How to generate valid Credit Card numbers and validate in asp.net

Disclaimer: The following information is intended for informational purposes only.

Just read the hacker quarterly magazine 2600 while I am in the SQL training. And I found out the information on the Page 19 is very interesting. Within it, the author taught how to generate the valid credit card numbers to fool some free trial web sites since these web site will not verify the credit card is real, but only to check these numbers are valid.

I think it will be a good point for us, as developer, to use these formula to do some simple  credit card numbers validation as well in our code. Or just simply to generate some fake-real credit card to do the application testing.

First of first, we should know how these credit card are generated based on what check rules. Many of you probably know that credit card numbers are generated using something called “Luhn Check” A Luhn Check (named after the inventor Peter Luhn) is a very simple algorithm which doubles the other digits starting from the second to most right digit. And does a sum to see if the total is divisible by 10 (Mod 10). Of course, in the real world the credit card companies actually use a slightly modified version of this algorithm that involves a check digit. To be simplified, let us assume we are going to generate a 16 digital VISA credit  card by following steps.

1. Starting with the first most right digit, do nothing then move to the second to the right digit. And double it and every other number.
2. If doubling a number results in a two-digit number, add those digits together to produce a single-digit number (or simply minus 9).
3. Replace these doubled digits with the new ones just created at the same positions along with other un-changed original numbers.
4. Add up all sixteen numbers.
5. Manipulate the check digit so that the sum is divisible by 10.

So, as an example, let us have a modified number from 2600 magazine, say 4267 1658 2275 1391 (I hope it is not a real credit  card number from someone ).

After doubling the other digits based on the step 2 above, you will have 8237 2618 4255 2391. The sum of these 16 digitis is 68, which is not divisible by 10. So to fix this, we change the check digit from 1 to 3. Now we should get a valid VISA credit card number of 4267 1658 2275 1393.

Again, the number above is just a simple example. To get close to the valid credit card, you need to know the prefix of some major credit card types too. Here are some prefix and length of major credit card companies:

Prefix – Company – Length

51 to 55 – MASTERCARD   –    16
4 – VISA  13, 16
34,37 – AMEX –   15
6011,65 – Discover – 16

To be honest, it is very hard to generate valid and real credit card just follow my steps above since every credit card company has its own secure additional formulas on the top of Luhn Check. But the most important feature of Luhn Check is to valid the correction. So we can use the  concept to valid the credit card input from the user before we execute any actions afterwards.

In that be said, I attach a good ASP.NET function for your reference.

Public Class CreditCardLib
Public Enum eCreditCardType
Invalid = 0
AMEX = 3
Visa = 4
MasterCard = 5
Discover = 6
End Enum

Public Shared Function CheckCardNumber(ByVal CardNumber As String) As eCreditCardType
Dim SingleChar As String
Dim CharValue As Integer
Dim RunningValue As Integer = 0
Dim Result As eCreditCardType

CardNumber = Misc.Strings.MakeAllNumeric(CardNumber) ‘Help ensure proper format of the input
‘i.e. 1234-5678-9012-3452 = 1234567890123452
Dim NumberLen As Integer = Len(CardNumber)

‘ Default value
Result = eCreditCardType.Invalid

If String.IsNullOrEmpty(CardNumber) OR NumberLen < 1 Then
Return Result
End Function

End If

Select Case Left(CardNumber, 1)
Case “3″
‘AMEX: 15 digit numbers starting with 34 or 37
If NumberLen = 15 And (Left(CardNumber, 2) = “34″ Or Left(CardNumber, 2) = “37″) Then
Result = eCreditCardType.AMEX
End If
Case “4″
‘Visa: 13 or 16 digit numbers starting with 4
If NumberLen = 13 Or NumberLen = 16 Then
Result = eCreditCardType.Visa
End If
Case “5″
‘MasterCard: 16 digit numbers starting with 5
If NumberLen = 16 Then
Result = eCreditCardType.MasterCard
End If
Case “6″
‘Discover: 16 digit numbers starting with 6011 or 65
If NumberLen = 16 And (Left(CardNumber, 4) = “6011″ Or Left(CardNumber, 2) = “65″) Then
Result = eCreditCardType.Discover
End If
End Select

If Result <> eCreditCardType.Invalid Then
‘Process digits from right to left
For i As Integer = 1 To NumberLen
SingleChar = CardNumber.SubString((Numberlen-i), 1)
If IsNumeric(SingleChar) Then
CharValue = Int32.Parse(SingleChar)
‘USE THE EVEN DIGIT on EVEN LEN CARDS; ODD DIGIT on ODD LENGTH CARDS
‘EXAMPLE: “even” len card number ending in xxx51908
‘           8 + (0*2) + 9 + (1*2)
‘EXAMPLE: “odd” len card number 49927398716
‘           6 + (1*2) + 7 + (8*2) + 9 + (3*2)… you get the point… but see next line
‘           6 + 2     + 7 + (1+6) + 9 + 6…. see the “break apart” the 16 = 1 + 6
If (i mod 2) Then ‘The most right digit and every other digit
‘DO NOTHING
ELSE ‘The second to the right and every other digits
CharValue = ( CharValue * 2 )
End If
‘ OVER 9 THEN Break the digits up and add them together (eg. 18 becomes 1 + 8, 14 becomes 1 + 4)
‘ UNDER 10 THEN JUST ADD IT
If CharValue > 9 Then
‘Break the digits (eg. 19 becomes 1 + 9)
CharValue = ( CharValue – 9 )
End If

RunningValue += CharValue
End If
Next

‘Return the 10′s complement of the total
If (RunningValue Mod 10) > 0 Then
Result = eCreditCardType.Invalid
End If

End If

Return Result
End Function

End Class

Tags: credit card, hack, luhn

Related posts

• How to un-protect Microsoft Excel worksheet without password (48)
• How to get back the default admin access to HP Web Jetadmin (4)