In release 1611, the credit card number is masked so only the last 4 digits are shown,.

In July2017, this feature was removed. This is causing issues for my company. We use the credit card number as the Card ID, but do not want the entire number to show.


In prior releases, the employee’s expense credit card ID was designed to only allow up to 10 characters and displayed the last 4 digits entered as the card ID. The ability to enter more characters was required for organizations that have an agreement with their credit card company to use another key to identify an employee’s credit card number without entering the credit card number. This key is often greater than 10 characters and is typically between 20 and 30 characters.

This feature has lengthened the Card ID field for the employee’s credit card setup (Human resources > Workers > Employees > Expense tab > Credit cards) and provides a parameter to validate whether a 15- or 16-character number is allowed as the card ID. The parameter, Enter employee credit card number, is found on the General tab of the Expense management parameters form (Expense management> Setup > General > Expense management parameters). By default, credit card numbers are not allowed as the expense credit card ID.
Ideas Administrator

Thank you for your feedback. We released this feature in the 8.1 release and as a 7.3 hotfix (KB 4465289). These are the new values under the expense management parameter for Enter employee credit card number.


Enum Value


Prevent card number entry


  • User is unable to enter any card number for an employee that would pass the Luhn algorithm, guaranteeing this is not a card number.
  • Customer can upload payment file with an identifier of their choosing. If they can use a unique identifier such as employee name and number that would be best. Otherwise if they have to us a number, we would recommend card number / ID of a maximum of 10 digits aligning to 6+4 suggestion by PCI.

Hash card numbers (store last 4 digits)


  • Full card numbers can be entered, but are immediately hashed upon record insert using SHA512 a salt value to help make it harder to brute force match the hash.  No Luhn check is performed.  The hashed value is stored. The last four digits of the card are also stored for display purposes.

Store card numbers


  • User is able to enter any card number, no Luhn check is performed.
  • The number is saved as entered 
  • The system only shows the last 4 digits once stored in the system This is required for our customers to be able to use the expense module if paying a card provider based on card number, such as AMEX.




Ryan Sandness