In our Zendesk instance, we create certain tickets which have a custom field populated with a database ID. The IDs for this particular resource are very large, sequential integers. Unfortunately, the automatic redaction feature incorrectly identifies these as potential credit card numbers. It uses the Luhn Algorithm to verify if the number is a possible credit card number, and if so redacts a portion of it. Since the Luhn Algorithm uses only one checksum digit, every 10th ID will be incorrectly identified as a credit card number.
This is problematic, as it means we can no longer identify the resource associated with these tickets, many of which track legal compliance issues.
We require a means to to whitelist specific custom fields so as to tell the system "this will never contain a credit card number, and should never be redacted".
Disabling auto-redaction is not an option, as we still need automatic redaction of credit card numbers which may have been included in other portions of tickets.
Changing the format of the ID is not a reasonable option, as there is nothing special about a sequential number which should require us to do so.
Luhn Algorithm: https://en.wikipedia.org/wiki/Luhn_algorithm
Please sign in to leave a comment.