Photo: Andres Rueda

You most likely use credit cards daily, but have you taken the time to consider how they work? Let’s examine one of the most obvious aspects of the credit card: the number. Credit card numbers are 14 to 16 digits long and link your purchase back to your account at the bank. But what do they mean?

The first digit is reserved for specifying what type of card it is. 3 = Travel and Entertainment card (34/37 = AMEX, 38 = Diner’s Club), 4 = Visa, 5 = MasterCard, and 6 = Discover. Each type handles the next 12 to 14 digits differently. They are used to identify the account number, bank number, whether it is a business or personal account, and/or the currency. Check out these sites for a more in depth coverage of how each credit card provider uses these digits.

One thing all credit cards have in common is a check digit at the end which is used to verify that it is a valid credit card. The check digit uses the Luhn algorithm, also known as the modulus 10 algorithm, to “check” the rest of the numbers. It’s goal is to not prevent counterfeit, but rather to protect against the accidental mistyping or mistransmission of the number.

The algorithm:

1. Double the value of every second digit moving from right to left.
2. Sum the value of every individual digit.
3. If the total ends in zero it is valid, any other number it is invalid.

Let’s take a simple example: 47142

1. 2×4 = 8, 2×7 = 14. Therefore we have 4(14)1(8)2
2. 4+1+4+1+8+2 = 20
3. 20 ends in zero so the number is valid.

As you can see this is not going to protect counterfeits – it is easy to calculate the check digit given the values for the rest of the digits. But it will quickly identify any single digit error such as hitting the 8 key instead of 7. It will also protect against most transposed values such as hitting 38 rather than 83. The one transposition it doesn’t work for is 09 / 90 — 0(18) = 9(0) which results in the same value. There are more complex algorithms which protect against against more typing errors (Verhoeff algorithm) and allow for a string of letters rather than numbers (Luhn mod N algorithm).

The Luhn algorithm is in the public domain so anyone can use it (click here for free code). A website such as PayPal can use this algorithm to validate the credit card number before even passing it on to the credit card provider for validation. If Visa is selected in the drop-down box: does it start with 4? Does it have 16 digits? Does it pass the Luhn algorithm? If so, it does not necessarily mean it is a valid credit card, but it should be passed on to the credit card issuer for final verification. Then Visa will check the account number, expiration date, security code, name on the account, balance, etc.

It is this initial validation that online credit card generators accomplish. Obviously it does not generate valid credit cards that are linked to actual accounts. However, some amateur websites do not validate with the credit card company until it is time to charge the card. For example, a membership website (yes, usually porn) may offer free trial membership for a month, but you have to enter your credit card information so they can automatically enroll you in the monthly membership fee the following month. Credit card number generators may be enough validation to place a “card” on file so that you don’t have to provide your actual information.