What types of card data can the KavachOne CDD Scanner detect?

KavachOne CDD Scanner detects all PCI DSS in-scope card data including Luhn-validated PANs across all major card schemes (Visa, Mastercard, Amex, Discover), CVV/CVC2/CID values, expiry dates, magnetic stripe Track 1 and Track 2 data, IBAN numbers across 77+ country formats, and SWIFT/BIC codes.

Does the CDD Scanner send card data to the cloud?

Never. CDD Scanner is deployed as an agent entirely within your own infrastructure. Card data is masked in-place before appearing in any report — raw PANs, CVVs, and track data never leave your perimeter. Fully air-gap compatible.

Which compliance frameworks does the CDD Scanner support?

CDD Scanner provides finding-level mapping to PCI DSS v4 (primary), GDPR, India DPDP Act 2023, SOX, GLBA, and supports RoPA (GDPR Art. 30) and DPIA (GDPR Art. 35) documentation workflows.

Discover, Classify & Protect Payment Card Data

Discover, Classify & Protect Card & Financial Data

CDD Scanner is a production-grade Card Data Discovery Scanner deployed as an agent inside your own infrastructure. Your data never leaves your perimeter. Scan every database, cloud bucket, and file share — mapped to PCI DSS v4, GDPR, and DPDP Act 2023.

Agent-Deployed On-Prem

PCI DSS v4 Ready

GDPR Compliant

DPDP Act 2023

Track Data Detection

Offline / Air-Gap Ready

100%

PCI DSS v4 Coverage

99%+

Detection Accuracy

50+

Data Sources

Card Formats

Core Capabilities

Everything You Need to Discover, Manage & Protect Card Data

A purpose-built card data discovery platform offering full visibility of PANs, CVV, expiry dates, track data, IBAN, and SWIFT codes across your entire data estate — enterprise-grade modules deployed as a lightweight agent on your servers, with zero data egress.

99%+ Accuracy

Intelligent PII Detection

Comprehensive sensitive data types: Aadhaar, PAN, Passport, SSN, IBAN, SWIFT, IMEI, GPS coordinates, Medical Record Numbers, Blood Group, Name, Address, Phone, Medical, Email, Gender, Age, UPI ID, GSTIN and more.

PCI DSS v4

Payment Card & PCI-DSS Scanning

Dedicated card-data mode covering Luhn-validated PANs, CVV, expiry dates, track data, SWIFT/IBAN. Analysis and risk detection and more.

Multi-Source

Universal Data Connectors

Scan wherever data lives: local/network filesystems, SFTP, Windows SMB shares, MongoDB, AWS S3, Google Cloud Storage and more.

Relational + Cloud DBs

Enterprise Database Scanning

Deep scanning of PostgreSQL, MySQL/MariaDB, Oracle, IBM DB2 and cloud databases with schema discovery and streaming sampling and more.

Audit-Ready

Compliance-Grade Reporting

Executive-ready PDF reports and multi-sheet Excel workbooks including risk score, severity classification and compliance mapping and more.

5,000 files/min

High-Performance Scanning

Pool utilizing all CPU cores. Streaming scanning engine processes thousands of files per minute and more.

Zero Data Egress

Smart Masking & Redaction

Type-aware masking for every detected PII type including Aadhaar, PAN, email, phone and credit card numbers and more.

Packs

Enterprise Rule Engine

Industry rule packs for financial, healthcare and e-commerce sectors with contextual keyword detection and more.

Air-Gap Ready

Enterprise Licensing

Secure offline-first licensing. Works in air-gapped and restricted environments and more.

12+ Formats

Columnar & Document Formats

Support for CSV, Excel, Parquet, JSON, PDF text extraction, DOCX, ZIP/GZIP archives and structured datasets and more.

SSE

Web Dashboard

Browser-based dashboard with real-time scan progress and integrations and more.

Live Monitoring

Real-Time Scan Monitoring

Monitor scan progress with live status updates, detailed logs, and instant alerts for detected sensitive data across all connected sources and more.

Live Dashboard Preview

See CDD Scanner in Action

Purpose-built card data scanning — with compliance-mapped findings, risk distribution analytics, and one-click PCI DSS audit-ready reports, running entirely within your own infrastructure.

Full card data discovery including PANs, CVV, expiry dates, track data, IBAN, and SWIFT — mapped to PCI DSS v4 controls with a complete traceability matrix.

PAN · CVV · Expiry · Track Data

Active

PAN detection across all connectors

Multi-source breakdown: Filesystem, MySQL, Oracle, Postgres, many more

PCI DSS v4 requirement mapping per finding

Automated compliance-ready PDF and Excel report generation

✓ All data processed within your own infrastructure

datasentinel.internal/dashboard

Card Tier License

Card Data Discovery Dashboard — Pii Scanner PCI DSS

Live scan · PCI DSS v4 in-scope card elements only

On-Premise Agent Architecture

Your Card Data Never Leaves Your Environment — 100% Secure & Private

CDD Scanner deploys as a lightweight agent inside your own perimeter — on-premise, private cloud, or air-gapped. It scans, reports, and masks entirely from the inside.

Runs Inside Your Perimeter

The agent installs on your own servers. Connects to internal data sources directly — no relay, no proxy, no middleman.

Direct Data Source Integration

Connects securely to databases, file systems, and internal applications to scan card data without exporting or transferring it outside your environment.

Masking Happens In-Place

Card values are masked before they appear in any report. Raw PANs, CVVs, and track data are never written to disk outside their source.

Reports Stay On Your Infrastructure

PDF and Excel PCI DSS compliance reports are generated locally and stored on your designated output path. The web dashboard is accessible only within your internal network.

Your Organization's Infrastructure

Internal Perimeter — Fully Isolated

Databases

File Shares

Private Cloud

MongoDB

SFTP / SMB

Data Lakes

CDD Scanner

Scanning · Classifying · Masking · Reporting

RUNNING

PDF/Excel Reports

Stored locally

Web Dashboard

Internal access only

Zero Card Data Crosses This Boundary

External Cloud / Internet — No card data ever transmitted outbound

Smart Masking Examples — Format-Preserving, Type-Aware

Raw values never stored or transmitted

Card Data Type	Original Value	Masked Output	Status
Visa PAN	4111 1111 1111 1111	4111 ** ** 1111	Masked
Mastercard	5500 0000 0000 0004	5500 ** ** 0004	Masked
CVV	473	***	Masked
Expiry Date	09/27	/	Masked
IBAN	GB29 NWBK 6016 1331 9268 19	GB29 ** ** 19	Masked

Regulatory Coverage

Built for PCI DSS v4, GDPR & DPDP Compliance Requirements

Finding-level mapping across six major regulatory frameworks — a complete evidence trail for your QSA, DPO, and auditors.

Global · Payments

PCI DSS v4

Payment Card Industry Data Security Standard

First-class card scanning mode. Luhn-validated card numbers, CVV, expiry dates, track data, IBAN, SWIFT. Auto-generates the full 8-sheet Card Compliance Excel workbook with PAN Analysis, Expiry Risk, CVV Exposure, Track Data findings, and Compliance Gap sections.

Luhn PAN ValidationCVV DetectionTrack Data ScannerIBAN / SWIFTGap Report (8 sheets)

GDPR Art. 30

RoPA

Records of Processing Activities

CDD Scanner's output feeds directly into your RoPA documentation workflow. Every scan produces a structured card-data inventory — data categories found, storage locations, retention indicators, and processing risk level mapped to Art. 30 requirements.

Data Category InventoryStorage Location MappingRetention IndicatorsController / Processor ViewArt. 30 Ready Export

GDPR Art. 35

DPIA

Data Protection Impact Assessment

Scan results provide the evidence layer for DPIA documentation on payment systems. Risk scores (0–100), CRITICAL/HIGH/MEDIUM/LOW severity ratings, card data volume exposure, and compliance gap findings map directly to DPIA necessity assessment and proposed mitigation sections.

Risk Score per FindingSeverity ClassificationExposure Volume MetricsNecessity Assessment InputMitigation Evidence

USA · Payments

SOX & GLBA

Sarbanes-Oxley & Gramm-Leach-Bliley Act

Financial institutions subject to SOX and GLBA must maintain controls over sensitive financial data including payment card information. CDD Scanner's audit-ready reports, risk scores, and masking evidence support internal control testing and regulatory examination responses.

Audit-Ready ReportsInternal Control EvidenceData SafeguardsRisk Assessment OutputExamination Ready

50+ Integrations

Scan Card Data Across Your Entire Data Pipeline

Discover, classify and protect sensitive card data — wherever it lives.

Relational Databases

MySQL, Microsoft SQL Server, PostgreSQL, MongoDB +2 more

Cloud Databases

AWS RDS (PostgreSQL, MySQL, Oracle), AWS Aurora, Google Cloud SQL, Azure SQL Database +2 more

NoSQL & Document

MongoDB, Elasticsearch (via export)

Object & Cloud Storage

AWS S3, Google Cloud Storage, Azure Blob Storage

Network & File Systems

Local Filesystem, SFTP, SMB / Windows Shares, NFS Mounts

CDD Scanner Engine

Real-time detection · Tokenization · Compliance mapping

99%+

Accuracy

50+

Sources

5k/m

Files/min

PCI DSS

PCI DSS v4 Compliance

Full requirement mapping per finding

Sensitive Data Discovery

PANs, CVV, IBAN, SWIFT & more

Real-time Alerts

Instant notifications on detection

Tokenized Storage

Format-preserving card masking

Data Risk Insights

Risk scores 0–100 per finding

Audit-Ready Reports

PDF & 8-sheet Excel workbook

Compliance Gap Analysis

Automated gap detection & remediation

Air-Gap / Offline Ready

No cloud dependency required

3-Step Process

Three Steps to Achieve Card Data Visibility & PCI DSS Compliance

From zero visibility to full card data control — in days, not months

Connect

Point at any data source — database, cloud storage, filesystem, or network share. Configure credentials once; the factory-pattern connector handles the rest.

Discover

Dedicated card-scan engine validates PANs via Luhn algorithm, detects CVV, expiry dates, track data, IBAN, and SWIFT codes across every connected source.

Act

Generate PCI DSS v4 compliance reports, trigger real-time alerts, mask card data in place, and export the full 8-sheet Card Compliance Excel workbook with Gap Analysis.

Why CDD Scanner

Not Just a Card Scanner — A Complete Card Data Discovery & Protection Platform

Built ground-up for enterprise PCI DSS requirements that generic open-source and cloud-based scanners simply cannot meet

Capability	CDD Scanner	Generic Scanners
Offline / Air-Gap Operation	✓ Fully offline, no cloud dependency	✕ Requires cloud check-in
Machine-Bound Licensing	✓ Offline cryptographic machine binding	✕ SaaS / cloud-only keys
India DPDP Act 2023 (Native)	✓ Aadhaar + PAN validators, GSTIN, UPI	✕ Not supported
PCI DSS Card Scan Mode	✓ First-class, deep scan, comprehensive CISO report and traceability matrix	~ Basic pattern matching only
Web Dashboard + SSE	✓ Real-time scan progress via SSE	~ Basic CLI or SaaS portal
Data Never Leaves Perimeter	✓ Masking in-place; raw PII stays on source	✕ Uploads samples for analysis

Production-grade card data discovery that runs entirely within your perimeter — zero cloud egress, full PCI DSS v4 coverage.

— CDD Scanner by KavachOne Solutions

Get In Touch

Request an Enterprise Demo

Talk to a solutions engineer. We'll tailor a CDD Scanner demo to your exact data sources and PCI DSS compliance requirements.

Enterprise Demo

See it work on your own card data

Not synthetic data — your real environment. We'll walk through your PCI DSS requirements and show you exactly what CDD Scanner finds across your entire data estate.

Fast Deployment

Deploy on-premise in under 4 hours. No infrastructure changes required.

Your Data Stays Yours

Demo runs in your environment. No sample upload, no cloud egress.

PCI DSS Gap Assessment

Leave with a tailored PCI DSS v4 compliance gap report for your environment.

Trusted by enterprises across BFSI, e-commerce, Retail and Many More

Full Name *

Company *

Work Email *

Country

Phone *

What type of scanning do you need? (select one)

Data Sources in Use (select all that apply)

Message

Typically respond within 1 business day