[ic] Credit card LUHN checking - why we don't want it

[Mike Heins]

Quoting Steffen Dettmer (steffen@dett.de):
> * Mike Heins wrote on Thu, Jul 05, 2001 at 16:45 -0400:
> > Quoting Martin Dabb (jmdabb@paradise.net.nz):
> > > LUHN checking doesn't work for cards from all countries, including New
> > > Zealand where my client's business is - hence I''ll need to find a way to
> > > turn it off.
> > 
> > That is easy enough - set
> > 
> > 	<INPUT TYPE=hidden NAME=mv_credit_card_force VALUE=1>
> > 
> > which forces the LUHN-10 check good.
> 
> Huh? The Shop trusts the browser?! Why that? Are there other such
> things? Is there a field called mv_price_check_disable or
> similar? I cannot understand how a database driven system could
> be confiugrable and fakeable by some client/browser? Or did I
> missed something?

All it does is disable the LUHN check, it won't cause a payment gateway
to authorize anything. LUHN-10 is so easily faked, there is nothing you
can do about that anyway.

	use Business::CreditCard;
	my $fake_number = '4567 8901 2345 678';
	print $fake_number . generate_last_digit($fake_number);

There is a one in ten chance that any number will pass LUHN-10 -- it
is designed to catch one-character typos all the time and sometimes catch
multi-character typos.

You can disable the force in catalog.cfg if you want with:

    FormIgnore   mv_credit_card_force

-- 
Red Hat, Inc., 3005 Nichols Rd., Hamilton, OH  45013
phone +1.513.523.7621      <mheins@redhat.com>

I am a great believer in luck, and I find that the harder I work
the more luck I have. -- Thomas Jefferson