开发者

how to check if the credit card is valid or not for paypal

I have to take the user credit card details for payment through paypal. The first time the user enters the card's details the payment is done through paypal pro. If the card is not valid, the payment will not be done. The payment will be done only if the card is valid.

The first time the user enters a valid card de开发者_如何学Ctails and the payment is done, if such user modifies the credit card details at that time i need to check again if the card is valid for paypal or not.

So are there any APIs which only check the credit card details and not process any payment?

I am running php and mysql.

Thanks.

Avinash


With Paypal your options are very limited. If you're using Paypal Pro you can verify the card exists and is legitimate by doing an Authorization Only for $0.00. If you're using the other payment methods offered by Paypal you won't be able to do this.

Your other options then would be to verify the card at least contains valid information. You can verify the card number is legitimate by using the Luhn algorithm. All credit card numbers are issued in a pattern that can be verified using that algorithm. It can't confirm that the card is valid but it will eliminate fake credit card numbers from being entered. You should also verify that expiration date is not expired and that the CVV code is only three digits long for Visa, MasterCard, and Discover Card and four digits long for American Express.

If you need code for validating the card number against the Luhn algorithm let me know and I can append my answer to include it.

EDIT (added Luhn algorithm code in PHP):

function passes_luhn_check($cc_number) {
    $checksum  = 0;
    $j = 1;
    for ($i = strlen($cc_number) - 1; $i >= 0; $i--) {
        $calc = substr($cc_number, $i, 1) * $j;
        if ($calc > 9) {
            $checksum = $checksum + 1;
            $calc = $calc - 10;
        }
        $checksum += $calc;
        $j = ($j == 1) ? 2 : 1;
    }
    if ($checksum % 10 != 0) {
        return false;
    }
    return true;
}

Usage:

$valid_cc = passes_luhn_check('4427802641004797'); // returns true
$valid_cc = passes_luhn_check('4427802641004798'); // returns false


Without knowing much about Paypal I would imagine that they have some kind of authorization API where you can do a $0.00 authorization to see if the card is valid.

Remember the PCI requirements when storing credit card details.


What details of the creditcard can be changed by the customer that have impact on the data that you have stored. If the customer changes something substantial like his embossing name, then the issuer gives the customer a new card. From your point of view, this should be a new card (even if the cardnumber did not change).

If you save some other details, then you're saving too much.

From my point of view (I'm working at an issuer), don't go the way of authorizations of $0.00. If you want to charge the customer, then do your authorization. Not Paypall, but the issuer will handle the autorization. And in the end, only the issuer knows if the card is valid or not.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜