Credit Card Validation and Verification

This chapter goes through credit card validation and verification, such as is vital during the checkout procedure of an online shopping application. The chapter as a whole covers all aspects of the checkout procedure in detail.

This sample is taken from Chapter 7: "Credit Card Validation and Verification" of the Glasshaus title "Usable Shopping Carts"

Validating Credit Card Numbers with the Luhn Formula

The question of whether or not a credit card number represents an active credit or deposit account, and that this account has a sufficient line of credit or balance to cover a sale can only be answered by a clearinghouse or card processor with access to a banking system of which the card's backer is also a participant. However, because issuers of cards follow certain rules when creating card numbers, it is possible to verify whether a given number is accurate or couldn't possibly be a number of the stated type. We can use this information to check a number given to us by a customer and so catch any errors the customer might have made in typing it into the form before we submit it for authorisation.

Each type of card always has a certain number of digits and begins with a given prefix or range of prefixes. The following table provides the prefixes and lengths for the five most commonly used credit cards:

CARD TYPE

PREFIX(es)

LENGTH(s)

MasterCard

51-55

16

Visa

4

13 or 16

American Express

34 or 37

15

Discover

6011

16

Diners Club / Carte Blanche

300-305, 36, or 38

14

In addition, the number itself can be subjected to a mathematical test (of the sort generally referred to generally as a checksum) which it must pass in order to be legitimate. This test is known as the Luhn formula. It is somewhat tedious to perform by hand, but it's not terribly difficult to write a script to automate the task. These are the steps required to use it:

1.    Double the value of every other digit starting with the next-to-rightmost digit.

2.    If any of the resulting values has more than two digits, then its digits must be added together to produce a single digit.

3.    Add the sum of all the digits not doubled in step 1 to the sum of all the digits resulting in step 2.

4.    If the result is exactly divisible by 10 (that is, if the result ends in a zero), then the number is valid  providing of course that it's of the correct length and bears a correct prefix for that type of card  and can now be submitted for authorisation of a sale.

For example, suppose we're given the number 2323-2005-7766-3554.

2

3

2

3

2

0

0

5

7

7

6

6

3

5

5

4

*2

-

*2

-

*2

-

*2

-

*2

-

*2

-

*2

-

*2

-

4

3

4

3

4

0

0

5

14

7

12

6

6

5

10

4

4

3

4

3

4

0

0

5

1+4=5

7

1+2=3

6

6

5

1+0=1

4

SUM:

4+3+4+3+4+0+0+5+5+7+3+6+6+5+1+4=70.

70 mod 10 = 0.

Of course this number obviously isn't a valid one for any of the types shown due to the prefix, but it serves to illustrate the method used. Now let's put this all together into a workable validation routine. We'll be checking only MasterCard, Visa and American Express numbers in the example, but you should be able to use the information from the table above to extend the validation scripts to cover the additional card types listed, and more are available on the Web (see the References section at the end of the book).

George Petrov

George PetrovGeorge Petrov is a renowned software writer and developer whose extensive skills brought numerous extensions, articles and knowledge to the DMXzone- the online community for professional Adobe Dreamweaver users. The most popular for its over high-quality Dreamweaver extensions and templates.

George is also the founder of Wappler.io - the most Advanced Web & App Builder

See All Postings From George Petrov >>

Comments

Be the first to write a comment

You must me logged in to write a comment.