The SAS Output Delivery System and reporting techniques

REG:Scrambling the digits

Reply
Contributor
Posts: 69

REG:Scrambling the digits

Hi,

Iam having the below requirement.
Can anyone help me how to write the code for the below logic using SAS.

A macro will be written which will scramble the digits. Following are the replacements for each digit

1 is replaced as 3
2 is replaced as 5
3 is replaced as 1
4 is replaced as 6
5 is replaced as 4
6 is replaced as 8
7 is replaced as 0
8 is replaced as 9
9 is replaced as 2
0 is replaced as 7

For e.g. 2456 7890 will be scrambled to 5648 0927.

And also the Rules are as follows:

a) For V Accounts first 4 and last 2 digits are fixed. The remaining digits need to be scrambled. For example

45361234 12341299 is replaced as 4536351635163599

b) For Sc card accounts, first 4 digits are fixed. For example

4536 1234 1234 1299 is replaced as 4536 3516 3516 3522

c) For all other accounts keep first 5 digits and last 2 fixed. The remaining digits need to be scrambled. For example

9000 1123 4567 8999 replaced 9000135164809299

Regards,
Siddhartha
Super Contributor
Posts: 394

Re: REG:Scrambling the digits

Posted in reply to Siddhartha
Hi,
This is not the right forum for this question. In fact, this is really a question that is best answered by Tech Support. To find out how to contact SAS Tech Support, refer to:
http://support.sas.com/techsup/contact/index.html.
N/A
Posts: 0

Re: REG:Scrambling the digits

Posted in reply to Siddhartha
It's interesting to see that some changes are symmetric, and some are not. The 1 / 3 replacements are symmetric, and others are not. This presents some vulnerabilities in decrypting the numbers.

Replacing a digit with another through substringing is possible, by using a loop to pick each digit in turn and replace it. Your definition of card types is not clear however, since the V and SC accounts appear to be from the same bin.

I am assuming you are trying to protect card information being sent from a credit card company, and I'm a little lost as to the reason for doing it this way. If you don't want to send the card number, but just want to send an identifier that is valueless to phishers, then build a table of card numbers, and assign them sequential numbers building a lookup table. Then build a format from the table and use this to replace your data records.

I don't know why you want 4 digits the same when a credit card bin is 6 digits, but you'll know that best. Retaining the last two digits is also strange. The 16th digit is called a LUHN code and as soon as you change the sequence or value of any of the preceding 15 digits, the LUHN code changes and the card number is immediately valueless.

I would discuss the data with your information security people to ensure you are adequately obfuscating the account information.

Kind regards

David
Ask a Question
Discussion stats
  • 2 replies
  • 132 views
  • 0 likes
  • 3 in conversation