Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a method to obfuscate IBAN for presentation for relative identification #99

Closed
jaysee opened this issue Apr 30, 2020 · 4 comments
Closed

Add a method to obfuscate IBAN for presentation for relative identification #99

jaysee opened this issue Apr 30, 2020 · 4 comments
Assignees
@globalcitizen
Labels
enhancement in progress

Comments

@jaysee
Copy link

jaysee commented Apr 30, 2020

Hello,

I think tere is a missing feature to obfuscate IBAN, to prevent IBAN being stolled, but allow it to be matched.

I use a simple line of code, you could improve it as you better know IBANs, but it's a start :)

$iban = $iban->HumanFormat();
$obf = substr( $iban, 0, 7 ) . preg_replace( '/\d/', 'x', substr( $iban, 8 ), 17 ) . substr( $iban, 18 );

Thank for your work!
@globalcitizen globalcitizen changed the title Add a method to obfuscate IBAN Add a method to obfuscate IBAN for presentation for relative identification May 3, 2020
@globalcitizen globalcitizen self-assigned this May 3, 2020
@globalcitizen
Copy link
Owner

Thanks for the feature request.

I am not completely sure I understand what you mean.

An IBAN is a public identifier. To provide any utility at all, it needs to be shared completely.

If you are suggesting that only part of an IBAN is shared identification purposes (as credit card numbers are sometimes presented: 4217 **** **** 3412) then I don't think that's a common or recommended use case. However, I can understand the general thinking.

Generally this is done with credit cards when, for example, the user can store multiple credit cards along with their account and instead of repeating the information the cards are presented for 'relative identification' (which is which) instead of 'absolute identification' (use this for a transaction).

The challenge with an IBAN is that all countries' IBAN have different structures. Some of them have greater variation away from the final few digits.

This is a good feature request. I will implement it. Thanks.

@globalcitizen
Copy link
Owner

I have decided to avoid the checksum digits as they may be used to infer the other digits with knowledge of local banks and branches (some countries have very few valid banks and branches). Therefore, I have decided to implement the obfuscation with only the country code followed by asterisks and the last four characters of the IBAN.

@globalcitizen
Copy link
Owner

Here is the sample output (source followed by obfuscated form).

MK07 5007 0100 0133 139
MK** **** **** ***3 139
MR13 0002 0001 0100 0012 3456 753
MR** **** **** **** **** ***6 753
NE58 NE03 8010 0100 1303 0500 0268
NE** **** **** **** **** **** 0268
NI92 BAMC 0000 0000 0000 0000 0312 3123
NI** **** **** **** **** **** **** 3123
NL91 ABNA 0417 1643 00
NL** **** **** **43 00

@globalcitizen
Copy link
Owner

Released in version 2.7.4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@globalcitizen globalcitizen

Labels
enhancement in progress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@globalcitizen @jaysee