CreditCard validation
- Posted by thomasw at 00:24:55 // //
- Validate
And once again I have a new component for your convinience.
Zend_Validate_CreditCard is a component which can validate creditcards. When you are an expert ZF user then you may probably note that there was already a Zend_Validate_Ccnum validator. But it had severe security problems.
Example:
Ccnum validator did not accept several CreditCard numbers even they were correct. On the other side several numbers were accepted even if they were incorrect.
The reason for this problems were that Ccnum validated only if the given number was valid according to Luhn, but not if they are creditcard numbers.
Now when you need to validate creditcards let’s take a deeper look into this validator and what it can archive.
First let’s define which credit card institute you want to accept:
$valid = new Zend_Validate_CreditCard(Zend_Validate_CreditCard::VISA);
Giving no institute will accept all available institutes, and giving an array will accept everyone of the given institutes.
$valid = new Zend_Validate_CreditCard( array( Zend_Validate_CreditCard::VISA, Zend_Validate_CreditCard::AMERICAN_EXPRESS ) );
When you now have to validate a creditcard number the following checks will be made:
* First the length of the number will be checked… every institute uses different lengths for it’s numbers
* Then the prefix will be checked… every institute uses a worldwide unique prefix for it’s cards
* Then the number itself will be validated by calculating a checksum
This way you can easily be sure that you get only creditcards from those institutes you accept.
Looks quite good until now but still there are some things which can obvisiously not be checked by a offline validation. For example is there no way to validate if a creditcard has been marked as stolen, or if the creditcard is out of lifetime. Of course there is a date on the card itself, but there is no way to validate it offline, except of the date itself which is not really secure, but only a check for dumbs.
Still there are ways to get also these things validated. Almost all creditcard institutes provide online services which will do the above mentioned checks. But these services are not free and therefor not be added to this validator. But Zend_Validate_CreditCard can be coupled with external functions. So you could access such an API yourself and couple your method with Zend_Validate_CreditCard.
class MyClass
{
public function MyCheck($creditcard)
{
// Do some online checks with the institutes API
return true | false;
}
}
$valid = new Zend_Validate_CreditCard(Zend_Validate_CreditCard::VISA);
$valid->setService(array('MyClass', 'MyCheck'));
This way you could also attach your own validation methods. For example when you have a database with known numbers you would not accept, then you could add a method which does this check additionally to the existing validations.
Note that for performance reasons the connected service will only be called when all other offline validations are ok and valid. This prevents the call for numbers which are obisiously broken.
Have fun with this new component and of course with Zend Framework.
Greetings
Thomas Weidner
I18N Team Leader, Zend Framework
Zend Framework Advisory Board Member
Zend Certified Engineer for Zend Framework