As part of the PCI compliance legislation in the UK we have been asked to block all incoming emails that contain credit card numbers to one of our customers. We cannot receive any emails that contain numbers so we knew we had to block them before they were delivered to the server and not filter them once they had been accepted.
This can be achieved with the Exchange Transport Rules.
Transport Rules allow for pattern matches on certain characters on messages that are routed through Exchange, full details of this can be read here
http://technet.microsoft.com/en-us/library/aa997187.aspx
Credit card numbers have a certain format, Visa and Mastercard use 16 digits in blocks of 4 starting with a 4 and 5 respectively so
4xxx xxxx xxxx xxxx
5xxx xxxx xxxx xxxx
Discovery uses 16 digits in a block of 4 starting with 6011 so
6011 xxxx xxxx xxxx
AMEX uses 15 digits in blocks of 5,6 then 4 starting with a 3 so
3xxxx xxxxxx xxxx
To match these with a rule we need to use several pattern matches.
4\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s
5\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s
6011\d\d\d\d\d\d\d\d\d\d\d\d\s
3\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s
The matches here are \d for any numeric character, \s for a white space so these match for the following
4111666677778888
5111666677778888
6011666677778888
31166666677777
This is great but we need to match for people using spaces, periods or hyphens so we need to increase the pattern match to account for this.
\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d
This match uses the parenthesis () to distinguish choices that can be made mid match so if we need to match four numbers and then a space, period or hyphen we can see this as
\d\d\d\d - Match 4 numbers
(\s|.|-) - Match either a space, period or hyphen
Note the use of the pipe character | here this is used as an OR in the match statement to choose the different type of character.
Now using this we can match for any variation of character that distinguish 16 digits and then add different matches for the 15 digit cards from AMEX.
\d\d\d\d(\s|.|-)\d\d\d\d\d\d(\s|.|-)\d\d\d\d\d(\s|.|-)
All you need to do now is take some action when the match occurs, in our case we reject the email with a custom message and the SMTP code 5.7.1
No comments:
Post a Comment