Payment card primary account numbers

Detects references to payment card primary account numbers in financial and compliance documents. Commonly found in Australian regulatory filings, transaction records, and audit documentation.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

identifier/document-structure anchored regex with constrained context replaces phrase-only detection. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Mixed

Jurisdictions

global

Regulations

AML/CTF Act (Cth), IPA 2009 (Qld), NDB Scheme (Cth), Privacy Act 1988 (Cth), SOCI Act 2018 (Cth)

Frameworks

ISO 27001, ISO 27701, PCI-DSS, SOC 2

Data categories

financial

Scope

wide

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?is)\b(?:payment\s+card\s+primary\s+account\s+numbers)\b\s{0,80}\b[A-Z0-9][A-Z0-9\-/ ]{4,24}\b

Corroborative evidence keywords

payment card primary account numbers, payment, card, primary, account, numbers, financial, accounts, payments, credit card, card number, card no, CC, visa, mastercard, amex, american express, discover, jcb, diners club (+34 more)

Proximity: 300 characters

Should match

• Payment card primary account numbers — Exact phrase marker match
• payment card primary account numbers — Case-insensitive phrase match
• Payment card primary account numbers — Normalized whitespace phrase
• structured record with identifier and contextual anchors — Structural anchor sample

Should not match

• unrelated generic text — No relevant phrase context
• placeholder value 12345 — Random text should not match phrase marker
• generic narrative without identifier/document anchors — Should not match plain mention
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Financial terminology appearing in published reports, accounting textbooks, regulatory guidance, or template documents without actual transaction data. Mitigation: Require corroborative evidence keywords within the proximity window. Cross-reference with structured financial identifiers to confirm actual sensitive data.
• In Australian English, standard business terminology overlapping with financial detection keywords in routine correspondence and documentation. Mitigation: Increase confidence threshold when scanning business correspondence. Layer with transaction-specific patterns for higher precision.