C# Windows Application (not wpf) mask credit card number in text box as being entered followed by validation and processing of credit card number

Question

I am supporting an C# windows applications which accepts and processes credit card. But due to new rules, I need to mask the credit card number as it's being entered. So if the first number is 4, it is visible until the next number is entered (e.g. 9), then the text box shows *9.

I thought of using maskedtextbox but then the characters are all "*" but i need to show the last character typed .

Are there any best practices for doing this? keep in mind I need those numbers and run validations before the credit card is processed and then process the credit card and store it in the database. I already have CC field in database encrypted.

Any suggestions/help would be highly appreciated.

Answer 1

Simple way would be to have two text boxes. One that the user actually enters the number into, another that shows the masked version of that input. Put the masked control over the entry control.

Use TextChanged or KeyUp events to track changes and update.

eg

if (textBoxEntry.Text.Length <= 1)
{
    textBoxMasked.Text = textBoxEntry.Text;
}
else
{
    string lastChar = textBoxEntry.Text.Substring(textBoxEntry.Text.Length-1, 1);
    textBoxMasked.Text = lastChar.PadLeft(textBoxEntry.Text.Length, '*');
}

Beyond that you likely have issues with PCI compliance. It isn't enough to just encrypt these values into the database, you need key management policies, key rotation schedules, and heaps more. Hopefully you know all this already, but just mentioning it should you not be aware.