Payment card primary account numbers

Detects references to payment card primary account numbers in financial and compliance documents. Commonly found in Australian regulatory filings, transaction records, and audit documentation.

Type: regex
Engine: boost_regex
Confidence: medium
Confidence justification: identifier/document-structure anchored regex with constrained context replaces phrase-only detection. Added context gating and exclusion rules improve precision and reduce incidental matches.
Detection quality: Mixed
Jurisdictions: global
Regulations: AML/CTF Act (Cth), IPA 2009 (Qld), NDB Scheme (Cth), Privacy Act 1988 (Cth), SOCI Act 2018 (Cth)
Frameworks: ISO 27001, ISO 27701, PCI-DSS, SOC 2
Data categories: financial
Scope: wide
Platform compatibility: Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Unsupported

Pattern

\b(?:4\d{12}(?:\d{3})?|5[1-5]\d{14}|3[47]\d{13}|6(?:011|5\d{2})\d{12}|2[2-7]\d{14})\b

Corroborative evidence keywords

payment card primary account numbers, payment, card, primary, account, numbers, financial, accounts, payments, credit card, card number, card no, CC, visa, mastercard, amex, american express, discover, jcb, diners club (+30 more)

Proximity: 300 characters

Should match

4111111111111111 — Visa PAN
5500005555555559 — Mastercard PAN
340000000000009 — Amex PAN

Should not match

1234567890123456 — Not a valid card BIN
4111 — Too short
template example placeholder — Template/sample text

Known false positives

Financial terminology appearing in published reports, accounting textbooks, regulatory guidance, or template documents without actual transaction data. Mitigation: Require corroborative evidence keywords within the proximity window. Cross-reference with structured financial identifiers to confirm actual sensitive data.
In Australian English, standard business terminology overlapping with financial detection keywords in routine correspondence and documentation. Mitigation: Increase confidence threshold when scanning business correspondence. Layer with transaction-specific patterns for higher precision.