Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Laser card validation algorithm

  • 05-03-2010 03:24PM
    #1
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭


    Hey, not sure if this is the best forum or not, but nothing really suits it.

    Im looking for the algorithm used to validate Laser cards. Im building a CC checker to check if a given card number is valid. All it does is passes a simple mathematical algorithm, nothing dodgy or the likes.

    The majority of cards use the Luhn algorithm, but AFAIK Laser doesnt. Ive googled a wee bit but cant find anything on laser cards. Twould be a great help if someone knew.
    Cheers all


Comments

  • #2
    AKA pat sheen
    Closed Accounts Posts: 121 ✭✭AKA pat sheen


    Black_Knight wrote: »
    Hey, not sure if this is the best forum or not, but nothing really suits it.

    Im looking for the algorithm used to validate Laser cards. Im building a CC checker to check if a given card number is valid. All it does is passes a simple mathematical algorithm, nothing dodgy or the likes.

    The majority of cards use the Luhn algorithm, but AFAIK Laser doesnt. Ive googled a wee bit but cant find anything on laser cards. Twould be a great help if someone knew.
    Cheers all

    Check out:http://www.braemoor.co.uk/software/creditcard.shtml and http://www.ihwy.com/labs/jquery-validate-credit-card-extension.aspx

    I checked the code in case it was just a prefix/length checker and apparently Laser do use modulus 10 (luhn) checks now.


  • #3
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭Black_Knight


    AKA pat sheen wrote: »
    Check out:http://www.braemoor.co.uk/software/creditcard.shtml and http://www.ihwy.com/labs/jquery-validate-credit-card-extension.aspx

    I checked the code in case it was just a prefix/length checker and apparently Laser do use modulus 10 (luhn) checks now.

    If they do, either my code is wrong, or my friend has a fake laser card!


    A always knew he looked shifty


  • #4
    AKA pat sheen
    Closed Accounts Posts: 121 ✭✭AKA pat sheen


    Black_Knight wrote: »
    If they do, either my code is wrong, or my friend has a fake laser card!


    A always knew he looked shifty

    Do you mean you tried a real laser card number in that (offline!) and it came back as false? I dunno. Did you download and look at the javascript? The change log in the script says laser card checks were "extended" in jun 2009 so perhaps only cards issued after that date have the mod-10 checksum feature in which case maybe the card you tried is too old.


  • #5
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭Black_Knight


    AKA pat sheen wrote: »
    Do you mean you tried a real laser card number in that (offline!) and it came back as false? I dunno. Did you download and look at the javascript? The change log in the script says laser card checks were "extended" in jun 2009 so perhaps only cards issued after that date have the mod-10 checksum feature in which case maybe the card you tried is too old.

    Ha! No no. I tried his CC in my program. Id be a bit cautious putting real CC into that site. My friends card didnt pass my test. Ive compensated for the 16 or 19 number laser cards, but to no joy. Ill have a look at the code again one of these days, but its good to know laser uses the luhn algorithm.


  • #6
    braemoor
    Closed Accounts Posts: 1 braemoor


    Black_Knight wrote: »
    Id be a bit cautious putting real CC into that site.

    I shouldn't worry about it. It's my site, and an inspection of the code will soon reassure you that the credit card number is processed within the browser and doesn't get sent back to the web server.

    Laser cards do have a standard Luhn check digit. They should have between 16 and 19 numbers inclusively, and should have a prefix of one of 6304, 6706, 6709.


  • Advertisement
  • #7
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭Black_Knight


    Ha! Sound. Welcome to boards BTW.

    Its probably just my code, I had it working for 16 digit cards, and I just slapped it together to accommodate laser. Slapping didnt work.


  • #8
    [-0-]
    Closed Accounts Posts: 3,981 ✭✭✭[-0-]


    Any joy with this yet BK?


  • #9
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭Black_Knight


    [-0-] wrote: »
    Any joy with this yet BK?

    Been working on my website these past few weeks, not had a chance to review my code. I might get a chance towards the end of the month. Deadlines are closing in fast these days!


  • #10
    [-0-]
    Closed Accounts Posts: 3,981 ✭✭✭[-0-]


    Black_Knight wrote: »
    Been working on my website these past few weeks, not had a chance to review my code. I might get a chance towards the end of the month. Deadlines are closing in fast these days!

    Tell me about it! Hehe.


  • #11
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭Black_Knight


    Spent 2 minutes debugging there. Found my problem. My loop for elements 0 2 4 6 8 etc in the array was stopping at element 1, so the 1st number was never being read in. Just changed the loop to end at 0 instead.

    Job done, works for all (AFAIK) luhn algorithm CCs.


  • Advertisement
  • #12
    robindch
    Moderators, Society & Culture Moderators Posts: 24,452 Mod ✭✭✭✭robindch


    Black_Knight wrote: »
    Im looking for the algorithm used to validate Laser cards. Im building a CC checker to check if a given card number is valid.
    I found this post while googling for something else, and the post is from back in March, but what the hell. It may still be relevant.

    As you found out, Laser (and all other MasterCard, Amex and Visa-branded products) use a standard Luhn-10 check digit algorithm to figure out if a given card number is valid or not. Luhn-10 provides the absolute minimum level of data integrity-checking in the payments game and it shouldn't be relied upon to do anything more than stop ~90% of typos in things like web entry forms for credit and debit cards for mail order and telephone order-class transactions.

    If, on the other hand, you have the cardholder's card lying around and can stick it into a card reader, then your software can interrogate it and carry out a full RSA-based card authentication algorithm called SDA which will tell you whether or not the data on the card has been created by a card issuer trusted by one of the international card networks. From January next year, the banks here are required to issue slightly fancier cards which support a similar algorithm called DDA which, if successful, allows you to conclude that the card you have was created by a card issuer trusted by one of the international card networks. Note the subtle difference in levels of authentication here.

    SDA and DDA are relatively straightforward to implement in themselves, but there's quite a lot that has to happen before you reach the stage at which you've acquired sufficient data from the cards to run the algorithms.

    Hope this helps.


  • #13
    Black_Knight
    Moderators Posts: 12,413 ✭✭✭✭Black_Knight


    Ha! 6 months indeed.

    Cheers for the reply.

    TBH, the only thing I was interested in doing was the Luhn algorithm. It was just a little home experiment, getting in on a bit of VB.

    Cheers


  • #14
    JimmyCrackCorn
    Registered Users, Registered Users 2 Posts: 1,689 ✭✭✭JimmyCrackCorn


    Super smart keyloggers for the win. Sorry ill get my coat.

    The credit card validation algorithm has been ideal over the years for key-loggers and packet sniffers that want to grab this stuff over a network.

    Even so a simple regex would be nearly as effective at the same job.


  • #15
    robindch
    Moderators, Society & Culture Moderators Posts: 24,452 Mod ✭✭✭✭robindch


    JimmyCrackCorn wrote: »
    The credit card validation algorithm has been ideal over the years for key-loggers and packet sniffers that want to grab this stuff over a network.
    For sniffing, Luhn-10 isn't all that much use, especially since a typical payments message will contain more information than just the primary account number (and it not contain that).

    Also, for some years, payments applications have been regulated by the PCI Security Standards' Council and sending unencrypted traffic over non-secure networks is a big no-no -- see section 12 of the PA-DSS documentation available here:

    https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html


  • #16
    JimmyCrackCorn
    Registered Users, Registered Users 2 Posts: 1,689 ✭✭✭JimmyCrackCorn


    robindch wrote: »
    For sniffing, Luhn-10 isn't all that much use, especially since a typical payments message will contain more information than just the primary account number (and it not contain that).

    Also, for some years, payments applications have been regulated by the PCI Security Standards' Council and sending unencrypted traffic over non-secure networks is a big no-no -- see section 12 of the PA-DSS documentation available here:

    https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html

    Id prefer not to give someone the recipe on how to do this but in the event that either the local machine is compromised or the attacker can get in the middle SSL no longer applies.

    The result being with a libpcap you can grab the packets pull out the credit card information on any postback packets with numbers long enough and validate them


Advertisement