Prevent users from saving Credit Card details into ServiceNow

georgechen · ‎11-25-2015

Hi folks,

Anyone experiencing ServiceNow users saving Credit Card details in a record? From time to time we found records stored Credit Card Details, which in our organization these have to been deleted. We were thinking of implementing Inbound Actions to check with Regex and perform auto record removals.

Have this been experienced by any of you? If so how the auto-checking & processing in terms of scripting implementations has advanced?

Any input would be appreciated

Kind regards,

George

braddiamond · ‎05-16-2016

George - did you ever get an appropriate answer for this? I would be interested too.

Thanks,

Brad

michal29 · ‎05-25-2016

Hello George,

As a short time fix, you could probably encrypt the data if found by script, the same way passwords / security information are encrypted in records

Regards

braddiamond · ‎05-25-2016

Michal - I'm not sure that encryption is a viable option in this scenario. Card data (PCI-DSS) has more stringent requirements than passwords. I agree it is better than nothing, but I'm sure the PCI auditors would have other opinions.

georgechen · ‎05-25-2016

Thanks Michael. I have not heared any feedback but since my team have decided to implement this as a form UI action (button) to remove possible credit card details. The implementaion actaully had some issues which was interfacing by Invoice number so what it happened was that the business rule which masks the card number was also masking Invoice Number which is incorrect behaviour, and also for performance consideration it was rolled back.

I am more than happy to receive any more relevant technique to achieve this as we are still manually delete job or remove attachments from the system, hoping to automate the process.

Kind regards,

George