Introduction
When using ASP.NET to process online credit card orders, it is a good idea if you can perform some sort of validation on the credit card number before submitting it to your processor. I recently had to write some code to process credit card orders and thought I'd share a bit of my code.
Basic Verification
Fortunately, credit card numbers are created in a way that allows for some basic verification. This verification does not tell you if funds are available in the account and it certainly doesn't tell whether or not the person submitting the order is committing credit card fraud. In fact, it's possible that the card number is mistyped in such a way that it just happens to pass verification. But it does catch most typing errors and reduces bandwidth by catching those errors before trying to actually process the credit card.
The algorithm to validate a credit card number starts by adding the value of every other digit, starting from the right-most digit and working left. Next, you do the same thing with the digits skipped in the first step, but this time you double the value of each digit and add the value of each digit in the result. Finally, you add both totals together and if the result is evenly divisible by 10, then the card has passed validation.
Of course, this would be clearer with a bit of code and Listing 1 shows my IsCardNumberValid method.
Listing 1: Validating a credit card
public static bool IsCardNumberValid(string cardNumber)
{
int i, checkSum = 0;
// Compute checksum of every other digit starting from right-most digit
for (i = cardNumber.Length - 1; i >= 0; i -= 2)
checkSum += (cardNumber[i] - '0');
// Now take digits not included in first checksum, multiple by two,
// and compute checksum of resulting digits
for (i = cardNumber.Length - 2; i >= 0; i -= 2)
{
int val = ((cardNumber[i] - '0') * 2);
while (val > 0)
{
checkSum += (val % 10);
val /= 10;
}
}
// Number is valid if sum of both checksums MOD 10 equals 0
return ((checkSum % 10) == 0);
}
Normalizing the Credit Card Number
The IsCardNumberValid method assumes that all spaces and other non-digit characters have been stripped from the card number string. This is a straight forward task but Listing 2 shows the method I wrote to do this.
Listing 2: Removing all non-digit characters from a credit card number
public static string NormalizeCardNumber(string cardNumber)
{
if (cardNumber == null)
cardNumber = String.Empty;
StringBuilder sb = new StringBuilder();
foreach (char c in cardNumber)
{
if (Char.IsDigit(c))
sb.Append(c);
}
return sb.ToString();
}
Detecting Credit Card Type
You will also be able to reduce bandwidth if you can avoid trying to submit a card that is not supported by the business. So another task that can be useful is determining the credit card type.
Listing 3: Determining a credit card's type
public enum CardType
{
Unknown = 0,
MasterCard = 1,
VISA = 2,
Amex = 3,
Discover = 4,
DinersClub = 5,
JCB = 6,
enRoute = 7
}
// Class to hold credit card type information
private class CardTypeInfo
{
public CardTypeInfo(string regEx, int length, CardType type)
{
RegEx = regEx;
Length = length;
Type = type;
}
public string RegEx { get; set; }
public int Length { get; set; }
public CardType Type { get; set; }
}
// Array of CardTypeInfo objects. Used by GetCardType() to identify credit card types.
private static CardTypeInfo[] _cardTypeInfo =
{
new CardTypeInfo("^(51|52|53|54|55)", 16, CardType.MasterCard),
new CardTypeInfo("^(4)", 16, CardType.VISA),
new CardTypeInfo("^(4)", 13, CardType.VISA),
new CardTypeInfo("^(34|37)", 15, CardType.Amex),
new CardTypeInfo("^(6011)", 16, CardType.Discover),
new CardTypeInfo("^(300|301|302|303|304|305|36|38)", 14, CardType.DinersClub),
new CardTypeInfo("^(3)", 16, CardType.JCB),
new CardTypeInfo("^(2131|1800)", 15, CardType.JCB),
new CardTypeInfo("^(2014|2149)", 15, CardType.enRoute),
};
public static CardType GetCardType(string cardNumber)
{
foreach (CardTypeInfo info in _cardTypeInfo)
{
if (cardNumber.Length == info.Length && Regex.IsMatch(cardNumber, info.RegEx))
return info.Type;
}
return CardType.Unknown;
}
Listing 3 is my code to determine a credit card's type. I'm a big fan of table-driven code when it makes sense, and so I created an array of CardTypeInfo objects. The GetCardType() method simply loops through this array, looking for the first description that would match the credit card number being tested. As before, this routine assumes all non-digit characters have been removed from the credit card number string.
The main reason I like table-driven code is because it makes the code simpler. This results in code that is easier to read and modify. GetCardType() returns a value from the CardType enum. CardType.Unknown is returned if the card number doesn't match any card descriptions in the table.
Conclusion
Writing code to process credit cards involves a number of issues that need to be addressed. Hopefully, this code will give you a leg up on addressing a couple of them.
End-User License
Use of this article and any related source code or other files is governed
by the terms and conditions of
.
Author Information
Jonathan Wood
I'm a software/website developer working out of the greater Salt Lake City area in Utah. I've developed many websites including Black Belt Coder, Insider Articles, and others.