ICCID
Detects ICCID patterns.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: validated with Luhn algorithm and supported by corroborative keyword evidence.
- Detection quality
- Verified
- Jurisdictions
- global
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- device-id
- Scope
- specific
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\b89\d{17,18}\bCorroborative evidence keywords
device, identifier, serial number, hardware, fax, facsimile, toll free, hotline, helpline, IDD, STD, country code, area code, extension, ext
Proximity: 300 characters
Should match
8961234567890123456— Standard 19-digit ICCID89610000000000000000— ICCID with 20 digits8901000000000000001— Alternate ICCID format
Should not match
8861234567890124000— Wrong prefix (88 instead of 89)896123456789012400— Too few digits (18 instead of minimum 19)896123456789012300000— Too many digits (21 instead of maximum 20)
Known false positives
- Technical identifiers appearing in public documentation, network configuration guides, or example configurations without representing actual infrastructure. Mitigation: Cross-reference with known documentation patterns and reserved address ranges. Require proximity to infrastructure-specific context.
- Placeholder and example values commonly used in technical tutorials and vendor documentation. Mitigation: Maintain exclusion lists for well-known example values (RFC 5737 documentation addresses, example MAC addresses).