Cardholder data redaction is the removal of personal account details from a stored file under PCI DSS v4.0 Req. 3. That requirement limits how a primary number may be retained. anonym.plus marks each value on your own device, so the record stays useful while the sensitive part is removed — and UK GDPR data-minimisation duties are honoured.
When this applies
A support export often quotes a customer's full number verbatim. You must strip those digits under Requirement 3 before the file leaves your team.
How anonym.plus handles it
- Open the export in anonym.plus on your workstation.
- Local OCR reads any scanned slip attached to it.
- The tool flags long numbers, names, and contacts.
- Check each flag and clear a false hit by hand.
- Replace each value with a label, or black it out.
- Save the clean copy. The source never leaves your machine.
What you need to provide
- The export (PDF, CSV, DOCX, or TXT).
- An operator: Replace (swap), Redact (black out), or Mask (partial).
- Optional: a name map if you must re-link a customer later.
PII & financial identifiers detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Account | CREDIT_CARD | 4111 1111 1111 1111 → [CARD] |
| Names | PERSON | Olivia Carter → [HOLDER] |
| Contact | EMAIL_ADDRESS | o.carter@example.co.uk → [EMAIL] |
| Bank | UK_BANK_NUMBER | a/c 12345678 → [ACCOUNT] |
| Contact | PHONE_NUMBER | +44 20 7946 0958 → [PHONE] |
| Amount | MONEY | £1,240.00 → [AMOUNT] |
Compliance achieved
- Limits stored payment data as PCI DSS v4.0 Req. 3 demands.
- Supports UK GDPR / DPA 2018 minimisation — the ICO's core principle.
- Working copies are kept safe with AES-256-GCM.
- Covers 340+ PII types, well beyond the card fields alone.
Anonymise cardholder records offline — see plans & start free →
Limitations & cautions
The tool flags the named fields, but it cannot judge when a free-text note re-identifies a customer. Review narrative comments yourself before you release the file.
Frequently asked questions
Which data does Requirement 3 limit?
It limits how a stored primary number is kept. anonym.plus flags the full value so you can mask or remove it before the file is shared.
Does the source ever leave my device?
No. Work runs on your own machine with no cloud step. Nothing is uploaded, so the account data stays where you control it — in line with UK GDPR.
Will the record still read correctly after the swap?
Yes. The Replace operator drops a steady label in place of each value, so the text still flows and no longer names a real account.