subject:"\[PHP\] Credit card number checker\?"

Re: [PHP] Credit card number checker?

2001-07-17 Thread John Monfort



> What companies issue card numbers that are not 16 numbers?  Are
> they non-US cards?  I haven't ever seen a card that wasn't 16 numbers.

  A valid VISA  card has between 13-16 digits.

  I believe AMERICAN EXPRESS only has 15 digits.

  -john

__John Monfort_
_+---+_
 P E P I E  D E S I G N S
   www.pepiedesigns.com
"The world is waiting, are you ready?"
-+___+-

On Mon, 16 Jul 2001, Christopher Ostmo wrote:

> Ashley M. Kirchner pressed the little lettered thingies in this order...
>
> > Christopher Ostmo wrote:
> >
> > > By law, the numbers are supposed to be
> > > generated at random and not generated by any kind of algorithm or
> > > formula.
> >
> > CC# must pass the Luhn MOD 10 formula, so the generated numbers can't
> > be
> > (totally) random - they have to conform to the formula.
> >
>
> I just responded to this separately... Basically, my earlier research on
> the issue must have been wrong.
>
> > Also, not all credit cards have 16 numbers.
> >
>
>
> Christopher Ostmo
> a.k.a. [EMAIL PROTECTED]
> AppIdeas.com
> Innovative Application Ideas
> Meeting cutting edge dynamic
> web site needs since the
> dawn of Internet time (1995)
>
> For a good time,
> http://www.AppIdeas.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Egan


On 16 Jul 2001 22:12:24 -, "Dr. Evil" <[EMAIL PROTECTED]> wrote:

>I know that credit cards have standard formats: There's a standard
>number of digits, and whether the card is Visa, MC, Amex, etc is
>encoded in the number, and there is some kind of checksum, and I think
>the expiration is also encoded in the number.  All of this is obvious
>stuff that anyone designing such a system would do.
>
>I'm wondering if anyone can refer me to a site that describes what
>this format is, so I can write some PHP code that will check to see if
>a credit card number format is correct.  I don't even want to try to
>run the card through my merchant account if the format is obviously
>wrong.  I assume that banks check the rejection rate on their merchant
>accounts, and too many bogus cards would not look good.

Right.

Especially since they don't have the card physically present, online
merchants should sanity check the card number before submitting it for
authorization.  Even honest customers could make a typing mistake that
renders their input completely bogus.

See page 2 of:


http://perl.about.com/library/weekly/aa073000a.htm




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread John Donagher

On 17 Jul 2001, Steve Sobol wrote:

> From 'John Donagher':
> >> accounts, and too many bogus cards would not look good.
> >> 
> >
> >My suggestion is to run an authorization for an extremely small amount of money
> >($1.00 is fairly standard) and that will tell you if the account is valid or
> >not.
> 
> Bad idea.
> 
> Some software, in particular that from merchant-provider Cardservice
> International, will deny all transactions for a set number of days if you
> have two declines from the same IP in the same 24-hour period.
> 

How exactly is a merchant responsible for the authenticity of the information
that a customer provides? That's why you use a payment gateway; because the
authenticity of a customer's payment information (be it credit card number,
available balance, whatever) is not something you can know. The algorithms you
can run may check the well-formedness of that number, but that is such a small
facet of the spectrum of failure causes you can run into in the process of a
transaction, that its usefulness will be rather limited.

I've built billing systems for two different companies, both with thousands of
customers, and hundreds of declined transactions every month (corresponding to
at least 10 a day). I've never run into such a thing, and I don't think what
you're saying is true, and I can't find anything to corroborate it on the
CardService website; can you please prove it? 

Any payment gateway that will _deny all transactions_ based on invalid
information being supplied by an end-user would be laughed out of the room by
medium to large-sized companies. I know this not to be the case with Verisign
Payment, at least.

-- 

John Donagher
Application Engineer
Intacct Corp. - Powerful Accounting on the Web
408-395-0989
720 University Ave.
Los Gatos CA 95032
www.intacct.com

Public key available off http://www.keyserver.net
Key fingerprint = 4024 DF50 56EE 19A3 258A  D628 22DE AD56 EEBE 8DDD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Steve Sobol


>From 'John Donagher':
>> accounts, and too many bogus cards would not look good.
>> 
>
>My suggestion is to run an authorization for an extremely small amount of money
>($1.00 is fairly standard) and that will tell you if the account is valid or
>not.

Bad idea.

Some software, in particular that from merchant-provider Cardservice
International, will deny all transactions for a set number of days if you
have two declines from the same IP in the same 24-hour period.

I have C code that can be translated to PHP that does the Mod-10 check,
which is what you want. Those of you who need it should e-mail me.



-- 
JustThe.net LLC - Steve "Web Dude" Sobol, CTO - [EMAIL PROTECTED] 

Donate a portion of your monthly ISP bill to your favorite charity or
non-profit organization! E-mail me for details. 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Christopher Ostmo


John Donagher pressed the little lettered thingies in this order...

> 
> Note, I said authorization, not charge. An authorization is a form of sale
> which is really a two-step process. The authorization places a hold on the
> funds, and then a capture transaction is initiated which indicates that the
> funds should be transferred. Running an authorization is harmless because
> (in this case) it is never captured. The only ill-effect is that your
> credit limit is reduced by $1.00 until the authorization expires (around a
> month or so). This is an accepted practice.
> 

Yes, I mis-read your statement.  Sorry.

I was just wrong all around on this one! :-)

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

For a good time,
http://www.AppIdeas.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Zak Greant


Christopher Ostmo wrote:
> Dr. Evil pressed the little lettered thingies in this order...
>
> >
> > I know that credit cards have standard formats: There's a standard
> > number of digits, and whether the card is Visa, MC, Amex, etc is
> > encoded in the number, and there is some kind of checksum, and I think
the
> > expiration is also encoded in the number.  All of this is obvious stuff
> > that anyone designing such a system would do.
> >
> > I'm wondering if anyone can refer me to a site that describes what
> > this format is, so I can write some PHP code that will check to see if a
> > credit card number format is correct.  I don't even want to try to run
the
> > card through my merchant account if the format is obviously wrong.  I
> > assume that banks check the rejection rate on their merchant accounts,
and
> > too many bogus cards would not look good.
> >
> > I did a quick search on the web, and there are a vast number of
> > "hacker" credit card number generators, but that isn't exactly what
> > I'm looking for.
> >
> > Thanks
> >

There are many misconceptions about credit cards. I am certainly no
expert, but I have done some research in the area.

> The only 100% certain thing about credit card numbers is the fact that
> they are 16 numbers.

Credit card numbers vary in length based on the type of card. Some
cards do not use the same number length all the time.

For example: Visa numbers can be 13 characters or 16 characters
in length

> By law, the numbers are supposed to be
> generated at random and not generated by any kind of algorithm or
> formula.  Doing otherwise would make credit card numbers "guessable"
> and therefore inherantly insecure.

Credit card numbers are inherently insecure and follow patterns.

Most cards have a standard prefix. i.e. The first letter for a
Visa number must be 4, Mastercard uses 5, etc..

With most card types, the number must validate via the Luhn formula
(See http://webopedia.internet.com/TERM/L/Luhn_formula.html)

> Most (all?) credit cards now also
> have a three digit "CCV2" number which is only printed on the back of
> the card and is supposed to be a form of digital signature.  Several
> processing companies are requiring that this number be sent with online
> transactions.  If you're taking credit card payments from untrusted
> sources, you would be wise to also get the CCV2.

Yep. Heck if know how/if they work with the primary card number. :)

> The only way to pre-check a credit card number is to check for a valid
> number of characters and the lack of alpha characters.  i.e:
> if (strlen($CCNum) < 16 OR !ereg("[0-9]{16}",$CCNum)) {
> ... invalid CC code here ...
> }
> (or something similar, depending on your initial script)

Actually, using the Luhn formula, you can validate most credit
card numbers (and Canadian Social Insurance Numbers FTM).

I have a script that:
 - validates credit card numbers
 - determines the credit card type based on the number
 - cleans CC numbers before processing (which allows the user to
   enter spaces for readability, without buggering the validation.)
 - see http://www.zend.com/codex.php?id=31&single=1

> Unless it becomes absolutely ridiculous, I don't think that your bank is
> going to complain for too many bad cards.  After all, they're still making
> money off of you. If they do get upset, you ought to find a new bank.
> Seriously. Many banks would be very happy to have your business, bad
> credit card requests and all.

Validating cards does reduce the hassle for the customer though. :)

--zak



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Ashley M. Kirchner


Christopher Ostmo wrote:

> What companies issue card numbers that are not 16 numbers?  Are
> they non-US cards?  I haven't ever seen a card that wasn't 16 numbers.

The ones I care for when I do eCommerce apps:

  Visa: 13, or 16 digits
MasterCard: 16
  AmEx: 15
Diners: 14
  Discover: 16


Others:

   enRoute: 15
 JC Penney: 16  (I think 15 is also valid, but i'm not sure)

--
H | Hi, I'm currently out of my mind.  Please leave a message.  BP!
  +
  Ashley M. Kirchner    .   303.442.6410 x130
  Director of Internet Operations / SysAdmin. 800.441.3873 x130
  Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6
  http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread John Donagher

On Mon, 16 Jul 2001, Christopher Ostmo wrote:

> John Donagher pressed the little lettered thingies in this order...
> 
> > My suggestion is to run an authorization for an extremely small amount of
> > money ($1.00 is fairly standard) and that will tell you if the account is
> > valid or not. Doing validation yourself implies a fully-publicly-understood
> 
> Maybe I am the only one, but I would NEVER do business with ANY 
> company that charged my credit card just to see if it was valid.
> 

Note, I said authorization, not charge. An authorization is a form of sale
which is really a two-step process. The authorization places a hold on the
funds, and then a capture transaction is initiated which indicates that the
funds should be transferred. Running an authorization is harmless because (in
this case) it is never captured. The only ill-effect is that your credit limit
is reduced by $1.00 until the authorization expires (around a month or so).
This is an accepted practice.

> At any rate, the initial request was to see if their was a way by which 
> you could tell whether the number is valid BEFORE it is sent to the 
> bank for processing.  Since this solution requires sending the card to 
> the bank for processing to see if the number is valid, it would defeat the 
> purpose.
> 

I did read the question. Every question has a context. My response is still
valid within the context of his question. There may be mitigating factors, but
in the projects I've worked on in the past, the approach I suggested has proved
much more reliable in the long-term.

John

-- 

John Donagher
Application Engineer
Intacct Corp. - Powerful Accounting on the Web
408-395-0989
720 University Ave.
Los Gatos CA 95032
www.intacct.com

Public key available off http://www.keyserver.net
Key fingerprint = 4024 DF50 56EE 19A3 258A  D628 22DE AD56 EEBE 8DDD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Christopher Ostmo

Ashley M. Kirchner pressed the little lettered thingies in this order...

> Christopher Ostmo wrote:
> 
> > By law, the numbers are supposed to be
> > generated at random and not generated by any kind of algorithm or
> > formula.
> 
> CC# must pass the Luhn MOD 10 formula, so the generated numbers can't
> be
> (totally) random - they have to conform to the formula.
> 

I just responded to this separately... Basically, my earlier research on 
the issue must have been wrong.

> Also, not all credit cards have 16 numbers.
> 

What companies issue card numbers that are not 16 numbers?  Are 
they non-US cards?  I haven't ever seen a card that wasn't 16 numbers.

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

For a good time,
http://www.AppIdeas.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Nathan Cook


I ran across this function awhile back and it is what we use.
---
function CCValidationSolution ($Number) {
global $CardName;

# 1) Get rid of spaces and non-numeric characters.
$Number = OnlyNumericSolution($Number);

# 2) Do the first four digits fit within proper ranges?
# If so, who's the card issuer and how long should the number be?
$NumberLeft = substr($Number, 0, 4);
$NumberLength = strlen($Number);

if ($NumberLeft >= 4000 and $NumberLeft <= 4999) {
   $CardName = "Visa";
   if ($NumberLength > 14) {
   $ShouldLength = 16;
   } elseif ($NumberLength < 14) {
   $ShouldLength = 13;
   } else {
   return FALSE;
   }
} elseif ($NumberLeft >= 5100 and $NumberLeft <= 5599) {
$CardName = "MasterCard";
$ShouldLength = 16;
} else {
return FALSE;
}


# 3) Is the number the right length?
if ($NumberLength <> $ShouldLength) {
$Missing = $NumberLength - $ShouldLength;
if ($Missing < 0) {
} else {
}
return FALSE;
}


# 4) Does the number pass the Mod 10 Algorithm Checksum?
if (Mod10Solution($Number) == TRUE) {
return TRUE;
} else {
 return FALSE;
}
}

function OnlyNumericSolution ($Number) {
   # Remove any non numeric characters.
   # Ensure number is no more than 19 characters long.
   return substr( ereg_replace( "[^0-9]", "", $Number) , 0, 19);
}

function Mod10Solution ($Number) {
$NumberLength = strlen($Number);
$Checksum = 0;

# Add even digits in even length strings
# or odd digits in odd length strings.
for ($Location = 1 - ($NumberLength % 2); $Location < $NumberLength;
$Location += 2) {
$Checksum += substr($Number, $Location, 1);
}

# Analyze odd digits in even length strings
# or even digits in odd length strings.
for ($Location = ($NumberLength % 2); $Location < $NumberLength; $Location
+= 2) {
$Digit = substr($Number, $Location, 1) * 2;
if ($Digit < 10) {
$Checksum += $Digit;
} else {
$Checksum += $Digit - 9;
}
}

# Is the checksum divisible by ten?
return ($Checksum % 10 == 0);
}

// Usage
if (CCValidationSolution($Number) == TRUE) {
echo "GOOD";
} else {
echo "Bad card!";
}
---

Good Luck!

Nathan Cook
[EMAIL PROTECTED]

- Original Message -
From: "Dr. Evil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 16, 2001 4:12 PM
Subject: [PHP] Credit card number checker?


>
> I know that credit cards have standard formats: There's a standard
> number of digits, and whether the card is Visa, MC, Amex, etc is
> encoded in the number, and there is some kind of checksum, and I think
> the expiration is also encoded in the number.  All of this is obvious
> stuff that anyone designing such a system would do.
>
> I'm wondering if anyone can refer me to a site that describes what
> this format is, so I can write some PHP code that will check to see if
> a credit card number format is correct.  I don't even want to try to
> run the card through my merchant account if the format is obviously
> wrong.  I assume that banks check the rejection rate on their merchant
> accounts, and too many bogus cards would not look good.
>
> I did a quick search on the web, and there are a vast number of
> "hacker" credit card number generators, but that isn't exactly what
> I'm looking for.
>
> Thanks
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Credit card number checker?

2001-07-16 Thread Jerry Lake


An authorization does not necessitate
a sale, it is a verification of available funds.

Jerry Lake
Interface Engineering Technician
Europa Communications - http://www.europa.com
Pacifier Online - http://www.pacifier.com


-Original Message-
From: Christopher Ostmo [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 16, 2001 4:49 PM
To: John Donagher
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Credit card number checker?


John Donagher pressed the little lettered thingies in this order...

> My suggestion is to run an authorization for an extremely small amount of
> money ($1.00 is fairly standard) and that will tell you if the account is
> valid or not. Doing validation yourself implies a
fully-publicly-understood

Maybe I am the only one, but I would NEVER do business with ANY
company that charged my credit card just to see if it was valid.

At any rate, the initial request was to see if their was a way by which
you could tell whether the number is valid BEFORE it is sent to the
bank for processing.  Since this solution requires sending the card to
the bank for processing to see if the number is valid, it would defeat the
purpose.

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the
dawn of Internet time (1995)

For a good time,
http://www.AppIdeas.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Ashley M. Kirchner

"Dr. Evil" wrote:

> I'm wondering if anyone can refer me to a site that describes what
> this format is, so I can write some PHP code that will check to see if
> a credit card number format is correct.  I don't even want to try to
> run the card through my merchant account if the format is obviously
> wrong.  I assume that banks check the rejection rate on their merchant
> accounts, and too many bogus cards would not look good.

http://www.hotscripts.com/PHP/Scripts_and_Programs/E-Commerce/Credit_Card_Processing/

Verifying the validity of a CC number is fairly simple.  Just search
Google for the 'Luhn Mod 10' formula and you'll find out how it's done (or
follow the above link and get any of the scripts and go through them).

However, as someone else pointed out, verifying whether the account is
valid, is a different story.  Sure, I can punch in any (valid) CC#, but
who's to say that account actually exists?  You won't know that till you
submit data to the merchant, to see if the account actually exists.

--
H | Hi, I'm currently out of my mind.  Please leave a message.  BP!
  +
  Ashley M. Kirchner    .   303.442.6410 x130
  Director of Internet Operations / SysAdmin. 800.441.3873 x130
  Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6
  http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Christopher Ostmo


Dr. Evil pressed the little lettered thingies in this order...

> 
> Thanks for the tip, but... there is a checksum in the CC card, which
> is worth checking.  Some others have sent me some code that checks
> that.  Or is that no longer valid?
> 

Actually, I saw that... and maybe I'm wrong.

When I first started doing eCommerce work (1995), I studied some case 
law and one of the credit card companies got succesfully sued for 
basing their numbers on a mathematical formula (the premise being that 
numbers could be calculated and are therefore insecure).  As a result, a 
law (or maybe bill?) was written which forbade credit card companies 
from using any method other than random number generation (except 
for the card company id number).  If what others are saying is true 
(which I assume it is), then this law must have been overturned (or was 
overturned before becoming law).  I don't recall how old the case is, so it 
may have been a long time ago.

At any rate, I'm interested to see what you come up with now.

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

For a good time,
http://www.AppIdeas.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Ashley M. Kirchner

Christopher Ostmo wrote:

> > My suggestion is to run an authorization for an extremely small amount of
> > money ($1.00 is fairly standard) and that will tell you if the account is
> > valid or not. Doing validation yourself implies a fully-publicly-understood
>
> Maybe I am the only one, but I would NEVER do business with ANY
> company that charged my credit card just to see if it was valid.

Running an authorization, versus a charge are two different things.  When you
pay with a CC at a restaurant, they run an authorization to see if the card and
account are valid.  It's not till AFTER you've signed your check, approving the
charge that they'll actually charge you.  You can run an authorization at any
point on someone's card.

Hotels, rental car agencies, travel agencies, all those kind of places will
authorize your card first, and won't actually charge you till you've finalized
your stay, returned the car or whatever else.

--
H | Hi, I'm currently out of my mind.  Please leave a message.  BP!
  +
  Ashley M. Kirchner    .   303.442.6410 x130
  Director of Internet Operations / SysAdmin. 800.441.3873 x130
  Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6
  http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Credit card number checker?

2001-07-16 Thread Jeff Pearson


The check you want is called a MOD10 check. Most of the script libraries
have sample code. I found sample codes there. However, when I needed it, I
had to write it in ASP code. Here is the code that I use;



IF AccountNoLength > 16 THEN
ERRORState = "TRUE"
ErrorMssg =
"Account%20Number%20is%20too%20long.Please%20recheck%20and%20reenter."
URL = "CCValidationFailed.asp?ErrorMSSG=" + ErrorMSSG
Response.redirect URL
END IF
IF AccountNoLength < 13 THEN
ERRORState = "TRUE"
ErrorMssg =
"Account%20Number%20is%20too%20short.Please%20recheck%20and%20reenter."
URL = "CCValidationFailed.asp?ErrorMSSG=" + ErrorMSSG
Response.redirect URL
END IF
IF AccountNoLength = 14 THEN
ERRORState = "TRUE"
ErrorMssg = "Account%20Number%20is%20incorrect%20.%20Incorrect%20Length."
URL = "CCValidationFailed.asp?ErrorMSSG=" + ErrorMSSG
Response.redirect URL
END IF
FOR x=1 TO LEN(AccountNo)
ch=MID(AccountNo,LEN(AccountNo)-x+1,1)
IF x mod 2=0 THEN
sum=2*CINT(ch)
qsum=qsum+(sum mod 10)
IF sum>9 THEN
qsum=qsum+1
END IF
ELSE
qsum=qsum+CINT(ch)
END IF
NEXT
IF qsum mod 10<>0 THEN
ERRORState = "TRUE"
ErrorMssg = "Account%20Number%20is%20incorrect%20. Fails%20MOD10%20Check."
URL = "CCValidationFailed.asp?ErrorMSSG=" + ErrorMSSG
Response.redirect URL
END IF



Hope it helps.

Jeff Pearson

> -Original Message-----
> From: Dr. Evil [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 16, 2001 3:12 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Credit card number checker?
>
>
>
> I know that credit cards have standard formats: There's a standard
> number of digits, and whether the card is Visa, MC, Amex, etc is
> encoded in the number, and there is some kind of checksum, and I think
> the expiration is also encoded in the number.  All of this is obvious
> stuff that anyone designing such a system would do.
>
> I'm wondering if anyone can refer me to a site that describes what
> this format is, so I can write some PHP code that will check to see if
> a credit card number format is correct.  I don't even want to try to
> run the card through my merchant account if the format is obviously
> wrong.  I assume that banks check the rejection rate on their merchant
> accounts, and too many bogus cards would not look good.
>
> I did a quick search on the web, and there are a vast number of
> "hacker" credit card number generators, but that isn't exactly what
> I'm looking for.
>
> Thanks
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Ashley M. Kirchner


Christopher Ostmo wrote:

> By law, the numbers are supposed to be
> generated at random and not generated by any kind of algorithm or
> formula.

CC# must pass the Luhn MOD 10 formula, so the generated numbers can't be
(totally) random - they have to conform to the formula.

Also, not all credit cards have 16 numbers.

--
H | Hi, I'm currently out of my mind.  Please leave a message.  BP!
  +
  Ashley M. Kirchner    .   303.442.6410 x130
  Director of Internet Operations / SysAdmin. 800.441.3873 x130
  Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6
  http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Christopher Ostmo


John Donagher pressed the little lettered thingies in this order...

> My suggestion is to run an authorization for an extremely small amount of
> money ($1.00 is fairly standard) and that will tell you if the account is
> valid or not. Doing validation yourself implies a fully-publicly-understood

Maybe I am the only one, but I would NEVER do business with ANY 
company that charged my credit card just to see if it was valid.

At any rate, the initial request was to see if their was a way by which 
you could tell whether the number is valid BEFORE it is sent to the 
bank for processing.  Since this solution requires sending the card to 
the bank for processing to see if the number is valid, it would defeat the 
purpose.

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

For a good time,
http://www.AppIdeas.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread Christopher Ostmo


Dr. Evil pressed the little lettered thingies in this order...

> 
> I know that credit cards have standard formats: There's a standard
> number of digits, and whether the card is Visa, MC, Amex, etc is
> encoded in the number, and there is some kind of checksum, and I think the
> expiration is also encoded in the number.  All of this is obvious stuff
> that anyone designing such a system would do.
> 
> I'm wondering if anyone can refer me to a site that describes what
> this format is, so I can write some PHP code that will check to see if a
> credit card number format is correct.  I don't even want to try to run the
> card through my merchant account if the format is obviously wrong.  I
> assume that banks check the rejection rate on their merchant accounts, and
> too many bogus cards would not look good.
> 
> I did a quick search on the web, and there are a vast number of
> "hacker" credit card number generators, but that isn't exactly what
> I'm looking for.
> 
> Thanks
> 

The only 100% certain thing about credit card numbers is the fact that 
they are 16 numbers.  By law, the numbers are supposed to be 
generated at random and not generated by any kind of algorithm or 
formula.  Doing otherwise would make credit card numbers "guessable" 
and therefore inherantly insecure.  Most (all?) credit cards now also 
have a three digit "CCV2" number which is only printed on the back of 
the card and is supposed to be a form of digital signature.  Several 
processing companies are requiring that this number be sent with online 
transactions.  If you're taking credit card payments from untrusted 
sources, you would be wise to also get the CCV2.

The only way to pre-check a credit card number is to check for a valid 
number of characters and the lack of alpha characters.  i.e:
if (strlen($CCNum) < 16 OR !ereg("[0-9]{16}",$CCNum)) {
... invalid CC code here ...
}
(or something similar, depending on your initial script)

Unless it becomes absolutely ridiculous, I don't think that your bank is 
going to complain for too many bad cards.  After all, they're still making 
money off of you. If they do get upset, you ought to find a new bank.  
Seriously. Many banks would be very happy to have your business, bad 
credit card requests and all.

Good luck...

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

For a good time,
http://www.AppIdeas.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

2001-07-16 Thread John Donagher

On 16 Jul 2001, Dr. Evil wrote:

> 
> I'm wondering if anyone can refer me to a site that describes what
> this format is, so I can write some PHP code that will check to see if
> a credit card number format is correct.  I don't even want to try to
> run the card through my merchant account if the format is obviously
> wrong.  I assume that banks check the rejection rate on their merchant
> accounts, and too many bogus cards would not look good.
> 

My suggestion is to run an authorization for an extremely small amount of money
($1.00 is fairly standard) and that will tell you if the account is valid or
not. Doing validation yourself implies a fully-publicly-understood credit card
numbering system and also commits you to keeping on top of changes to that
numbering system. All credit cards today may be 15-16 digits. What if they are
20 in the future? What if they're 14? Allowing the processor to worry about
this means less maintenance on your code later and removes some entropy from
your system.

John

-- 

John Donagher
Application Engineer
Intacct Corp. - Powerful Accounting on the Web
408-395-0989
720 University Ave.
Los Gatos CA 95032
www.intacct.com

Public key available off http://www.keyserver.net
Key fingerprint = 4024 DF50 56EE 19A3 258A  D628 22DE AD56 EEBE 8DDD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Credit card number checker?

2001-07-16 Thread Dr. Evil



I know that credit cards have standard formats: There's a standard
number of digits, and whether the card is Visa, MC, Amex, etc is
encoded in the number, and there is some kind of checksum, and I think
the expiration is also encoded in the number.  All of this is obvious
stuff that anyone designing such a system would do.

I'm wondering if anyone can refer me to a site that describes what
this format is, so I can write some PHP code that will check to see if
a credit card number format is correct.  I don't even want to try to
run the card through my merchant account if the format is obviously
wrong.  I assume that banks check the rejection rate on their merchant
accounts, and too many bogus cards would not look good.

I did a quick search on the web, and there are a vast number of
"hacker" credit card number generators, but that isn't exactly what
I'm looking for.

Thanks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

RE: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

RE: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

Re: [PHP] Credit card number checker?

[PHP] Credit card number checker?

20 matches

Site Navigation

Mail list logo

Footer information