Free Tool from Linoma Detects Credit Card, Social Security Numbers
July 14, 2009 Alex Woodie
Are you concerned that you may have credit card numbers or Social Security numbers lurking in the dark recesses of your IBM Power Systems (System i, iSeries, AS/400)? Then you might want to download the free Find Database Fields (FNDDBFLD) tool that Linoma Software recently made available, and know for sure.
Power Systems shops around the world are working to comply with the data security requirements laid down by the Payment Cardholder Industry group, or PCI. Some of the most challenging aspects of PCI compliance are the requirements for the handling of credit card data in retail settings. PCI requires that credit card data must not reside permanently on any computer or a server, and when it is handled in passing, it must be encrypted. Similar mandates are going into effect regarding the use of Social Security numbers.
This represents a change in how many Power Systems shops do business. Before implementing encryption as part of a remediation program for PCI or other mandates, Power Systems shops must first make sure that they have found every location where sensitive data like credit card or Social Security numbers reside.
A programmer or administrator will probably be able to recall the primary locations where this information was stored, but there remains the possibility that this information was moved to another database file or field in other libraries. Perhaps this was done as part of a disaster recovery or quality assurance project.
Now, thanks to Linoma’s FNDDBFLD, customers can take the guesswork out of identifying where sensitive data resides on their Power Systems server. The free product functions like a search tool, and locates database fields containing values that meet the customer’s search criteria.
For example, most credit card numbers have 16 digits (you may have to run a separate search for American Express numbers, which have only 15 digits). A search for numeric strings with nine digits would turn up Social Security and Canadian Social Insurance numbers.
After running a search, FNDDBFLD outputs a report that lists every file that contains data that matches the query, including its library name and relative record number. Armed with this information, a Power Systems administrator can feel safe that he has located all sensitive data.
“This is a tool we wanted to provide all IBM i customers and auditors as a public service so they can quickly find out where they have exposures,” says Linoma’s chief architect, Bob Luebbe. “This is even a great tool for those organizations that are already doing field encryption, since they can use FNDDBFLD to make sure they didn’t miss anything.”
FNDDBFLD runs on OS/400 V5R2 through IBM i (i5/OS V6R1) and can be downloaded at www.linomasoftware.com/products/crypto/fnddbfld.