You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jonathan Asbell <ja...@i-2000.com> on 2001/06/02 16:09:20 UTC

Credit card validation FYI

You all probably know about this but I thought I would send it anyway.

http://www.beachnet.com/~hstiles/cardtype.html

MOD-10 is an algorithm that is used by almost any credit card company to
generate / validate credit cards.How it works?
First you have to know what kind of credit card you have.You can find it
out
by looking at the first(leftmost) number of it.This is what it
means:
3= American Express
4 = Visa
5 = Mastercard etc.

The algorithm goes as follows : go from right to left and multiply every
second digit by 2.If the result of the
multiplication is greater than 9 , subtract 9 from it.(ex. if 16 then 16 -
9 = 7).Thenn add the result to the sum.
All other numbers of the card don't need to be multiplied , just add them
to the sum..When on the end (sum mod 10) = 0 ,the card is valid.In other
words it means that the sum must be a multiple of 10 (10,20,30....).

Example:

5 4 2 4 1 8 0 0 2 6 7 6 9 0 0 5
-------------------------------
1+4+4+4+2+8+0+0+4+6+5+6+9+0+0+5 = 58

This card of course isn't valid because the sum (58) isn't a multiple of
10.

How to generate cards?

Well if you want to generate cards , you first have to decide what type of
cards.If you would decide for a Mastercard, then the first number would be
a constant of 5.Therefore we will have to go from left to right to generate
cards.The sum will have a value of 1 on the beginning (see example).Then
generate random numbers up to the 15th digit.Like described above, multiply
every second number and add all results together to a sum.Then calculate
the last number (checksum): if sum is a multiple of ten, then the 16th
number (checksum digit) will be 0.Otherwise substract the sum from the next
highest multiple of 10.
In the example above we would say : 60 - 53 = 7.Therefore the last digit is
7 and not 5.You could do that in pascal by saying : last_number:=10 - (sum
mod 10) ;
Now someone might say that he could generate as many cards as he wants and
could misuse them.But that's not the truth.Many online verification
services will also check your user info and expiration date with your bank,
which of course can't be generated by this program.I've however heard
myself that there are many small companies(XXX - sites,Online downloads)
which still use only MOD-10 scripts for validation.