I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

------------------------------
Ahmad Hassan Tariq

Original Message:
Sent: Wed October 30, 2024 09:48 AM
From: Marcio Bulek
Subject: Ensuring Exact Length Matches in Regex for CNIC and Card Number Masking in Guardium

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

------------------------------
Marcio Bulek

Original Message:
Sent: Tue October 29, 2024 03:30 AM
From: Ahmad Hassan Tariq
Subject: Ensuring Exact Length Matches in Regex for CNIC and Card Number Masking in Guardium

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

------------------------------
Ahmad Hassan Tariq
------------------------------

Ahmad:

It sounds like you are trying to build your own regex for use in a policy extrusion rule. The policy doesn't have a way to limit the number of characters outside of what the regex would control.

Have you tried using the regex provided by the predefined rules in the Sensitive Data Discovery module? For example, Guardium has this regex for 16 digit CC# with dashes or spaces: ^[0-9]{4}[-, ]?[0-9]{4}[-, ]?[0-9]{4}[-, ]?[0-9]{4}[ ]*$.

You can find this information by going to Discover Sensitive Data, clone any of the out of the box templates, and view the predefined classification rules available under 'What to discover'.

------------------------------
Wendy Zemba
Sr. Consultant, Data Protection
Converge Technology Solutions
wendy.zemba@convergetp.com

Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.

Original Message:
Sent: Wed October 30, 2024 12:02 PM
From: Ahmad Hassan Tariq
Subject: Ensuring Exact Length Matches in Regex for CNIC and Card Number Masking in Guardium

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

------------------------------
Ahmad Hassan Tariq

Original Message:
Sent: Wed October 30, 2024 09:48 AM
From: Marcio Bulek
Subject: Ensuring Exact Length Matches in Regex for CNIC and Card Number Masking in Guardium

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

------------------------------
Marcio Bulek

Original Message:
Sent: Tue October 29, 2024 03:30 AM
From: Ahmad Hassan Tariq
Subject: Ensuring Exact Length Matches in Regex for CNIC and Card Number Masking in Guardium

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

------------------------------
Ahmad Hassan Tariq
------------------------------

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello Marcio Bulek,

Thank you for your response. I tried the regex you mentioned, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, to capture a 13-digit CNIC with dashes, if the regex ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9])  is used, it will mask the data as well. However, if you use ^ and $ at the start and end, it does not work.I have uploaded a snapshot for your reference.

In my case, the CNIC is without dashes, such as 1234567890123. Please provide the specific regex pattern for masking to capture this format.

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hi Ahmad,

Could you try this one ^([0-9]{4})([0-9]{4})([0-9]{4})([0-9])$ for 1234567890123 format. 

I hope it works the way you want it to

Hello Marcio Bulek,

Thank you for your response. I tried the regex you mentioned, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, to capture a 13-digit CNIC with dashes, if the regex ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9])  is used, it will mask the data as well. However, if you use ^ and $ at the start and end, it does not work.I have uploaded a snapshot for your reference.

In my case, the CNIC is without dashes, such as 1234567890123. Please provide the specific regex pattern for masking to capture this format.

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello Veysel Gundogdu

I tried the regex you mentioned ^([0-9]{4})([0-9]{4})([0-9]{4})([0-9])$, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, if we use sign ^  and & , masking didn't work.

Hi Ahmad,

Could you try this one ^([0-9]{4})([0-9]{4})([0-9]{4})([0-9])$ for 1234567890123 format. 

I hope it works the way you want it to

Hello Marcio Bulek,

Thank you for your response. I tried the regex you mentioned, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, to capture a 13-digit CNIC with dashes, if the regex ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9])  is used, it will mask the data as well. However, if you use ^ and $ at the start and end, it does not work.I have uploaded a snapshot for your reference.

In my case, the CNIC is without dashes, such as 1234567890123. Please provide the specific regex pattern for masking to capture this format.

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello Marcio Bulek,

Thank you for your response. I tried the regex you mentioned, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, to capture a 13-digit CNIC with dashes, if the regex ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9])  is used, it will mask the data as well. However, if you use ^ and $ at the start and end, it does not work.I have uploaded a snapshot for your reference.

In my case, the CNIC is without dashes, such as 1234567890123. Please provide the specific regex pattern for masking to capture this format.

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello Marcio Bulek,

Thank you for your response. I tried the regex you mentioned, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, to capture a 13-digit CNIC with dashes, if the regex ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9])  is used, it will mask the data as well. However, if you use ^ and $ at the start and end, it does not work.I have uploaded a snapshot for your reference.

In my case, the CNIC is without dashes, such as 1234567890123. Please provide the specific regex pattern for masking to capture this format.

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!

Hello petr Mares

Thanks for your suggestion.

The regex you mentioned didn't work. Additionally, I have uploaded a snapshot for your reference.

Hello Marcio Bulek,

Thank you for your response. I tried the regex you mentioned, but it didn't work and didn't mask the data. Additionally, I have uploaded a snapshot for your reference.

Secondly, to capture a 13-digit CNIC with dashes, if the regex ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9])  is used, it will mask the data as well. However, if you use ^ and $ at the start and end, it does not work.I have uploaded a snapshot for your reference.

In my case, the CNIC is without dashes, such as 1234567890123. Please provide the specific regex pattern for masking to capture this format.

Hello Ahmad,

I searched online and it seems a CNIC number has the following format: XXXXX-XXXXXX-X  For example: 12345-1234567-1

This regex should work: ^[0-9]{5}-[0-9]{7}-[0-9]$

Hello,

Thank you for the suggestion. I have tried using the ^ and $ symbols in the regex to define the start and end positions, but this approach did not result in masking at the database level as expected.

Any additional guidance on ensuring that the regex effectively masks data at the DB level would be greatly appreciated.

Thanks again for your assistance

Hello Ahmad,

For card numbers I suggest using the Guardium built-in special pattern test:  guardium://CREDIT_CARD (https://www.ibm.com/docs/en/gdp/12.x?topic=policies-special-pattern-tests)

For custom regex capturing sequences longer than the intended length,  you may use ^ and $ to indicated positions at start and end of a line respectively. There are several websites that helps build and test regex. For example: https://regex101.com/

Hope this helps

I'm working on a masking use case for CNIC (13-digit) and card numbers (16-digit) using regular expressions. We've created a regex to capture 13 characters for CNIC and 16 characters for card numbers, but we're facing an issue where the regex captures sequences longer than the intended length.

For the CNIC, we're using this regex: ([0-9][0-9][0-9][0-9])[0-9]-([0-9][0-9][0-9][0-9])[0-9][0-9][0-9]-([0-9]). with Dashes

And for card numbers with spaces between each group of 4 digits, we're using: ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9] ([0-9][0-9])[0-9][0-9].

How can we ensure that the regex captures only exactly 13 characters for CNICs and exactly 16 characters for card numbers, without matching any longer sequences?

Thank you for your guidance!