0
I hope this isn't off topic, but I need to ensure PCI compliance, and we recently received an email with an unsolicited cc number, and I have read the answers to https://security.stackexchange.com/questions/53996/unsolicited-credit-card-in-email which clearly states the information should be cleaned.
How would one achieve this within Microsoft Exchange?
David Wilkins
Posted 2014-05-08T18:20:20.090
Reputation: 135
1
There are several forensic tools that do this but this is one that is light weight and will probably work for you: http://controlcase.com/data_discovery.php
The way it and every [most] other scanners work is to actual scan through every file and flag any number set that matches a defined set of patterns -for your case, it will be credit card numbers. Additionally, some software attempts to read the context of the number to see if it is a false positive.
Note, I'm not affiliated with the linked software or company.
Edit: Here is an open source program that claims to do the same thing (I have not used it personally) and so you should be able to configure it to run on your mail server. http://www.it.cornell.edu/services/spider/
Matthew Peters
Posted 2014-05-08T18:20:20.090
Reputation: 1 718
Thank you so much for the prompt answer...I will look into both of these options, and I will keep watching for new answers as well – David Wilkins – 2014-05-08T18:51:02.263
Sure, and feel free to post feedback on whichever software you use as well as any snags (if any) you have with it. – None – 2014-05-08T19:04:00.537
Followup: It looks like the Cornell Spider would take more effort to use (if its possible at all) with Exchange Server. The Control Case solution looks a bit pricey, but should do the job. In addition to these, I found a solution by Ground Labs that they are willing to let us try before we buy. – David Wilkins – 2014-05-09T19:00:27.403