Skip to main content
GabrFila
Staff
GabrFila
Staff
October 3, 2025

Troubleshooting Tip: DLP credit card built-in type not matching ChatGPT Transactions

  • October 3, 2025
  • 0 replies
  • 722 views
Description

This article explains why, under certain conditions, the built-in credit card DLP data type does not match valid credit card numbers when testing Data Loss Prevention (DLP) policies with ChatGPT.

Specifically, when a message contains multiple credit card numbers separated by new lines, only the first line is detected. The built-in credit card data type fails to identify valid credit card numbers in the subsequent lines.
Scope FortiGate, FortiSASE.
Solution

To reproduce this issue, a policy must be applied to ChatGPT traffic with a DLP security profile and SSL deep inspection enabled. The expected behavior is that the system filters posts containing credit card numbers by leveraging the built-in credit card data type to match the traffic, including cases where the credit card numbers are presented as a list separated by new lines.

 

Steps to reproduce:

 

  • A DLP policy applied to ChatGPT traffic is needed. This policy must have SSL deep inspection enabled and the dlp profile applied:

 

GabrFila_0-1759498015186.png

 

GabrFila_1-1759498015188.png

 

  • A DLP security profile configuration with a sensor configured with a dictionary matching DLP built in datatype:

 

GabrFila_2-1759498015189.png

 

GabrFila_3-1759498015189.png

 

GabrFila_4-1759498015191.png

 

GabrFila_5-1759498015192.png

 

  • A ChatGPT post containing credit card numbers separated with new lines:
GabrFila_6-1759498015196.png

 

  • Notice that the post was not blocked by DLP, even though it contains multiple valid credit card numbers.

 

Root Cause:

 

Upon analysis, it was found that this behavior is related to how ChatGPT formats data before sending it to the server.

 

  • ChatGPT submits the content as JSON payloads.

 

  • In decrypted HTTP POST requests, the data appears as a JSON string formatted this way, with the \n separator embedded in the string:


are these credit card numbers?\n4111111111111111\n4111 1111 1111 1111\n5555555555554444\n....

 

  • The built-in Credit Card data type uses this regular expression with word boundaries (\b):

\b([2-6]{1}\d{3})[- ]?(\d{4})[- ]?(\d{2})[- ]?(\d{2})[- ]?(\d{2,4})\b

 

  • Since the newline character \n is embedded into the string, it does not constitute a word boundary, so the regex fails to match credit card numbers.

 

Solution / Workaround:

 

To address this, a custom dictionary data type can be created for credit card detection without using the \b boundary included in the built-in data type.

This ensures that credit card numbers within ChatGPT traffic are detected correctly, even when separated by new lines.

Example configuration with the fix:

GabrFila_7-1759498057743.png

 

GabrFila_8-1759498057744.png

 

With this configuration, traffic is matched by DLP sensor and it is blocked correctly:

GabrFila_9-1759498057745.png

 

 

GabrFila_10-1759498057746.png

CLI Configuration with solution applied:

 

config firewall policy     edit 24         set name "chatgpt"         set srcintf "fortilab-local-zone"         set dstintf "virtual-wan-link"         set action accept         set srcaddr "all"         set dstaddr "chatgpt"         set schedule "always"         set service "ALL"         set utm-status enable         set inspection-mode proxy         set ssl-ssh-profile "deep-inspection"         set dlp-profile "block-cc-profile"         set application-list "default"         set logtraffic all         set nat enable     next end  config dlp profile     edit "block-cc-profile"         set feature-set proxy         config rule             edit 1                 set name "block-cc"                 set type message                 set proto http-post                 set filter-by sensor                 set sensor "cc"                 set action block             next         end     next end  config dlp sensor     edit "cc"         config entries             edit 1                 set dictionary "custom-cc"             next         end     next end  config dlp dictionary     edit "custom-cc"         config entries             edit 1                 set type "regex"                 set pattern "/([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})/m"                 set repeat enable             next         end     next end

 

Important considerations:

  • The modified regex is less restrictive than the built-in Credit Card data type.
  • This may result in false positives in some environments.
  • This workaround is intended specifically for ChatGPT transactions. Other applications or websites that format strings differently may not require this adjustment.

  • In lower-end (with 2 GB of RAM or less) FortiGate models with versions v7.6.x, the DLP (Data Loss Prevention) option may not be visible in the GUI under Security Profiles or Feature Visibility.

     

Related documents:

Protecting GenAI Access using DLP

Technical Tip: DLP profile is not blocking credit card info when outlook desktop app is using HTTPS

Technical Tip: How DLP utilizes Luhn Verification for Credit Card Check along with hyperscan matching engine
    Terms & ConditionsAccessibility statement