diff --git a/lib/Raven/Processor/SanitizeDataProcessor.php b/lib/Raven/Processor/SanitizeDataProcessor.php
index 44cc77ecc..9c1af6b4e 100644
--- a/lib/Raven/Processor/SanitizeDataProcessor.php
+++ b/lib/Raven/Processor/SanitizeDataProcessor.php
@@ -19,7 +19,7 @@ class Raven_Processor_SanitizeDataProcessor extends Raven_Processor
 {
     const MASK = self::STRING_MASK;
     const FIELDS_RE = '/(authorization|password|passwd|secret|password_confirmation|card_number|auth_pw)/i';
-    const VALUES_RE = '/^(?:\d[ -]*?){13,16}$/';
+    const VALUES_RE = '/^(?:\d[ -]*?){13,19}$/';
 
     protected $fields_re;
     protected $values_re;
diff --git a/test/Raven/Tests/Processor/SanitizeDataProcessorTest.php b/test/Raven/Tests/Processor/SanitizeDataProcessorTest.php
index 94267df75..218ac3691 100644
--- a/test/Raven/Tests/Processor/SanitizeDataProcessorTest.php
+++ b/test/Raven/Tests/Processor/SanitizeDataProcessorTest.php
@@ -88,7 +88,7 @@ public function testSettingProcessorOptions()
         $processor  = new Raven_Processor_SanitizeDataProcessor($client);
 
         $this->assertEquals($processor->getFieldsRe(), '/(authorization|password|passwd|secret|password_confirmation|card_number|auth_pw)/i', 'got default fields');
-        $this->assertEquals($processor->getValuesRe(), '/^(?:\d[ -]*?){13,16}$/', 'got default values');
+        $this->assertEquals($processor->getValuesRe(), '/^(?:\d[ -]*?){13,19}$/', 'got default values');
 
         $options = array(
             'fields_re' => '/(api_token)/i',