Mask 16 digit credit card but not 20 digit numbers

deepaltrivedi · ‎03-05-2019

Hi All - We have a change in requirement where we want to mask 16 digit credit card information in inbound email body but not 20 digit numbers as they are not credit card. I've below script that works perfectly but it masks any number over 12 digits -- i don't want to mask 20 digits number.

Thoughts on how i need to modify the bolded portion??

(function executeRule(current, previous /*null when async*/) {
var emailVars = [current.body,current.subject,current.body_text];
var arr = [];
for(e = 0; e < emailVars.length; e++) {

var wt = emailVars[e].match(/(https:\/\/.*wetransfer\.com)(.*)[^\s]/g);
var matches = emailVars[e].match(/(https:\/\/.*wetransfer\.com)(.*)[^\s]|([\d]){4}([ -])?([\d]){4}([ -])?([\d]){4}([ -])?([\d]){4}/g);
if(matches){
for(var i = 0; i < 16; i++) {
if(!wt || matches[i] != wt[0]) {
var numCount = 0;
var maskedCredCard = '';
for(var j = 0; j < matches[i].length; j++) {
if(matches[i][j] == '-' ||matches[i][j] == ' '|| numCount >= 12) {
maskedCredCard += matches[i][j];
}
else if(numCount < 12) {
maskedCredCard += '*';
numCount++;
}
}
if(e == 0) {
current.body = current.body.replace(matches[i] ,maskedCredCard);
}
else if(e == 1) {
current.subject = current.subject.replace(matches[i] ,maskedCredCard);
}
else if(e == 2) {
current.body_text = current.body_text.replace(matches[i], maskedCredCard);
}
} //closes WT if statement
}//closes matches for loop

} //closes if there are matches
} //closes loop through email variables
})(current, previous);

asifnoor · ‎03-18-2019

Hi,

Replace this below line and check

var numbers = email_body.match(/\d+/g).map(Number);

WITH

var numbers = email_body.match(/\s\d+/g).map(Number);

View solution in original post

deepaltrivedi · ‎03-18-2019

in the first link you can see it masked the 12 digits in the URL. we never want to mask digits in the URL.

asifnoor · ‎03-18-2019

Okay, got it.

So can you share the complete body text so taht i can understand where to mask and where not to mask.

deepaltrivedi · ‎03-18-2019

Not sure what you mean by provide complete body. The URL is always different. The only thing in the URL that is consistent is that it contains the word wetransfer whether its wetransfer.com or wetransfer.net or something else that i'm not aware of.

Mask 12 out of 16 digits if there's 16 digits in the body.
Do not mask any digits if they are in the URL containing word wetransfer. There are multiple URLs, only thing in common is that they contain phrase wetransfer
Do not mask any digits if they're 20 digits outside of URL

asifnoor · ‎03-18-2019

What is not clear is what does your eamil body contains.

I thought it will contain the cc number in the url, but you said that you don't wnat to mask the digits in the URL.

So where else this cc number will be present.

Can you share 1 sample ENTIRE BODY content for me to understand where to mask and where NOT to mask.

deepaltrivedi · ‎03-18-2019

Sure. Let me rephrase this. Original requirement was to mask 12 of 16 digits in the description field if someone types cc is: 1234567890987654. Then it should show up as cc is: ************7654.

Then we discovered this masks any URLs that are placed in the description too if they contain 16 consecutive digits. so we had to exclude any digits masking for URL containing wetransfer phrase.

Then we also discovered we get unique ID's also added in the description field that are 20 digits long. Since they're not cc numbers we do NOT want to mask any 20 digits in the descrption.

For example description field should be like:

cc is: ************7654

URL is: https://wetransfer.com/search/1234567890987654

Dept id is: 12345678909876543210

This is not to imply cc #'s or dept id's will always have the phrase mentioned above as prefix. Does this make sense?