I've not used but have read about these filters. As KB said they scan for patterns. If you emailed a customer, telling them they need to enter their SSAN on your web form in the proper format, 123-45-6789, that would get flagged because it resembles a real SSAN.
A temporary fix so that this is not exposed may be to use your internet banking communication system. Often these don't leave your servers. YMMV, but this may help in a pinch.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell