Enhance Luhn Algorithm for Validation of Credit Cards Numbers



Similar documents
Flaws & Frauds Hindering Credit Cards Security

Anatomy of Credit card Numbers

Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

HSBC PROMOTIONAL ADVANCE SAVINGS. TERMS & CHARGES DISCLOSURE 1 and EFT FACILITY CHARGES

The Comprehensive, Yet Concise Guide to Credit Card Processing

Payment Card Industry Data Security Standard

Identification Numbers and Check Digits 1

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

Merchant e-solutions Payment Gateway Back Office User Guide. Merchant e-solutions January 2011 Version 2.5

BinBase.com REPORT: credit card fraud

COMMERCIAL-IN-CONFIDENCE

JavaScript 4. User Input Validation

Electronic Commerce and E-wallet

Version 1.0 STRATEGIC PARTNER TRAINING MANUAL

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

)454 % 4HE INTERNATIONAL TELECOMMUNICATION CHARGE CARD

Merchant Account Service

Credit Card Agreement and Disclosure Statement

Minimum Balance to Obtain APY Interest Rate Annual Percentage Yield (APY) Not Applicable Not Applicable Not Applicable. Not Applicable.

CFX_AIM_JAVA. A payment card gateway solutions for ColdFusion users of Authorize.Net s Advanced Integration Method (AIM)

Fraud Detection. Configuration Guide for the Fraud Detection Module v epdq 2014, All rights reserved.

Recurring Billing. Using the Simple Order API for CyberSource Essentials. March 2016

Secure Online Payment Verified by Visa and MasterCard SecureCode

CyberSource and NetSuite Getting Started Guide

Federal Acquisition Service

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

CREDIT CARD PROCESSING AND MERCHANT SERVICES

PCI Data Security Standards

COMP 250 Fall 2012 lecture 2 binary representations Sept. 11, 2012

Payment Security Solutions. Payment Tokenisation. Secure payment data storage and processing, while maintaining reliable, seamless transactions

Ecommerce Setup Wizard Site Setup Wizards

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

B+S payment solutions

Fraud Detection Module (basic)

The Payments Ecosystem: Security Challenges in the 21st Century

Chip Card (EMV ) CAL-Card FAQs

Recurring Billing. Using the Simple Order API. October CyberSource Corporation HQ P.O. Box 8999 San Francisco, CA Phone:

Payment Card Industry Data Security Standard PCI DSS

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Continuous compliance through good governance

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

SECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS

Using EMV Cards to Protect E-commerce Transactions

Accepting Credit Cards 101

Cost-management strategies. Your guide to accepting card payments cost-effectively

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

Online Payment Processing Definitions From Credit Research Foundation (

Merchant Account Set-up Guide

Recurring Billing. Using the Business Center. May CyberSource Corporation HQ P.O. Box 8999 San Francisco, CA Phone:

MII stands for major industry identifier; 4 and 5 indicate Banking and Financial. VISA cards begin with 4 and MasterCard cards with 5.

Security Concerns in Electronic Payments. Major Forms of Government Electronic Payment

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Swedbank Payment Portal Implementation Overview

MySagePay. User Manual. Page 1 of 48

A Novel Authentication Scheme to Increase Security for Non-Repudiation of Users

Electronic Commerce. 4. Payment Schemes. V Rajaraman. In this part, we will describe payments using credit cards and cheques in e-commerce.

Minimum Balance to Obtain APY Interest Rate Annual Percentage Yield (APY) Not Applicable Not Applicable Not Applicable. Not Applicable.

Electronic Payments Part 1

Your guide to epdq moto

SYNERGY CARDS SDN BHD

Security Analysis. Hashing Credit Card Numbers: Unsafe Application Practices

Efficient Prevention of Credit Card Leakage from Enterprise Networks

PCI Security Standards Council

Westpac Added Online Security. Terms and Conditions

Credit Card Processing Overview

Credit Card (PCI) Security Incident Response Plan

ELECTRONIC FUNDS TRANSFER (and Error Resolution) DISCLOSURE (Rev. Nov. 6, 2008)

CREDIT CARD PROCESSING GLOSSARY OF TERMS

ecommerce Advantage 7.0 User Guide

Payment systems. Tuomas Aura T Information security technology

MAYBANK E-COMMERCE CREDIT CARD FACILITY Online Credit Card Payment

Datatrans ecom General Information

Mobile Payment Solutions: Best Practices and Guidelines

Handling of card data in conformance with PCI DSS

CyberSource Payer Authentication

VeriFone Omni VeriFone V x

Complying with PCI Data Security

A Layered Signcryption Model for Secure Cloud System Communication

Who Are The Parties Involved In Credit Card Processing?

Loyalty Rewards DSPROGRAM.PDF. TECHSTORM North Dallas Parkway Suite 125 Addison, Texas 75001

Minimum Balance to Obtain APY Interest Rate Annual Percentage Yield (APY) $2,500 or more.01%.01% $5 or more but less than $2,500.01%.

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

A Glossary of Key Terms for the Vendor to Surcharge to Make Card Payments a Price Competitive Payment Channel By: Scott Blakeley, Esq.

Visa Infinite Infinite Platinum

Barcode Based Automated Parking Management System

Bradley University Credit Card Security Incident Response Team (Response Team)

Greater Giving 2014 Cashiering Entering Payments Banking the Event During

PCI Security Compliance

Extra service for your customers: payments in their own currency. Dynamic Currency Conversion for transactions via your payment terminal or website

Credit/Debit Card Processing Requirements and Best Practices. Adele Honeyman Oregon State Treasury Training Specialist

Trends in Merchant Payment Acceptance


Transcription:

Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 7, July 2013, pg.262 272 RESEARCH ARTICLE ISSN 2320 088X Enhance Luhn Algorithm for Validation of Credit Cards Numbers Khalid Waleed Hussein 1, Dr. Nor Fazlida Mohd. Sani 2, Professor Dr. Ramlan Mahmod 3, Dr. Mohd. Taufik Abdullah 4 1-4 Faculty Computer Science & IT, University Putra Malaysia (UPM), Kuala Lumpur-Malaysia 1 Khaled_it77@yahoo.com, 2 fazlida@fsktm.upm.edu.my, 3 ramlan@fsktm.upm.edu.my, 4 mtaufik@fsktm.upm.edu.my Abstract-The Luhn algorithm is the first line of defense in many e-commerce sites and is used to validate a variety of identification numbers such as credit card numbers. Nevertheless, many card numbers exist and at such volumes, the algorithm cannot distinguish among these numbers. A variety of tests show that the Luhn algorithm suffers from weaknesses including the failure to determine the length and type of credit card number being analyzed. We intend to enhance the Luhn algorithm for the validation of credit card numbers. The enhancement is expected to be useful for many e-commerce sites that use the algorithm. Keyword- Security; Luhn algorithm; Credit Card Number Validation; Visa card Validation; JCB number Validation. I. INTRODUCTION Credit cards are the most frequently used payment method, accounting for about 95% of all online transactions; these are the primary means of payment for goods and services purchased online[1]. With increasing credit card use on the Internet comes a dramatic increase in credit card fraud[2]. Typing errors are one of the most common errors that occur when a user attempts to retype his/her credit card number 2013, IJCSMC All Rights Reserved 262

Khalid Waleed Hussein, International Journal of Computer Science and Mobile Computing Vol.2 Issue. 7, July- 2013, pg. 262-272 over the dedicated slot on an e-commerce site. An example is when the 8 key is hit instead of 7. A general credit card number (Figure 1) consists of an industry ID or major industry identifier (MII) (one digit), issuer ID (5 digits), account number (9 digits), and checksum (one digit). The MII plus the issuer ID is called the issuer identification number (IIN) or bank identification number (BIN), as defined in (ISO/IEC 7812-1:1993) [3]. MasterCard has 16 digits and its IIN starts with 5, Visa card has 16 digits with an IIN that starts with 4, and Japan Credit Bureau (JCB) has 16 digits and its IIN starts with 3[4-6]. Figure 1: Credit card number details 2013, IJCSMC All Rights Reserved 263

II. LUHN ALGORITHM (MOD 10) The Luhn algorithm (MOD 10) is the first line of defense in many e-commerce sites. It is used to validate a variety of identification numbers, such as MasterCard and Visa card numbers. The algorithm, created by IBM, the algorithm is in the public domain and is currently extensively used. It was designed to protect companies and consumers against accidental errors and typing errors (Figure 2)[7, 8]. Figure 2: Luhn algorithm A. Formula (Mod 10) Algorithm Steps 1. Step 1: Starting with the second to the last digit and moving to the left, double the value of all alternating digits. If the product obtained from this step is greater than 9, then subtract 9 from the product. 2. Step 2: Add the digits of the products together with the digits from the original number. Exclude 2013, IJCSMC All Rights Reserved 264

3. Step 3: Divide the sum by 10 and check on whether the remainder is 0. If so, then that is the check digit. However, if the number is not equal to 0, then subtract the remainder from 10. The resultant number is B. Illustration We demonstrate this algorithm through an example. In this example, we will validate the MasterCard number 5542135611412501. For educational purposes. 1. Step 1: Starting with the second to the last digit and moving left, double the value of all alternating digits. If product of this doubling operation is greater than 9, then subtract 9 from the product, as described previously (Figure 3). Figure 3: First step of the Luhn algorithm 2. Step 2: Add the digits of the products together with the digits from the original number. Exclude the check digit (digits in parentheses are the products from Step 1). (0)+5+(4)+1+(8)+1+(2)+6+(1)+3+(2)+2+(8)+5+(1) = 49 3. Step 3: Divide the sum by 10 and verify whether the remainder is equal to 0. If the remainder is 0, then that is If the number is not equal to 0, then subtract the remainder from 10. The resultant number is 49 mod10 =>9 10 9 = 1 Result (1) matches the check digit (1), indicating that the MasterCard number is valid. 2013, IJCSMC All Rights Reserved 265

III. REAL TEST FOR LUHN ALGORITHM Many applications available on the Internet and e-commerce websites rely on the Luhn algorithm to check credit card numbers. Credit cards have 16 digits, prompting us to test the capability of the Luhn algorithm to determine the length of credit card number. The test reveals that the algorithm checks only the last digits of a credit card number while neglecting number length. First experiment - First Example: In this example, we use the same MasterCard number employed in section B. However, we exclude the last three digits of the original number for it to become a 13-digit number given that MasterCard has 16 digits (as presented in section B). The MasterCard number used in this example is 5542135611412. 1. Step 1: Double the value of all the alternating digits (Figure 4). Figure 4: First step in the first example of the first experiment. 2. Step 2: Add all the digits, except check digit (digits in parentheses are the products from Step 1). (2)+4+(2)+1+(3)+5+(6)+1+(4)+4+(1)+5 = 38 3. Step 3: Divide the sum by 10, and then subtract the remainder from 10. The resultant number is 38 mod10=> 8 10 8 = 2 When result (2) matches the check digit (2), it indicates that the MasterCard number is valid. However, this MasterCard number is invalid because it should have 16 digits. 2013, IJCSMC All Rights Reserved 266

First experiment - Second Example: We take another example to validate another MasterCard number (5578249275041923). 1. Step 1: Double the value of all alternating digits (Figure 5). Figure 5: First step in the second example of the first experiment (MasterCard, 16 digits). 2. Step 2: Add all the digits, except the check digit (digits in parentheses are the products from Step 1). (4)+9+(2)+4+(0)+5+(5)+2+(9)+4+(4)+8+(5)+5+(1) = 67 3. Step 3: Divide the sum by 10, and then subtract the remainder from 10. The resultant number is 67 mod10 => 7 10 7 = 3 When result (3) matches the check digit (3), it indicates that the MasterCard number is valid. We now test the same MasterCard number (5578249275041923), with the last three digits from the rightmost part of the original deleted. The MasterCard number is now 5578249275041. 1. Step 1: Double the value of all alternating digits (Figure 6). Figure 6: First step in the second example of the first experiment (MasterCard, 13 digits). 2. Step 2: Add all the digits, while excluding the check digit (digits in parentheses are the products from Step 1). (8)+0+(1)+7+(4)+9+(8)+2+(7)+7+(1)+5 = 59 2013, IJCSMC All Rights Reserved 267

3. Step 3: Divide the sum by 10, and then subtract the remainder from 10. The resultant number is 59 mod10 => 9 10 9 = 1 When result (2) matches the check digit (2), it indicates that the MasterCard number is valid. However, this MasterCard number is invalid because it should have 16 digits. We perform numerous experiments for MasterCard numbers using the Luhn algorithm and we obtain the same results: the algorithm cannot distinguish the lengths of credit card numbers. Another example that can be validated is credit card number 5503167149572842 and the number produced after the last two digits from the rightmost part of the original number have been deleted. Readers can also test MasterCard number 5593557984114547 and the number produced after the last five digits from the rightmost part of the original number have been excluded. Second Experiment - First Example: In this example, we prove that the Luhn algorithm suffers from weaknesses including failure to determine the type of credit card number. We take an actual MasterCard number (5397373822153004) for testing. Then the first two digits from the leftmost part of the original number are changed to convert the number into Visa card and JCB versions. 1. Step 1: Double the value of all the alternating digits as previously described (Figure 7). Figure 7: First step in the first example of the second experiment. 2. Step 2: Add all the digits, except for the check digit (digits in parentheses are the products from Step 1). (0)+0+(6)+5+(2)+2+(4)+8+(6)+7+(6)+7+(9)+3+(1) = 66 3. Step 3: Divide the sum by 10, and then subtract the remainder from 10. The resultant number is 66 mod10 => 6 10 6 = 4 When result (4) matches the check digit (4), it indicates that the MasterCard number is valid. 2013, IJCSMC All Rights Reserved 268

Khalid Waleed Hussein, International Journal of Computer Science and Mobile Computing Vol.2 Issue. 7, July- 2013, pg. 262-272 We changed the first two digits from leftmost part of the MasterCard number (5397373822153004) to be (4697373822153004). Thus, this number indicates to Visa card because it is start with 4. 1. Step 1: Double the value of all the alternating digits ( Figure 8). Figure 8: First Step 2. Step 2: Add all the digits, except for the check digit (digits in parentheses are the products from Step 1). (0)+0+(6)+5+(2)+2+(4)+8+(6)+7+(6)+7+(9)+6+(8) = 76 3. Step 3: Divide the sum by 10, and then subtract the remainder from 10. The resultant number is 76 mod 10 => 6 10 6 = 4 When result (4) matches the check digit (4), it indicates that the Visa card number is valid. However, this Visa card number is a fake number. As stated, we convert the MasterCard number into a JCB number through changed the first two digits from leftmost part of the MasterCard number from (53) to (38). The JCB number will be (3897373822153004). 1. Step 1: Double the value of all the alternating digits as described previously (Figure 9). Figure 9: First Step 2013, IJCSMC All Rights Reserved 269

2. Step 2: Add all the digits, except for the check digit (digits in parentheses are the products from Step 1). (0)+0+(6)+5+(2)+2+(4)+8+(6)+7+(6)+7+(9)+8+(6) = 76 3. Step 3: Divide the sum by 10, and then subtract the remainder from 10. The resultant number is 76 mod10 => 6 10 6 = 4 When result (4) matches the check digit (4), it indicates that the JCB number is valid. However, this JCB number is a fake number. We perform numerous experiments on various MasterCard, Visa card, and JCB numbers using the algorithm. In the end, we obtain the same results; that is, the Luhn algorithm fails to distinguish credit card numbers from one another. 2013, IJCSMC All Rights Reserved 270

IV. PROPOSED FLOWCHART FOR THE ENHANCED LUHN ALGORITHM We propose to enhance the Luhn algorithm as shown in Figure 10. The purpose of enhancement is to make Luhn algorithm determine the length and type of credit card number. Figure 10: Enhanced Luhn algorithm. V. CONCLUSION The Luhn algorithm is widely used on the Internet to validate of credit card numbers, but this algorithm suffers from weaknesses, as confirmed by tests. We conducted two types of experiments for different credit card numbers. Some of these experiments and examples have been presented in this paper. We also included our improvements to the algorithm. In our future work, we will validate the performance of the Luhn algorithm in checking ID card numbers a more important factor, especially for websites that analyze ID card numbers to ensure non-repudiation of users or customers. REFERENCES [1] Paul Tucker, Innovations in retail payments, 2012, Committee on Payment and Settlement Systems. p. 96. [2] Hetvi Modi, et al., Fraud Detection in Credit Card System Using Web Mining. International Journal of Innovative Research in Computer and Communication Engineering,, 2013. 1(2): p. 175-179. 2013, IJCSMC All Rights Reserved 271

[3] David Addison. Anatomy of a credit card number and the utility of the BIN. 2011 [cited 2013 24/June]; Available from: http://www.dirigodev.com/blog/ecommerce/anatomy-of-a-credit-cardnumber/. [4] Asia News, et al., JCB WORLD REPORT, 2008. p. 8. [5] HSBC Bank, JCB Gold Card Cardholder 2010. p. 20. [6] Professor Marshall. Introduction to How Credit Cards Work. 2006 22 Feb 2013 [cited 2013 25 /June]; Available from: http://money.howstuffworks.com/personal-finance/debtmanagement/credit-card1.htm/printable. [7] Chi Yuan Li and Zhi Qiang Yao, The Validation of Credit Card Number on the Wired and Wireless Internet. Journal of Networks, 2011. 6: p. 432-437. [8] Yao Zhiqiang, LI Chiyuan, and T. Huixian., The Application of Credit Card Number Validation Algorithm on the Wired and Wireless Internet 2010, IEEEXplore: Ternopil. p. 1-4. 2013, IJCSMC All Rights Reserved 272

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information