Credit card and bank routing number validation algorithms

Started by Thorin, March 31, 2008, 07:49:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Thorin

March 31, 2008, 07:49:24 PM
Ever wonder how websites figure out whether credit card number is valid or not?  Well, there's algorithms for them:

http://www.brainjar.com/js/validation/default2.asp

Quote
Algorithm for the Luhn Formula
Here's how the algorithm for the Luhn formula works. Starting with a given credit card number,
1 2 3 4 - 5 6 7 8 - 9 0 1 2 - 3 4 5 2
we reverse the number, removing any non-numeric characters, to create a new string of digits like this (note that the checksum is now the first digit):
2 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1
Now we'll look at each individual digit. Starting with the second digit in the string, we double every other number. The others are left alone.
2 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1
This creates a new string of digits shown here:
2 10 4 6 2 2 0 18 8 14 6 10 4 6 2 2
Finally, we go through this new string and add up each single digit to produce a total. In other words, for this example, we don't add 2 + 10 + ... but 2 + 1 + 0 + ... instead:
2 + 1 + 0 + 4 + 6 + 2 + 2 + 0 + 1 + 8 + 8 + 1 + 4 + 6 + 1 + 0 + 4 + 6 + 2 + 2 = 60

If this sum is an integer multiple of 10 (e.g., 10, 20, 30, 40, 50,...) then the card number is valid, as far as the checksum is concerned.

There's also an algorithm for bank routing numbers (what they use to determine which bank and which branch to send paperwork to):
http://www.brainjar.com/js/validation/default.asp

I wonder why they bother making algorithms like this, instead of just accepting any number?
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Tom

#1
April 01, 2008, 02:20:58 AM
QuoteI wonder why they bother making algorithms like this, instead of just accepting any number?
Its a dead simple way of merchants to check if the number they got was valid, say over the phone or online, before they actually go and try and start the transaction.

Very handy though. Thanks for the info :)
<Zapata Prime> I smell Stanley... And he smells good!!!

Lazybones

#2
April 01, 2008, 09:19:05 AM
probably to keep manual data entry errors down.

Thorin

#3
April 01, 2008, 01:24:00 PM
My first instinct is to say that manual data entry errors are still just as likely, but as I think about it more doing this validation makes sense to catch off-by-one data entry errors.  You'd have to screw up more than one or two digits to get another completely valid account number...  In which case, it does sorta make sense.
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Lazybones

#4
April 01, 2008, 05:21:18 PM
Quote from: Thorin on April 01, 2008, 01:24:00 PM
My first instinct is to say that manual data entry errors are still just as likely, but as I think about it more doing this validation makes sense to catch off-by-one data entry errors.  You'd have to screw up more than one or two digits to get another completely valid account number...  In which case, it does sorta make sense.

Also the cost of doing a full validation even today is high in a retail environment. Only now are systems moving away from dial-up connections to highspeed ones for CC transactions.

It might have also been used to increase the effort in randomly generating numbers for attack.
Print
Go Up Pages1
User actions