Credit Card Number Validation Using Mod10 (Modulus 10)

When someone submits a credit card number to your PHP Website, you can validate if the number has the correct format for each credit card company. The Modulus 10 calculation with a few checks can tell you which company issued the card, if the number is in the correct format, but not if there are funds on the card or if it is stolen. Reversing the mod10 calculations can create valid credit card numbers that can pass the mod10 checks, but without funds, they could only fool systems that approve cards by format and value without a back-end check at the bank.

Let’s say the user has submitted the number 378282246310005 without any additional information. If PHP checks the card number and finds it is 16 digits long and the first two numbers lie between 51 and 55, it is a Mastercard. If PHP checks the card number and finds it is 13 or 16 digits long and the first digit is 4, it is a VISA. If the number submitted is 15 digits in length and the first two numbers are 34 or 37, PHP will see the card number as being America Express (AMEX). If PHP sees the submitted credit card number starting with 300 to 305, 36, or 38, and must has a 14 digit length, it will be a Diners Club Card. Discover Cards have a 16 digit length and a starting value of 6011. Finally, PHP recognizes JCB Cards starting with 3, 1800, or 2131 and having a length of 15 or 16 digits.

Now that we have established a selection of credit card issuers,or rejected the number as none of the above, we can start the PHP mod10 validation check. There are simple steps to follow, starting by using PHP to reverse the order of the submitted numbers. The card number 378282246310005 becomes 500013642282873. Ue PHP to pluck every second digit from the reversed card number, so we hand  0 0 3 4 2 2 7 to PHP, which needs to double each digit and result in 0 0 6 8 4 4 14. If any resulting value is double-digit, add the two together to form a single digit value: 0 0 6 8 4 4 5.

Sum the modified values, plus the unmodified values (0 + 0 + 6 + 8 + 4 + 4 + 5) + (5 + 0 + 1 + 6 + 2 + 8 + 8 + 3) = 60. This final value is the root of the actual mod10 calculation. The modulus calculation of a number is simply dividing the number by some other number to see if there is a remainder value or 0. The modulus 10 of 10, 20, 30… 100 etc is 0, which would be a valid mod10 calculation. Anything not evenly divisible by 10 would fail the mod10 calculation, since there would more more than 0 left over from the division.

Since 60 is divisible by 10 evenly, resulting in 0 remainder the card number supplied is a valid AMEX Card number. Once PHP determines the validity of the submitted number, your PHP Program may contact the third party handler to verify if the account is valid, if funds exist, if a transaction is allowed, and request for a transfer of funds to your account, etc. Mod10 calculations don’t mean that funds will definitely arrive. PHP uses the mod10 calculation only to pre-screen numbers so you don’t waste time connecting to third party web applications, which might charge you even without a transaction. Some third party systems are a pain to use and overpriced, such as or Wells Fargo’s card handling systems. To save money, have better transaction protection, and to increase card processing reliability, use instead.

So, a mod11, mod12, mod13 etc would be the same end calculation to see if the key number were divisible by 11, 12, 13 or whatever the mod calculation is. There may be other prep calculations such as we performed above before the mod calculation is applied, depending on the purpose of the final mod calculation. Obviously there is no mod1 or mod0 calculation for mathematical reasons, unless you were a statistics nut. But let’s stop here instead of discussing matrices and void or null space calculations!

Leave a Reply