PCI Compliance: How to Automatically Redact Credit Card Information from Inbound Email

An often-overlooked challenge when it comes to PCI compliance are the occasions where customers ‘helpfully’ email their credit card details in an attempt to expedite an order or refund, or when they have issues ordering online. These actions are in fact the very opposite of helpful and can cause issues for organizations who need to protect payment card data in compliance with PCI DSS (Payment Card Industry Data Security Standard).

Historically, IT and compliance teams have relied on employees to manually delete these emails, report the issue for further tracking and respond back to the customer in a separate message, letting them know that it is not company policy to accept payment card information through this communication channel. However, this manual approach to credit card data security exposes both the customer and organization to undue risk and error.

To address this challenge, organizations use PCI-compliant email gateways with automated scanning and data redaction technologies to remove payment card data before the email reaches its intended recipient. As a result, this helps ensure PCI compliance, while also avoiding having to manually clean-up a trail of PCI data left behind.

Adaptive Redaction: An Automated Solution for PCI Compliance

The Secure Email Gateway from Clearswift uses Adaptive Redaction technology to automate the scanning and redacting of payment card information (or other sensitive and inappropriate data) prior to it entering the organization. Thanks to Optical Character Recognition (OCR) scanning, this even includes payment card information sent as scanned images or photographs.

In real time, a Deep Content Inspection Engine completely disassembles inbound messages, detecting and removing only the information that breaks PCI DSS guidelines, while allowing the rest of the message to go ahead unhindered. This ensures that there is continuous approach to collaboration and communication, while removing the risk of inappropriately shared information.

PCI-Compliant Email Protection from Day One

Setting up PCI policy rules within the Secure Email Gateway is easy thanks to the pre-defined PCI and PII tokens designed to simplify policy definition and deployment. The Secure Email Gateway also uses Lexical Expression Qualifiers to validate sensitive information. This minimizes the number of false positives, as it understands when a number might look like payment information but isn’t.

To find out more about how the Secure Email Gateway transforms email from a high-risk communication channel to one that’s PCI compliant, ask us for a demo.

Ask us for a demo

Related Resources:

Datasheet: Secure Email Gateway

White Paper: PCI Compliance Best Practice Guide

Solution Brief: Clearswift OCR