search

globalcitizen / php-iban

Generate, parse, validate, error-correct and present IBAN (and IIBAN) bank account information in PHP.
GNU Lesser General Public License v3.0
475 stars 110 forks source link

Add a method to obfuscate IBAN for presentation for relative identification #99

Closed jaysee closed 4 years ago

jaysee commented 4 years ago

Hello,

I think tere is a missing feature to obfuscate IBAN, to prevent IBAN being stolled, but allow it to be matched.

I use a simple line of code, you could improve it as you better know IBANs, but it's a start :)

$iban = $iban->HumanFormat();
$obf = substr( $iban, 0, 7 ) . preg_replace( '/\d/', 'x', substr( $iban, 8 ), 17 ) . substr( $iban, 18 );

Thank for your work!

globalcitizen commented 4 years ago

Thanks for the feature request.

I am not completely sure I understand what you mean.

An IBAN is a public identifier. To provide any utility at all, it needs to be shared completely.

If you are suggesting that only part of an IBAN is shared identification purposes (as credit card numbers are sometimes presented: 4217 **** **** 3412) then I don't think that's a common or recommended use case. However, I can understand the general thinking.

Generally this is done with credit cards when, for example, the user can store multiple credit cards along with their account and instead of repeating the information the cards are presented for 'relative identification' (which is which) instead of 'absolute identification' (use this for a transaction).

The challenge with an IBAN is that all countries' IBAN have different structures. Some of them have greater variation away from the final few digits.

This is a good feature request. I will implement it. Thanks.

globalcitizen commented 4 years ago

I have decided to avoid the checksum digits as they may be used to infer the other digits with knowledge of local banks and branches (some countries have very few valid banks and branches). Therefore, I have decided to implement the obfuscation with only the country code followed by asterisks and the last four characters of the IBAN.

globalcitizen commented 4 years ago

Here is the sample output (source followed by obfuscated form).

MK07 5007 0100 0133 139
MK** **** **** ***3 139
MR13 0002 0001 0100 0012 3456 753
MR** **** **** **** **** ***6 753
NE58 NE03 8010 0100 1303 0500 0268
NE** **** **** **** **** **** 0268
NI92 BAMC 0000 0000 0000 0000 0312 3123
NI** **** **** **** **** **** **** 3123
NL91 ABNA 0417 1643 00
NL** **** **** **43 00
globalcitizen commented 4 years ago

Released in version 2.7.4.