Unfiltered Story #277655

We’re not supposed to send or receive full bankcard numbers in our emails, but sometimes clients aren’t fully aware of the rules and send them anyway. I mask the card numbers in my responses and add a reminder to not send full card numbers, then delete the original emails.

However, we had one client who would restore the full card numbers in their replies to my responses. It kept tripping our DLP (Data Loss Prevention) scanner and as a result I kept getting written up for breaking the rules.

It would go something like this:

Client: Hi, I’m having trouble with test card number 5558675309. Can you see why it’s not being approved?

me: Yes, test card XXXXXX5309 is not actually a test card. Are you using your personal bankcard for testing? Please use an actual test card, and please also avoid sending full card numbers.

Client: Yes, card 5558675309 is my personal card, sorry about that. Where can I get test cards?

Later on…

Supervisor: Hey, [me]. Please document your DLP non-compliance with [Client] under ticket number [ticket].

me: *sigh* Okay. You do realize they sent it to me unsolicited, right?

Supervisor: Yep. Just go ahead and document the incident for the auditors.