Login


Validating Credit Card Numbers

By Jonathan Wood on 12/2/2010 (Updated on 12/12/2010)
Language: C#
Technology: .NET
Platform: Windows
License: CPOL
Views: 25,638
Web Development » E-Commerce » General » Validating Credit Card Numbers

Introduction

When using ASP.NET to process online credit card orders, it is a good idea if you can perform some sort of validation on the credit card number before submitting it to your processor. I recently had to write some code to process credit card orders and thought I'd share a bit of my code.

Basic Verification

Fortunately, credit card numbers are created in a way that allows for some basic verification. This verification does not tell you if funds are available in the account and it certainly doesn't tell whether or not the person submitting the order is committing credit card fraud. In fact, it's possible that the card number is mistyped in such a way that it just happens to pass verification. But it does catch most typing errors and reduces bandwidth by catching those errors before trying to actually process the credit card.

The algorithm to validate a credit card number starts by adding the value of every other digit, starting from the right-most digit and working left. Next, you do the same thing with the digits skipped in the first step, but this time you double the value of each digit and add the value of each digit in the result. Finally, you add both totals together and if the result is evenly divisible by 10, then the card has passed validation.

Of course, this would be clearer with a bit of code and Listing 1 shows my IsCardNumberValid method.

Listing 1: Validating a credit card

public static bool IsCardNumberValid(string cardNumber)
{
  int i, checkSum = 0;

  // Compute checksum of every other digit starting from right-most digit
  for (i = cardNumber.Length - 1; i >= 0; i -= 2)
    checkSum += (cardNumber[i] - '0');

  // Now take digits not included in first checksum, multiple by two,
  // and compute checksum of resulting digits
  for (i = cardNumber.Length - 2; i >= 0; i -= 2)
  {
    int val = ((cardNumber[i] - '0') * 2);
    while (val > 0)
    {
      checkSum += (val % 10);
      val /= 10;
    }
  }

  // Number is valid if sum of both checksums MOD 10 equals 0
  return ((checkSum % 10) == 0);
}

Normalizing the Credit Card Number

The IsCardNumberValid method assumes that all spaces and other non-digit characters have been stripped from the card number string. This is a straight forward task but Listing 2 shows the method I wrote to do this.

Listing 2: Removing all non-digit characters from a credit card number

public static string NormalizeCardNumber(string cardNumber)
{
  if (cardNumber == null)
    cardNumber = String.Empty;

  StringBuilder sb = new StringBuilder();
  foreach (char c in cardNumber)
  {
    if (Char.IsDigit(c))
      sb.Append(c);
  }

  return sb.ToString();
}

Detecting Credit Card Type

You will also be able to reduce bandwidth if you can avoid trying to submit a card that is not supported by the business. So another task that can be useful is determining the credit card type.

Listing 3: Determining a credit card's type

public enum CardType
{
  Unknown = 0,
  MasterCard = 1,
  VISA = 2,
  Amex = 3,
  Discover = 4,
  DinersClub = 5,
  JCB = 6,
  enRoute = 7
}

// Class to hold credit card type information
private class CardTypeInfo
{
  public CardTypeInfo(string regEx, int length, CardType type)
  {
    RegEx = regEx;
    Length = length;
    Type = type;
  }

  public string RegEx { get; set; }
  public int Length { get; set; }
  public CardType Type { get; set; }
}

// Array of CardTypeInfo objects. Used by GetCardType() to identify credit card types.
private static CardTypeInfo[] _cardTypeInfo =
{
  new CardTypeInfo("^(51|52|53|54|55)", 16, CardType.MasterCard),
  new CardTypeInfo("^(4)", 16, CardType.VISA),
  new CardTypeInfo("^(4)", 13, CardType.VISA),
  new CardTypeInfo("^(34|37)", 15, CardType.Amex),
  new CardTypeInfo("^(6011)", 16, CardType.Discover),
  new CardTypeInfo("^(300|301|302|303|304|305|36|38)", 14, CardType.DinersClub),
  new CardTypeInfo("^(3)", 16, CardType.JCB),
  new CardTypeInfo("^(2131|1800)", 15, CardType.JCB),
  new CardTypeInfo("^(2014|2149)", 15, CardType.enRoute),
};

public static CardType GetCardType(string cardNumber)
{
  foreach (CardTypeInfo info in _cardTypeInfo)
  {
    if (cardNumber.Length == info.Length && Regex.IsMatch(cardNumber, info.RegEx))
      return info.Type;
  }
  return CardType.Unknown;
}

Listing 3 is my code to determine a credit card's type. I'm a big fan of table-driven code when it makes sense, and so I created an array of CardTypeInfo objects. The GetCardType() method simply loops through this array, looking for the first description that would match the credit card number being tested. As before, this routine assumes all non-digit characters have been removed from the credit card number string.

The main reason I like table-driven code is because it makes the code simpler. This results in code that is easier to read and modify. GetCardType() returns a value from the CardType enum. CardType.Unknown is returned if the card number doesn't match any card descriptions in the table.

Conclusion

Writing code to process credit cards involves a number of issues that need to be addressed. Hopefully, this code will give you a leg up on addressing a couple of them.

End-User License

Use of this article and any related source code or other files is governed by the terms and conditions of The Code Project Open License.

Author Information

Jonathan Wood

I'm a software/website developer working out of the greater Salt Lake City area in Utah. I've developed many websites including Black Belt Coder, Insider Articles, and others.