Hi Mssudd,
Either u can define in ur policy that no. of matching of CCN should be <5 or <10 then it should not generate incident, and if user sent more than this count then this will generate incident. this way u can reduce the above possibility which u asked.
Also u can dismissed such cases even after auto escalation. u will get match count setting in policy list->policy .......
Educate the use to avoid such instances in office which reduce the unnecessary attention.
As i was worked in incident mgmt and policy tune , I recommend u to this.I hope this will help u.
Also refer below some thread for understanding purpose
https://www-secure.symantec.com/connect/forums/false-positives-policy-modification
https://www-secure.symantec.com/connect/forums/fine-tune-credit-card-policy
https://www-secure.symantec.com/connect/forums/detecting-credit-card-number
https://www-secure.symantec.com/connect/forums/masking-credit-card-number-incidents