Invoice copy (pdf) with insecure data

The pdf invoice emailed by sonar cloud shows the first 6 digit + last 4 digit of the credit card.


Showing the first 6 digit (hidden in red) is insecure and doesn’t and is not PCI DSS >=3.4 compliant

Please remove this information.

Hello @Jair_Garcia

The information you see on your invoice comes directly from our credit card payment provider. This is compliant to PCI (requirement 3.3) which states that the 16-digit Primary Account Number (PAN) should be masked when displayed. The maximum number that can be shown is the first six and the last four digits. This requirement applies to the display of the PAN on screens, paper receipts, and other printouts.

SonarSource does not store, process or have access to any credit card information.

Many Thanks,
Duncan