How to mask credit card numbers in log files with Log4J?

Question

Our web app needs to be made PCI compliant, i.e. it must not store any credit card numbers. The app is a frontend to a mainframe system which handles the CC numbers internal

Answer 1

A better implementation of credit card number masking is at http://adamcaudill.com/2011/10/20/masking-credit-cards-for-pci/ . You want to log the issuer and the checksum, but not the PAN (Primary Account Number).