E-Commerce Tip: Programmatically Validate Credit Card Numbers

Before I accept any credit card number into my application, I run a simple numerical validation against it. All major credit cards (American Express, Discover, MasterCard, and Visa) use the Luhn algorithm to validate the numbers—why not you? Although this function doesn't go the extra step of actually running the card to see if the transaction will work, it will give you a simple true/false result regarding the card number's validity. The function also ignores all non-digit characters, so your users can enter the number however they wish.

This is the function to run the algorithm on a given string of numbers:

/// <summary>
/// Validates a credit card number using the standard Luhn/mod10
/// validation algorithm.
/// </summary>
/// <param name="cardNumber">Card number, with or without
///        punctuation</param>
/// <returns>True if card number appears valid, false if not
/// </returns>
public bool IsCreditCardValid(string cardNumber)
{
   const string allowed = "0123456789";
   int i;

   StringBuilder cleanNumber = new StringBuilder();
   for (i = 0; i < cardNumber.Length; i++)
   {
      if (allowed.IndexOf(cardNumber.Substring(i, 1)) >= 0)
         cleanNumber.Append(cardNumber.Substring(i, 1));
   }
   if (cleanNumber.Length < 13 || cleanNumber.Length > 16)
      return false;

   for (i = cleanNumber.Length + 1; i <= 16; i++)
      cleanNumber.Insert(0, "0");

   int multiplier, digit, sum, total = 0;
   string number = cleanNumber.ToString();

   for (i = 1; i <= 16; i++)
   {
      multiplier = 1 + (i % 2);
      digit = int.Parse(number.Substring(i - 1, 1));
      sum = digit * multiplier;
      if (sum > 9)
         sum -= 9;
      total += sum;
   }
   return (total % 10 == 0);
}

About the Author

Eric Smith is the owner of Northstar Computer Systems, a Web-hosting company based in Indianapolis, Indiana. He is also a MCT and MCSD who has been developing with .NET since 2001. In addition, he has written or contributed to 12 books covering .NET, ASP, and Visual Basic.



Comments

  • P!P?P0QP8P1P>!

    Posted by Arel_V on 08/08/2007 04:14am

    P!P?P0QP8P1P> P>P3QP>PP5 P7P0 QQP0QQQ, P>QP5P=Q P?P>P

    P3P;P0.

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • With 81% of employees using their phones at work, companies have stopped asking: "Is corporate data leaking from personal devices?" and started asking: "How do we effectively prevent corporate data from leaking from personal devices?" The answer has not been simple. ZixOne raises the bar on BYOD security by not allowing email data to reside on the device. In addition, Zix allows employees to maintain complete control of their personal device, therefore satisfying privacy demands of valued employees and the …

  • Cisco and Intel have harnessed flash memory technology and truly innovative system software to blast through the boundaries of today's I/O-bound server/storage architectures. See how they are bringing real-time responsiveness to data-intensive applications—for unmatched business advantage. Sponsored by Cisco and Intel® Partnering in Innovation

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds