[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

Re: [ic] Credit card LUHN checking - why we don't want it

To: interchange-users@developer.akopia.com
Subject: Re: [ic] Credit card LUHN checking - why we don't want it
From: Mike Heins <mikeh@minivend.com>
Date: Fri Jul 6 10:36:01 2001
In-Reply-To: <20010706110606.H3076@dx.net.de>; from steffen@dett.de on Fri, Jul 06, 2001 at 11:06:06AM +0200
List-Archive: <http://lists.akopia.com/pipermail/interchange-users/>
List-Help: <mailto:interchange-users-request@lists.akopia.com?subject=help>
List-Id: Interchange Users (high volume) <interchange-users.lists.akopia.com>
List-Post: <mailto:interchange-users@lists.akopia.com>
List-Subscribe: <http://lists.akopia.com/mailman/listinfo/interchange-users>,<mailto:interchange-users-request@lists.akopia.com?subject=subscribe>
List-Unsubscribe: <http://lists.akopia.com/mailman/listinfo/interchange-users>,<mailto:interchange-users-request@lists.akopia.com?subject=unsubscribe>
References: <010601c10592$6feaafa0$f6624fcb@celeron400> <20010705164558.A20239@bill.heins.net> <20010706110606.H3076@dx.net.de>
Reply-To: interchange-users@lists.akopia.com
Sender: interchange-users-admin@lists.akopia.com
User-Agent: Mutt/1.2.5i

Quoting Steffen Dettmer (steffen@dett.de):
> * Mike Heins wrote on Thu, Jul 05, 2001 at 16:45 -0400:
> > Quoting Martin Dabb (jmdabb@paradise.net.nz):
> > > LUHN checking doesn't work for cards from all countries, including New
> > > Zealand where my client's business is - hence I''ll need to find a way to
> > > turn it off.
> > 
> > That is easy enough - set
> > 
> > 	<INPUT TYPE=hidden NAME=mv_credit_card_force VALUE=1>
> > 
> > which forces the LUHN-10 check good.
> 
> Huh? The Shop trusts the browser?! Why that? Are there other such
> things? Is there a field called mv_price_check_disable or
> similar? I cannot understand how a database driven system could
> be confiugrable and fakeable by some client/browser? Or did I
> missed something?

All it does is disable the LUHN check, it won't cause a payment gateway
to authorize anything. LUHN-10 is so easily faked, there is nothing you
can do about that anyway.

	use Business::CreditCard;
	my $fake_number = '4567 8901 2345 678';
	print $fake_number . generate_last_digit($fake_number);

There is a one in ten chance that any number will pass LUHN-10 -- it
is designed to catch one-character typos all the time and sometimes catch
multi-character typos.

You can disable the force in catalog.cfg if you want with:

    FormIgnore   mv_credit_card_force

-- 
Red Hat, Inc., 3005 Nichols Rd., Hamilton, OH  45013
phone +1.513.523.7621      <mheins@redhat.com>

I am a great believer in luck, and I find that the harder I work
the more luck I have. -- Thomas Jefferson

References:
- RE: [ic] Credit card LUHN checking - why we don't want it
  - From: "Martin Dabb" <jmdabb@paradise.net.nz>
- Re: [ic] Credit card LUHN checking - why we don't want it
  - From: Mike Heins <mheins@redhat.com>
- Re: [ic] Credit card LUHN checking - why we don't want it
  - From: Steffen Dettmer <steffen@dett.de>

Prev by Date: Re: [ic] Submit [total-cost]
Next by Date: Re: [ic] Bad GlobalSub
Prev by thread: Re: [ic] Credit card LUHN checking - why we don't want it
Next by thread: [ic] adding label field to accessory select
Index(es):
- Date
- Thread