Hi,
As per PCI DSS Requirements, any credit card data should not be sent via end-user technologies such as e-mails. Masking a card data by data security (or maybe by email security) when it is triggered by a credit card rule can be great.
Consider the scenario. An unintended employee sends an email containing 5 Credit Cards. As per PCI DSS Requirements, you should not send any cleartext credit card data via e-mail. The feature request is for this problem. Instead of encrypting the email, the Data Security or Email Security can read the email, search it via the rule or by a regular expression and then mask the card data so that only first 6 and last 4 digits are sent to the receiver. The other digits can be masked as "X".
For further details, you may refer to Websense case No. 01505379