credit card validation

Posted on 2003-02-19
Medium Priority
Last Modified: 2013-11-29
my question is regarding credit card no. validation. I want to accept payment by credit card on my web site. I have bank merchant account (also know about secure certificate). I'm not using any shopping cart program. I developed my own asp page to choose prdoucts and place your order. My question is how can I validate credit card number? Any other web site, accecpting credit card validate the card number and what are other necessary informations are require? Is shooping cart is must or asp page developed by me will work ? Please cover all points and guide me.
Question by:enters
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

AmericanDogma earned 400 total points
ID: 7984046
Here is a card number validation script:


I use a modified version of this that I found a year back or so.  


If all you want to do is verify a CC# is a valid date and number then you can use this;

    ccmsg = ""
' check user's input to make sure
' something was entered for each input.
    If cctype <> "visa" And cctype <> "americanexpress" And cctype <> "mastercard" Then
         ccmsg=ccmsg & "You entered an unknown Credit Card.<br>"
    End If

    If Not(IsNumeric(ccnumber)) Or Not(Len(ccnumber) >= 13) then
         ccmsg=ccmsg & "You must enter a valid Credit Card number.<br>"
    end if

    'check the date
    if ccexpire="" or not(isdate(ccexpire)) then
         ccmsg=ccmsg & "You must enter a valid Expiration date.<br>"
    end if

    if ccmsg <> "" then
         response.redirect("payment.asp?ccmsg=" & Server.URLEncode(ccmsg))
    end if

However if you want to ensure that a CC# is valid for processing then you will nned to use a CC processing center, there are dozens that do this, here is a brief list;

DPI Merchant Services
ECX QuickCommerce 3.0
Epoch Systems
ePoint Processing
eProcessing Network
iBill Processing
IntelliPay ExpertLink
iTransact RediCharge
LinkPoint Secure
MCPS WebLink
PayCom Processing
PayReady Link
PaySystems (RevEcom)
Planet Payment
RTWare WebLink
Trust Ecommerce
VeriSign PayFlow Pro
ViaKlix (Nova)

Expert Comment

ID: 7986647
There is a service (for UK) called Netpayments which allows you to use their system to securly collect credit card information which you can then use to take payment.


Expert Comment

ID: 7988731
Is netpayments free.

There are countless merchant accoutn and credit card validation companies however non of which I have ever seen are free.
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more


Expert Comment

ID: 7997937
If you want to be able to accept payment for products/services online, then you are going to have to pay. However, you could collect the card details yourself but you would need to ensure your method was secure. If were going to do that, I would recommed:

* Purchase a dedicated servers
* Pay extra for added security
* Get 128 Bit SSL
* Secure your database
* Use PGP

This will cost a heck of a lot!

That is where the companies such as WorldPay or Netpayments come in. They already have all the security equipment which means you don't have to pay extra for it. As you already have a merchant account, then Netpayments would be the best - they only charge £9.95 per month!

Expert Comment

ID: 8046858
OH yeah, and how are you going to store this credit card information?

Are you using SSL or any kind of encryption?

What kind of security measures are using to control the privacy and security of that data.

I find it easiest to go with an external source, but it depends on your situation, and what kind of resources you have.

Also it depends on what methods you want to offer...

And how you want to validate them...There is also a trend to start asking for the special number that is on the back of the credit card number...

You have to do a lot of planning to make sure all aspects of the order are taken care of.

I went this whole process as part of a new site i just finished completing.
LVL 10

Expert Comment

ID: 8085894
you won't find it for free.  you'll need a payment gateway like http://www.authorize.net 

there are others as well, but having a merchant account isnt enough.


Expert Comment

ID: 8092770
Having a merchant account the the hardest hurdle to get over in this business. Since you all ready have one I am assuming that you're a brick and mortar business as well.

I dont konw much about asp so I wont post any code but I think you can figure it out. I also dont know much about your business or technological situation but here gos:

First off you're going to need access to an SSL (secure socket layer), this is a special section of the server your running on that will encrypt and decrypt information coming to and going from it.
SSL is denoted by the little lock symbol (IE) the HTTPS insead of HTTP in the address bar ect. You're whole website dosen't have to be on SSL just the CC processing protion of it. If your using a hosting company they'll charge a little extra per mo (mine is $5.00)

Second.... Create a form on your checkout page (on SSL) with your $$$ totals with everything added up so the final $$$ ammount that will be charged to thier credit card is displayed. Make sure that the customer knows exactly how much money will be debited from his account for this is the #1 reason that people request chargebacks. On the form you'll obviously have fields like CC number, Exp date and others... This form will be passed on to....

Your new best friend... your transaction company... Choosing one is of the upmost importance and should require a substantial amount of research. Definatley get one that you have to pay for... Nothing in this world if free especially not CC trannys

If anyone is offering them for free I would stay far far away. I'd put my money on them being scams.
Processing CC's on the internet will usually entails:
1. A set-up fee
2. A monthly fee
3. A per-transaction fee
4. A "cash-out" fee
5. A percentage of your charge (typically called a discount fee)

yes, a discount fee, a discount of your profits. Any where from %.9
to %5.0 depending on the company and the volume of transactions you do with them. I know its a lot of fees but there's nothing you can do to avoid them aside from installing a processing machine in your living room... Personally I would find a company in your hometown and visit them in person. Make sure they give you literature outlining every little nuance in they contract, trust me you'll thank your self later (in small claims court)

As for acutal processing of the card...
Don't store any of the customer's CC information in your database or on your server. And let them know that. On my website I make sure that the customer knows that absolutley none of their CC info is stored anywhere and the session cookie is destroyed as soon as the card is accepted or declined.
This gives the customer piece of mind and lets the legal burden off of yourself.
The transaction process outlined:

your SSL server ------> transaction company SSL server ------> credit card company (accept or decline) ------>transaction company SSL server ------> yor SSL server

here you will tell your customer that his card has been accepted or declined simple as that...
I have never seen a reason to store any credit card information (except for recurring transactions) and I wouldn't want anyone storing mine.

if your looking for more information the companies are the best place to go. Although bias for information go to the sources. I've found that www.beanstream.com has a great source...

I hope this opens your eyes some...


Expert Comment

ID: 8161847
Verisign offers a nice dll called Verisign Pay Flow Pro.

You can talk to directly from asp if you want to build your own solution.  You just send it the information and it sends you the results - It checks card, expiration, zip code, the 3 or 4 digit number on the physical card, etc.

You never need to leave your site for a 3rd party interface - but your host needs to register the dll on their server (most hosting services shouldn't have a problem with this proven company though, they might already have it installed.)

 - Pete

Expert Comment

ID: 8231241
Here is what I recommend you do:

(1) use a simple script to validate the credit card number
(2) store the credit card numbers in the database
(3) export the orders in a csv file
(4) have your merchant process those orders for you (most merchants provide this for free).

This is the fastest way to get going.

Expert Comment

ID: 8395905
this code is pretty effective, not complete but you should get the jist

if (!LuhnCheck(ccNum) || !validateCCNum(ccType,ccNum))
 alert('Please enter a valid card number');
 result = false;

function LuhnCheck(str)
  var result = true;

  var sum = 0;
  var mul = 1;
  var strLen = str.length;
  for (i = 0; i < strLen; i++)
    var digit = str.substring(strLen-i-1,strLen-i);
    var tproduct = parseInt(digit ,10)*mul;
    if (tproduct >= 10)
      sum += (tproduct % 10) + 1;
      sum += tproduct;
    if (mul == 1)
  if ((sum % 10) != 0)
    result = false;
  return result;

function validateCCNum(cardType,cardNum)
     var result = false;
     cardType = cardType.toUpperCase();
     var cardLen = cardNum.length;
     var firstdig = cardNum.substring(0,1);
     var seconddig = cardNum.substring(1,2);
     var first4digs = cardNum.substring(0,4);

     switch (cardType)
          case "VISA":
               result = ((cardLen == 16) || (cardLen == 13)) && (firstdig == "4");
          case "MASTERCARD":
               var validNums = "12345";
               result = (cardLen == 16) && (firstdig == "5") && (validNums.indexOf(seconddig)>=0);
          case "SWITCH" :
        case "SOLO" :
        case "DELTA" :
               result = (cardLen == 16);

     return result;

Expert Comment

ID: 8729885
Not sure how complex you're online "store" will be, but you can try setting up a merchant account with http://www.2checkout.com/ or a Paypal merchant account http://www.paypal.com 

Those will allow you to accept credit cards on your site by setting up special links for your products.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Original post  on Monitis Blog. Web performance monitoring is broken into two camps: passive and active. Passive monitoring is defined as looking at real-world historical performance by monitoring actual log-ins, site hits, clicks, requests for …
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question