|
|
| Credit Card Magic | |
|
|
|
It's quite impressive, and not that hard, to tell someone what the last digit
of their credit card number is if they tell you the others, but it does require
a good ability to do mental arithmetic.
Every credit card ( and many, but not all, debit and other transaction cards )
has a number printed on the front, the last digit of which is the 'checksum
digit'; this is used as a basic test to check that the credit card number is
valid. Calculating the last digit of a card number is quite straight forward, and can
be used to impress people who don't know how it's done, or don't even realise
that the last digit is a checksum. In fact, any single missing digit of a card number can be determined, but the
'trick' depends on how the checksum digit is calculated, and so the last digit
is in many ways the most important one.
Most credit cards have a 12 to 16 digit number which is printed on the card, and
the last is the checksum digit. The digit is calculated by using a method called
"Mod 10" which is described below. It is not simply, as those who are computer
literate, and aware of 'modulo arithmetic', the last digit of the sum of all
other numbers, but a calculation done using the Luhn Algorithm, although
a 'Modulus 10' is used. The easiest way to explain how the checksum is calculated, is to use an example.
Using a fictitious card number of '0123 4329 5382 5434', we will set about
calculating the last digit, when we know all the others.
Firstly, we write down the card number without the last digit ...
Then, from the right-hand side ( important to remember as not all cards
will have an even number of digits upon them ), we write down the doubled
value of every other digit ...
Then, we drop the digits we haven't doubled into the gaps ...
Then we add up all the individual digits we have on our bottom line ...
We take the last digit of this sum ( which is what Modulus 10 means ),
and if it is zero, we use that as the checksum digit, otherwise we subtract
the number from 10 to give us our required checksum digit ...
The whole process for this card can be seen below ...
This is fairly easy to do as the first four digits of the card specifies who the
issuer is, and issuers generally have blocks of numbers allocated to
them. The complete list of numbers below is not exhaustive, but covers the
majority of common cards. A quick bluff of, "My ! You must be special. That's
a very rare card to have", works well if you can't remember all the numbers,
but don't expect not to get laughed at if you don't know the numbers of the
most common cards; MasterCard, Visa and American Express. The Issuer Codes
Winning With A Single DigitWhile the first four digits of a credit card number identify the precise issuer of the card, the first digit, known as the Major Industry Identifier, shows which sector category the issuer falls into.Even if you can't determine who issued the card, you can make an informed guess as to what type of card it is, without even looking at it, if you are told the value of the first digit. By taking a full credit card number from a friend ( without the checksum digit being revealed ), it is unlikely that the card holder will realise you will be relying upon the first digit only, and some personal information, to make your guess as to what the card is. Knowing something about the cardholder, where they bank, which Building Societies they use, and perhaps who their car is leased from, makes it appaer that the Major Industry Identifier gives away more than it really does. For example, a card starting with '7' is very likely to be a fuel card, so you you will appear to be extremely accurate if you say, "That's your compnay car fuel card. It's a PHH card is it not ?", if they have a PHH lease car and their employer pays for its petrol. The Major Industry Identifier Numbers
Forging Your Own Credit CardsYou are probably thinking by now that, knowing what an issuer's code is and how to calculate a checksum digit, you can create any card number which appears to be for a valid credit card.Yes you can, and in the old days, even though banks told us it was nothing to worry about, this is exactly how some credit card fraud worked. However, whenever a credit card is used, there are always checks carried out beyond making sure that the code is valid, so you can't just make up any old card number. Shops and other merchants, particularly on-line shops, are unlikely to send goods on until they have verified that the card belongs to the person who has the card, and will check the name and address given against a database held by the card issuer, and may ask for additional proof of evidence of who you are. There are cases when this is time-consuming and costly to do, and situations where it just can't be done; such as when paying for petrol by credit card at an unattended service station. In these cases, almost anyone can pretend to be you if they have your card in their possession, as there are no other checks which can be easily made. Because checks before money is debited from your account can be minimal at times, it is possible for a criminal to 'clone', that is copy, your card and use that as if it you were using it yourself. To prevent this, credit cards now have a three or four digit Card Security Code printed on the back of the card, in the signature panel, which is an additional check that the card is valid. This code is calculated using an extremely advanced encryption technique, and multiple encoding algorithms are applied, using the card number, the expiry date and secret issuer codes before selected digits of the results are written to the magnetic strip and printed on the back of the card. The number on the back of the card is not held on the magnetic strip itself. Unattended credit card payment points, on-line shops, and even stores will now ask what the Card Security Code is as an extra safeguard that the card is valid. Unless a criminal has access to your physical card, there is no way they can know the printed Card Security Code, even if they have all the other details and can create a card with what they do know. Many places do not yet ask for the Card Security Code ( especially the UK ), nor any other additional identification, so credit card fraud will continue. No matter what the originating companies say, there will always be fraud. The only thing which can be done is for the issuers to make cards less prone to fraud, and to ensure that merchants undertake all the checks possible. There is always the possibility that a criminal may copy your card, and write down the Card Security Code, so be aware of vendors who take your card away to be processed and those who write down the security code. I'm not saying that there will always be fraud occurring, but all the cases I have personal knowledge of have been done this way. Complete addresses, including post codes, and even telephone numbers, can very often be legally obtained using a number of freely available and publicly open online resources, using just the name on the card, especially if your telephone number is not ex-directory. With credit card issuers now telling us it is virtually impossible for credit card fraud to occur, because of all these safeguards, it can be incredibly difficult to convince them that any withdrawal of money or other use was not by the card holder. That is despite the fact that it is still relatively easy to create a cloned card, with all the details required to make its use appear legitimate. Where the Terms and Conditions of Use, which accompanied your credit card, says, "Treat your credit cards like cash", they really do mean it. Keeping your cards out of the hands of criminals is the most effective way to stop anyone stealing your money. A Software Implementation of the Luhn AlgorithmThe following is a short piece of Basic code which demonstrates how to calculate a credit card checksum digit programatically. Note that the code uses a 'little trick' to determine which numbers are to be doubled and which aren't, so the sum of all the digits can be calculated in a single pass.
cardNumber$ = "012343295382543"
numberOfDigits% = LEN(cardNumber$)
FOR I% = 1 TO numberOfDigits%
digitValue% = ASC(MID$(cardNumber$,I%,1))-ASC("0")
cardDigit%(I%) = digitValue%
NEXT
doubleThisDigit% = ( numberOfDigits% AND 1 )
checksumDigit% = 0
FOR I% = 1 TO numberOfDigits%
digitValue% = cardDigit%(I%)
IF ( I% AND 1 ) = doubleThisDigit% THEN
digitValue% = digitValue% * 2
IF digitValue% >= 10 THEN
checksumDigit% = checksumDigit%+1-10
END IF
END IF
checksumDigit% = checksumDigit%+digitValue%
NEXT
checksumDigit% = checksumDigit% MOD 10
checksumDigit% = 10-checksumDigit%
checksumDigit% = checksumDigit% MOD 10
PRINT cardNumber$,checksumDigit%
You will undoubtedly have to alter this code to fit in with your own program, but it should save you a lot of time trying to work out how to code the Luhn algorithm. | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
First published on Monday the 16th of September, 2002 at 15:58:30
Last upload was on Tuesday the 23rd of September, 2003 at 18:45:59 |
