E-Commerce Tip: Programmatically Validate Credit Card Numbers

Before I accept any credit card number into my application, I run a simple numerical validation against it. All major credit cards (American Express, Discover, MasterCard, and Visa) use the Luhn algorithm to validate the numbers—why not you? Although this function doesn't go the extra step of actually running the card to see if the transaction will work, it will give you a simple true/false result regarding the card number's validity. The function also ignores all non-digit characters, so your users can enter the number however they wish.

This is the function to run the algorithm on a given string of numbers:

/// <summary>
/// Validates a credit card number using the standard Luhn/mod10
/// validation algorithm.
/// </summary>
/// <param name="cardNumber">Card number, with or without
///        punctuation</param>
/// <returns>True if card number appears valid, false if not
/// </returns>
public bool IsCreditCardValid(string cardNumber)
{
   const string allowed = "0123456789";
   int i;

   StringBuilder cleanNumber = new StringBuilder();
   for (i = 0; i < cardNumber.Length; i++)
   {
      if (allowed.IndexOf(cardNumber.Substring(i, 1)) >= 0)
         cleanNumber.Append(cardNumber.Substring(i, 1));
   }
   if (cleanNumber.Length < 13 || cleanNumber.Length > 16)
      return false;

   for (i = cleanNumber.Length + 1; i <= 16; i++)
      cleanNumber.Insert(0, "0");

   int multiplier, digit, sum, total = 0;
   string number = cleanNumber.ToString();

   for (i = 1; i <= 16; i++)
   {
      multiplier = 1 + (i % 2);
      digit = int.Parse(number.Substring(i - 1, 1));
      sum = digit * multiplier;
      if (sum > 9)
         sum -= 9;
      total += sum;
   }
   return (total % 10 == 0);
}

About the Author

Eric Smith is the owner of Northstar Computer Systems, a Web-hosting company based in Indianapolis, Indiana. He is also a MCT and MCSD who has been developing with .NET since 2001. In addition, he has written or contributed to 12 books covering .NET, ASP, and Visual Basic.



Comments

  • P!P?P0QP8P1P>!

    Posted by Arel_V on 08/08/2007 04:14am

    P!P?P0QP8P1P> P>P3QP>PP5 P7P0 QQP0QQQ, P>QP5P=Q P?P>P

    P3P;P0.

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • By providing complete access control with granular permissions, deployment flexibility, mapped drive support, and ability to transfer large files, Egnyte provides a more robust, secure and an affordable file sharing solution for the business than Box

  • With JRebel, developers get to see their code changes immediately, fine-tune their code with incremental changes, debug, explore and deploy their code with ease (both locally and remotely), and ultimately spend more time coding instead of waiting for the dreaded application redeploy to finish. Every time a developer tests a code change it takes minutes to build and deploy the application. JRebel keeps the app server running at all times, so testing is instantaneous and interactive.

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds