Dr. Evil pressed the little lettered thingies in this order...

> I know that credit cards have standard formats: There's a standard
> number of digits, and whether the card is Visa, MC, Amex, etc is
> encoded in the number, and there is some kind of checksum, and I think the
> expiration is also encoded in the number.  All of this is obvious stuff
> that anyone designing such a system would do.
> I'm wondering if anyone can refer me to a site that describes what
> this format is, so I can write some PHP code that will check to see if a
> credit card number format is correct.  I don't even want to try to run the
> card through my merchant account if the format is obviously wrong.  I
> assume that banks check the rejection rate on their merchant accounts, and
> too many bogus cards would not look good.
> I did a quick search on the web, and there are a vast number of
> "hacker" credit card number generators, but that isn't exactly what
> I'm looking for.
> Thanks

The only 100% certain thing about credit card numbers is the fact that 
they are 16 numbers.  By law, the numbers are supposed to be 
generated at random and not generated by any kind of algorithm or 
formula.  Doing otherwise would make credit card numbers "guessable" 
and therefore inherantly insecure.  Most (all?) credit cards now also 
have a three digit "CCV2" number which is only printed on the back of 
the card and is supposed to be a form of digital signature.  Several 
processing companies are requiring that this number be sent with online 
transactions.  If you're taking credit card payments from untrusted 
sources, you would be wise to also get the CCV2.

The only way to pre-check a credit card number is to check for a valid 
number of characters and the lack of alpha characters.  i.e:
        if (strlen($CCNum) < 16 OR !ereg("[0-9]{16}",$CCNum)) {
        ... invalid CC code here ...
(or something similar, depending on your initial script)

Unless it becomes absolutely ridiculous, I don't think that your bank is 
going to complain for too many bad cards.  After all, they're still making 
money off of you. If they do get upset, you ought to find a new bank.  
Seriously. Many banks would be very happy to have your business, bad 
credit card requests and all.

Good luck...

Christopher Ostmo
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

For a good time,

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to