports defaults that have been configured by our data analytic experts, users may tune the
sensitivity of the search and cater it to the unique data set they are searching within their own internal