Data identifier ARNs for financial data types

Financial information

CloudWatch Logs data protection can find the following types of financial information.

If you set a data protection policy, CloudWatch Logs scans for the data identifiers that you specify no matter what geolocation the log group is located in. The information in the Countries and regions column in this table designates whether two-letter country codes must be appended to the data identifier to detect the appropriate keywords for those countries and regions.

Type of data	Data identifier ID	Keyword required	Countries and regions	Notes
Bank account number	`BankAccountNumber`	Yes. Different keywords apply to different countries. For details, see the Keywords for bank account numbers table later in this section.	France, Germany, Italy, Spain, United Kingdom	Includes International Bank Account Nmbers (IBANs) that consist of up to 34 alphanumeric characters, including elements such as country codes.
Credit card expiration date	`CreditCardExpiration`	`exp d`, `exp m`, `exp y`, `expiration`, `expiry`	All
Credit card number	`CreditCardNumber`	`account number`, `american express`, `amex`, `bank card`, `card`, `card number`, `card num`, `cc #`, `ccn`, `check card`, `credit`, `credit card#`, `dankort`, `debit`, `debit card`, `diners club`, `discover`, `electron`, `japanese card bureau`, `jcb`, `mastercard`, `mc`, `pan`, `payment account number`, `payment card number`, `pcn`, `union pay`, `visa`	All	Detection requires the data to be a 13–19 digit sequence that adheres to the Luhn check formula, and uses a standard card number prefix for any of the following types of credit cards: American Express, Dankort, Diner’s Club, Discover, Electron, Japanese Card Bureau (JCB), Mastercard, UnionPay, and Visa.
Credit card verification code	`CreditCardSecurityCode`	`card id`, `card identification code`, `card identification number`, `card security code`, `card validation code`, `card validation number`, `card verification data`, `card verification value`, `cvc`, `cvc2`, `cvv`, `cvv2`, `elo verification code`	All

Keywords for bank account numbers

Use the following keywords to detect International Bank Account Numbers (IBANs) that consist of up to 34 alphanumeric characters, including elements such as country codes.

Country	Keywords
France	`account code`, `account number`, `accountno#`, `accountnumber#`, `bban`, `code bancaire`, `compte bancaire`, `customer account id`, `customer account number`, `customer bank account id`, `iban`, `numéro de compte`
Germany	`account code`, `account number`, `accountno#`, `accountnumber#`, `bankleitzahl`, `bban`, `customer account id`, `customer account number`, `customer bank account id`, `geheimzahl`, `iban`, `kartennummer`, `kontonummer`, `kreditkartennummer`, `sepa`
Italy	`account code`, `account number`, `accountno#`, `accountnumber#`, `bban`, `codice bancario`, `conto bancario`, `customer account id`, `customer account number`, `customer bank account id`, `iban`, `numero di conto`
Spain	`account code`, `account number`, `accountno#`, `accountnumber#`, `bban`, `código cuenta`, `código cuenta bancaria`, `cuenta cliente id`, `customer account ID`, `customer account number`, `customer bank account id`, `iban`, `número cuenta bancaria cliente`, `número cuenta cliente`
United Kingdom	`account code`, `account number`, `accountno#`, `accountnumber#`, `bban`, `customer account ID`, `customer account number`, `customer bank account id`, `iban`, `sepa`
United States	`bank account`, `bank acct`, `checking account`, `checking acct`, `deposit account`, `deposit acct`, `savings account`, `savings acct`, `chequing account`, `chequing acct`

CloudWatch Logs doesn't report occurrences of the following sequences, which credit card issuers have reserved for public testing.


122000000000003, 2222405343248877, 2222990905257051, 2223007648726984, 2223577120017656, 
30569309025904, 34343434343434, 3528000700000000, 3530111333300000, 3566002020360505, 36148900647913, 
36700102000000, 371449635398431, 378282246310005, 378734493671000, 38520000023237, 4012888888881881, 
4111111111111111, 4222222222222, 4444333322221111, 4462030000000000, 4484070000000000, 4911830000000, 
4917300800000000, 4917610000000000, 4917610000000000003, 5019717010103742, 5105105105105100, 
5111010030175156, 5185540810000019, 5200828282828210, 5204230080000017, 5204740009900014, 5420923878724339, 
5454545454545454, 5455330760000018, 5506900490000436, 5506900490000444, 5506900510000234, 5506920809243667, 
5506922400634930, 5506927427317625, 5553042241984105, 5555553753048194, 5555555555554444, 5610591081018250, 
6011000990139424, 6011000400000000, 6011111111111117, 630490017740292441, 630495060000000000, 
6331101999990016, 6759649826438453, 6799990100000000019, and 76009244561.

Data identifier ARNs for financial data types

The following lists the Amazon Resource Names (ARNs) for the data identifiers that you can add to your data protection policies.

Financial data identifier ARNs
`arn:aws:dataprotection::aws:data-identifier/BankAccountNumber-DE`
`arn:aws:dataprotection::aws:data-identifier/BankAccountNumber-ES`
`arn:aws:dataprotection::aws:data-identifier/BankAccountNumber-FR`
`arn:aws:dataprotection::aws:data-identifier/BankAccountNumber-GB`
`arn:aws:dataprotection::aws:data-identifier/BankAccountNumber-IT`
`arn:aws:dataprotection::aws:data-identifier/BankAccountNumber-US`
`arn:aws:dataprotection::aws:data-identifier/CreditCardExpiration`
`arn:aws:dataprotection::aws:data-identifier/CreditCardNumber`
`arn:aws:dataprotection::aws:data-identifier/CreditCardSecurityCode`

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Device identifiers

Protected health information (PHI)