Credit card data was not detected for HTTP PUT and POST
651
Created On 06/02/25 22:51 PM - Last Modified 06/30/25 20:22 PM
Symptom
- Non file uploads of credit card numbers via HTTP PUT/POST to sites like dlptest.com are not detected.
- Consequently, no DLP incidents are generated.
Environment
- Prisma Access or Next Gen Firewalls
- Enterprise DLP
Cause
- The first 4 digits (prefix) or Preamble of the input numbers are not valid.
- The first 4 digits should be valid supported numbers from various credit card companies like Visa, Master Card, Discover, American Express etc.
- If these are invalid, DLP cannot detect the content.
Resolution
- The behavior is expected.
- DLP uses “Luhns Algorithm” to process and detect credit card numbers when uploaded.
- The algorithm checks the first 4 digit prefix.
- As part of the check, If an invalid number is provided, DLP algorithm will not be able to detect the content and therefore, the content is not blocked.
Additional Information
- Question: What is a "Credit Card Preamble or prefix"?
- Answer: A credit card preamble—sometimes called a credit card prefix, issuer identification number (IIN), or bank identification number (BIN)—is a digit or series of digits at the beginning of a credit card number that identifies the type of card or company that issued the card.
- Here's a list of common credit card prefixes to help identify different card types:
- American Express: Typically begins with 34 or 37.
- Visa: Always starts with 4.
- Mastercard: Often starts with 51-55, but may also begin with 2.
- Discover: Usually starts with 6011 or 65.
- Diners Club: Starts with 36 or 38 (for International Diners Club) or 54 or 55 (for US/Canada Diners Club).
- JCB: Begins with 35.