PCI DSS 4.2.2: Are your clients exposing PAN in email/slack/customer support?

Hey!

With PCI DSS 4.0, Requirement 4.2.2 underscores how easily PAN and other sensitive data can sneak into Email, Slack/Teams, or chat on customer support (Zendesk, Salesforce, Intercom). We’re hearing from QSAs who see clients struggle to secure that data in real-time.

Strac automates detection and redaction of cardholder data (PAN) across messaging apps—making it a breeze to stay compliant and avoid messy manual reviews.

If you’re seeing clients with this challenge, we’d love to chat with you.

Thanks once again!

What is Strac?
Strac is the Data Discovery, DSPM (Data Security Posture Management), DLP (Data Loss Prevention) solution that discovers, classifies and remediates sensitive data across SaaS, Cloud, Gen AI and Endpoints like Office 365, Google workspace, Slack, Sharepoint, Google Drive, Zendesk, Salesforce, AWS, Azure and more.

How it works?
Once Strac scans for sensitive information in unstructured attachments, text (email, chat messages, transcripts) or even structured tables in cloud databases with its machine learning and OCR models, Strac will protect the data via redaction (masking), labeling, alerting, blocking, deletion actions. Strac works for all SaaS, Cloud, Gen AI and Endpoints.

Who uses Strac?
Strac is trusted by enterprises like UiPath, Western Union Business Solutions, Rho, Snap Finance, Crypto (dot) com and more. Checkout https://www.strac.io/wall-of-love