Should I use CreditCardAttribute to check credit card numbers?

Question

Should I use CreditCardAttribute to check credit card numbers?

Should I use Microsoft CreditCardAttribute to verify such credit card numbers?

[Required, CreditCard] public string CreditCardNumber { get; set; }

Or should I let the payment gateway handle it or do something else? I ask about this after some customers were unable to send a payment with information about their credit card. Fortunately, I was able to work with one of these clients and found that their Visa card was processed without problems after removing CreditCardAttribute .

In particular, this question is rhetorical in nature, but I would like to benefit from other ideas and experience of developers and inform other developers about the risks of using CreditCardAttribute by asking a question.

+8

c # validation credit-card payment-gateway

Jeremy cook Apr 27 '15 at 15:20

source share

2 answers

Jevgeni geurtsen · Answer 1 · 2015-04-27T15:38:10+0000

I think the best way to find out is to simply check it out:

 using System; using System.Linq; using System.Text; using System.IO; namespace SO { class Program { static void Main(string[] args) { string[] cards = new string[] { //http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm "378282246310005", // American Express "4012888888881881", // Visa "6011111111111117", // Discover "4222222222222", // Visa "76009244561", // Dankort (PBS) "5019717010103742", // Dakort (PBS) "6331101999990016", // Switch/Solo (Paymentech) "30569309025904", // Diners Club //http://www.getcreditcardnumbers.com/ "5147004213414803", // Mastercard "6011491706918120", // Discover "379616680189541", // American Express "4916111026621797", // Visa }; foreach (string card in cards) { Console.WriteLine(IsValid(card)); } Console.ReadLine(); } public static bool IsValid(object value) { if (value == null) { return true; } string ccValue = value as string; if (ccValue == null) { return false; } ccValue = ccValue.Replace("-", ""); ccValue = ccValue.Replace(" ", ""); int checksum = 0; bool evenDigit = false; // http://www.beachnet.com/~hstiles/cardtype.html foreach (char digit in ccValue.Reverse()) { if (digit < '0' || digit > '9') { return false; } int digitValue = (digit - '0') * (evenDigit ? 2 : 1); evenDigit = !evenDigit; while (digitValue > 0) { checksum += digitValue % 10; digitValue /= 10; } } return (checksum % 10) == 0; } } }

The IsValid method refers to the original C # CreditCardAttribute class . 1 out of 12 numbers failed:

  True True True True False //"76009244561", // Dankort (PBS) True True True True True True True

So should I use it? No, obviously, he does not detect all the numbers. Although you can take their code and improve it!

Paulg · Answer 2 · 2015-04-27T16:31:55+0000

In the code behind the credit card attribute , it just performs a Luhn check.

All payment cards (*) currently comply with the ISO / IEC / 7812 standard , which has the luhn verification digit as the last digit.

This luhn check is simply used to prevent transposition errors. It is useful as a health check before sending card numbers to the payment gateway, but is not suitable for a full check of whether the number is a valid card number.

The ranges of valid card numbers are changed monthly, and the only way to absolutely confirm the number is to check it through a payment gateway. If you are trying to only verify the card (and not charge it), this should be done with a style check only with authorization only authorization.

(*) The only exception to this is the card type in China, known as China UnionPay
(Historically, the Diners Club brand "enRoute" existed, which was recalled in 1992).

Should I use CreditCardAttribute to check credit card numbers?

More articles: