[ic] Credit card LUHN checking - why we don't want it
Jonathan Clark
interchange-users@lists.akopia.com
Fri Jul 6 06:03:00 2001
> > That is easy enough - set
> >
> > <INPUT TYPE=hidden NAME=mv_credit_card_force VALUE=1>
> >
> > which forces the LUHN-10 check good.
>
> Huh? The Shop trusts the browser?! Why that? Are there other such
> things? Is there a field called mv_price_check_disable or
> similar? I cannot understand how a database driven system could
> be confiugrable and fakeable by some client/browser? Or did I
> missed something?
AFAIK LUHN-10 checking is only performed if the CC details are to be
encrypted and emailed to the shop owner.
In this case, there is always a check being performed by a human before a
shipment. Worst case would be that a bogus number gets entered... but then a
customer could get through a LUNH-10 check with 4111 1111 1111 1111 .... and
I am sure they still wouldn't get the goods..
Jonathan
Webmaint.