Technical Guide6 min•Expert

How to Filter IBAN Numbers Before Sending to LLM APIs (Python)

Protect EU banking data (IBAN) when using GPT-4o, Claude, or DeepSeek. Python regex for SEPA compliance + Frankfurt-based PII proxy.

iban redactionmask bank account pythonsepa compliance llmiban filter ai

The Problem

International Bank Account Numbers (IBANs) are financial PII under GDPR Article 9. Sending IBANs to AI providers without redaction violates PSD2 (Payment Services Directive 2) and creates liability under EU banking regulations.

The Hard Way (Manual Regex)

You could manually implement regex detection in your application:

ibanRegex = r'\b[A-Z]{2}\d{2}[A-Z0-9]{11,30}\b';

Regex Explanation: IBANs start with 2-letter country code (A-Z), followed by 2 check digits, then 11-30 alphanumeric characters. Example: DE89370400440532013000 (Germany, 22 chars). This regex covers all 37 SEPA countries with varying lengths.

The Secure Way (SafePipe Proxy)

Instead of maintaining regex patterns and handling edge cases, use SafePipe's Zero-Knowledge proxy. We handle PII detection in <30ms RAM processing, hosted in Frankfurt (EU).

from openai import OpenAI
import os

# Example: Financial analysis with IBAN data
financial_data = """
Transaction details:
From: DE89370400440532013000 (Customer Account)
To: FR1420041010050500013M02606 (Vendor Account)
Amount: €15,234.50
Purpose: Invoice #2024-1234
"""

# ❌ PSD2 VIOLATION: Direct API call
unsafe_client = OpenAI(
    api_key=os.environ["OPENAI_API_KEY"],
    base_url="https://api.openai.com/v1"
)

# 🚨 IBANs sent to US servers (Schrems II issue)

# ✅ BANKING-COMPLIANT: SafePipe IBAN Filter
safe_client = OpenAI(
    api_key=os.environ["SAFEPIPE_API_KEY"],
    base_url="https://safepipe.eu/api/v1",
    default_headers={
        "x-provider-key": os.environ["OPENAI_API_KEY"]
    }
)

response = safe_client.chat.completions.create(
    model="gpt-4o",
    messages=[{
        "role": "user",
        "content": f"Analyze this transaction:\n{financial_data}"
    }]
)

# What the LLM receives:
# """
# Transaction details:
# From: [IBAN_DE] (Customer Account)
# To: [IBAN_FR] (Vendor Account)
# Amount: €15,234.50
# Purpose: Invoice #2024-1234
# """

# The AI can still analyze the transaction structure without seeing raw IBANs

Why This Matters for Compliance

IBANs are direct links to bank accounts. Under PSD2, banks must implement Strong Customer Authentication (SCA) for data access. Sending IBANs to third-party AI providers without consent violates Article 94 of PSD2. SafePipe's IBAN detection covers all 37 SEPA countries and redacts in <30ms, ensuring BaFin (German regulator) compliance.

Ready to implement PII protection?

Get your SafePipe API key in 2 minutes. No credit card required for the Free tier.

Get API Key (Free)Read Full Docs

Related Guides

How to Mask US Social Security Numbers (SSN) for OpenAI API Compliance

Prevent SSN leaks when using OpenAI GPT-4o or o3. Learn SSN format detection, regex patterns, and automated masking for HIPAA/GDPR compliance.

6 min→

How to Redact Emails in Python Before Sending to DeepSeek API

Protect EU customer emails when using DeepSeek-V3 or DeepSeek-R1. Python regex guide + Frankfurt-based GDPR proxy for Chinese AI models.

5 min→