[ic] Credit card LUHN checking - why we don't want it

Jim Balcom interchange-users@lists.akopia.com
Fri Jul 6 18:06:00 2001


On Fri, 6 Jul 2001, Jonathan Clark wrote:

JC>>> > That is easy enough - set
JC>>> >
JC>>> > 	<INPUT TYPE=hidden NAME=mv_credit_card_force VALUE=1>
JC>>> >
JC>>> > which forces the LUHN-10 check good.
JC>>>
JC>>> Huh? The Shop trusts the browser?! Why that? Are there other such
JC>>> things? Is there a field called mv_price_check_disable or
JC>>> similar? I cannot understand how a database driven system could
JC>>> be confiugrable and fakeable by some client/browser? Or did I
JC>>> missed something?
JC>>
JC>>AFAIK LUHN-10 checking is only performed if the CC details are to be
JC>>encrypted and emailed to the shop owner.
JC>>
JC>>In this case, there is always a check being performed by a human before a
JC>>shipment. Worst case would be that a bogus number gets entered... but then a
JC>>customer could get through a LUNH-10 check with 4111 1111 1111 1111 .... and
JC>>I am sure they still wouldn't get the goods..

As I see it, even if the store software is calling via CyberCash, or
whatever, for approval, it's not going to go through with a card number
that LUHN-10 would have bounced if it were being used, since the card
processor will run their own LUHN-10, which can't be gotten around.

Having the LUHN-10 checking in there is ONLY a nicety that is doing a
preliminary check while the customer is still on-line to insure that he
hasn't flapped his fingers too fast. Before changing over to IC, I used
to get quite a few bad numbers, which when corrected were as simple as
a 6448 became a 6488, which screwed up the whole thing. This informs
him immediately that he screwed up and gets an accurate number for him.

It doesn't matter what the customer puts in there, and it doesn't
matter what checking does, or doesn't get done. It's got to get past
the company that is going to process the charge, and thus guarantee it.


-= Jim =-

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Friday, July 06, 2001 at 18:00 PM:
PCMCIA: People Can't Memorize Computer Industry Acronyms

----------------------------------------------------------------
This Linux System has been up 204 hours  

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------