How to fix BR-51
In accordance with card payments security standards an invoice should never include a full card primary account number (BT-87). At the moment PCI Security Standards Council has defined that the first 6 digits and last 4 digits are the maximum number of digits to be shown.
What this rule checks
For PCI DSS compliance, a full credit card number must never appear on an invoice. Only a truncated version (first 6 and last 4 digits) is permitted.
Referenced business terms
This rule references the following EN 16931 business term. Click through for the full definition, the UBL XPath and the cardinality.
How to fix it
Truncate the card number in cac:PaymentMeans → cac:CardAccount → cbc:PrimaryAccountNumberID to show at most the first 6 and last 4 digits, masking the rest.
Related rules
Validate your invoice
Upload your corrected invoice to check it passes BR-51 and all other EN 16931 and Peppol BIS 3.0 rules. Free, instant, no signup.