Cardholder data redaction is the removal of personal account data from a stored file under PCI-DSS v4.0 Req. 3. That requirement limits how a primary number may be kept. anonym.plus marks each value on your own device, so the record stays useful while the sensitive part goes.
When this applies
A support export often quotes a buyer's full number verbatim. You must strip those digits under Requirement 3 before the file leaves your team.
How anonym.plus handles it
- Open the export in anonym.plus on your workstation.
- Local OCR reads any scanned slip attached to it.
- The tool flags long numbers, names, and contacts.
- Check each flag and clear a false hit by hand.
- Replace each value with a label, or black it out.
- Save the clean copy. The source never leaves your machine.
What you need to provide
- The export (PDF, CSV, DOCX, or TXT).
- An operator: Replace (swap), Redact (black out), or Mask (partial).
- Optional: a name map if you must re-link a buyer later.
PII & financial identifiers detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Account | CREDIT_CARD | 4111 1111 1111 1111 → [CARD] |
| Names | PERSON | Maria Lopez → [HOLDER] |
| Contact | EMAIL_ADDRESS | m.lopez@example.com → [EMAIL] |
| Bank | US_BANK_NUMBER | acct 0091 4420 → [ACCOUNT] |
| Contact | PHONE_NUMBER | (212) 555 0147 → [PHONE] |
| Amount | MONEY | $1,240.00 → [AMOUNT] |
Compliance achieved
- Limits stored payment data as PCI-DSS v4.0 Req. 3 demands.
- Runs offline, so the digits never touch a server.
- Working copies are kept safe with AES-256-GCM.
- Covers 340+ PII types, far past the card fields alone.
Anonymize cardholder records offline — see plans & start free →
Limitations & cautions
The tool flags the named fields, but it cannot judge when a free-text note re-identifies a buyer. Review narrative comments yourself before you release the file.
Frequently asked questions
Which data does Requirement 3 limit?
It limits how a stored primary number is kept. anonym.plus flags the full value so you can mask or remove it before the file is shared.
Does the source ever leave my device?
No. Work runs on your own machine with no cloud step. Nothing is uploaded, so the account data stays where you control it.
Will the record still read correctly after the swap?
Yes. The Replace operator drops a steady label in place of each value, so the text still flows and no longer names a real account.