Free Credit Card Number Validation: Server Side

Ever designed a website and wondered how you can check if a number is valid?

Or, wanted to validate credit card numbers on the fly, before contacting a gateway with them to confirm their validity?

Well, there’s apparently.. a way.

Credit card numbers can be validated using an algorithm, known as the Luhn algorithm.

Basically, here’s how you validate a Credit Card number, without the use of a remote gateway.
Get the number off the user, assign it to a variable. So, 1234567890123456 (nope, that’s not mine).
Take that number, and reverse it. So, 65 43 21 09 87 65 43 21.
With that number, you can take every second digit, and times it by two.

5 x 2 = 10, 3 x 2 = 6, 1 x 2 = 2, 9 x 2 = 18, 7 x 2 = 14, 5 x 2 = 10, 3 x 2 = 6, 1 x 2 = 2

We take the results, and add them together:
10 + 6 + 2 + 18 + 14 + 10 + 6 + 2 = 68

We take the 68 number, and divide by 10.
68 / 10 = 6.8

Now, using the modulus of 10, you should end up with no remainder on a valid credit card, and a remainder on an invalid credit card.

As you can see, 6.8 means its invalid. If the sum of the final numbers was 70, it would validate. As would any other multiple of 10.

The validation works well against those that bunch any old number into a form and expect it to validate, and saves the page from any fees on unsucessful transactions, should you incur fees.

The advantage further to this is, you can save valuable time with the CC gateway by processing such data yourself, and confirming it with the customer, who should have the right data in front of them.

And the good news is, the entire function in both ASP or PHP would use just 50ms – 150ms of processing time. Wait, they are giving you the details to process a payment, not have a frag match, so those times, should be plenty acceptable.

I would expect some more programs, even, OsCommerce for example, to start taking advantage of that algorithm, it works with every card, apparently, and internationally too. It works with all Australian Credit Cards, as well as American Express cards, and any other card you can throw at it.

Should save businesses costs in following up bad credit card numbers, and as already exampled, time processing cards that are invalid.

Other top things to check on a CC form include expiry date, no point going to the gateway with expired dates. Save time, check it yourself. The other item, if your gateway supports it, is the CVV2 code, very valuable code, only the card holder has it, no random generator can guess them on the fly within 3 – 10 shots, which should be a limit on the number of attempts a session a user is given to get the CC details right, to prevent guessing attacks.

Very useful algorithm to say the least.

This entry was posted in Programming, Random. Bookmark the permalink.

4 Responses to Free Credit Card Number Validation: Server Side

  1. zach tipper says:

    send the details on an email

  2. franklin says:

    thanks for your kindness!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  3. Shane says:

    This is NOT how the Luhn algorithm works!

    The Luhn algorith works by:
    1) You reverse the number,
    2) Double each even number
    3) Sum all the Odd numbers and the products of the even numbers.

    So the number 1234567890123456
    after the Luhn algorithm will be:
    and it totals 100

    But 1234567890123456 is not a valid credit card number!

    There are other things that are used to quickly check a credit card by hand:

    many telemarketers who collected Credit Card details quickly learn Master-Card numbers begin with 51, 52, 53, 54, or 55 and Visa starts with 4.
    This is because the first 6 digits of a credit card number are an IID (Institute Identity Number) wikipedia has a nice list of IIDs for those interested.

    And each banking institute will add a different Parity Bit to their numbers (this is not on the card).

    Checking some 16 Credit Cards (from 4 lenders) I have found 6 different parity numbers used. I was surprised as I imagined I may had quickly Found Visa always adds 2, or some other simple check.

    But thank you for the tidbit, it was very interesting session to try and figure out how credit cards can be quickly validated.

  4. Robert says:

    Can u send a valid credit card details to me please
    Send it to my email.

Leave a Reply

Your email address will not be published. Required fields are marked *