Domain: beachnet.com
Stories and comments across the archive that link to beachnet.com.
Comments · 13
-
Re:Hope it's not used by a professional...
(oops, transposed two CC digits!)
That's what checksums are for....
-
Re:No longer true
I know you're joking, but that's a checksum digit: http://www.beachnet.com/~hstiles/cardtype.html
You can easily get that from reverse engineering.
-
Re:Fast javascript
Actually, I do run some client-side validation, backed up by server-side validation afterwards. For a shopping cart, it can be useful to validate that a CC number wasn't entered incorrectly (CC Check Digit) or isn't expired. I tried doing this server-side only, but too many people would miss the error message on the screen, and just move on to whatever else they wanted to do. The javascript pop-up that appears when they enter an invalid CC number gets their attention, and they re-enter the card number. This little feature saves merchant transaction charges for an incorrect card number, as well as time calling the customer to get the correct card number.
-
Re:Fraudster?
Jumped the gun a little, here is the site
http://www.beachnet.com/~hstiles/cardtype.html -
Re:SSN RegEx of the AOL data
Why would CC numbers pull up extra garbage? The initial pass of #### #### #### #### might, but CCs are constructed so that you can do initial validation just on the number. Check this page for details.
-
Re:YOU NEED MY CREDIT CARD???
A made-up credit card number might get you into the free service unless they verify each one with the credit card company (which I think costs them money, although not sure, so they might not do it for the free account, but might wait until you are tricked into upgrading via the fine print on some T&C-like page you ACCEPT). On the other hand they may have a local validity check using the LUHN formula - see http://www.beachnet.com/~hstiles/cardtype.html - so you could invent a number to pass that check. I don't think this is fraud since you aren't buying anything with the made-up card, and it could never be charged to anyone anyway even if it matched a real one because the name won't match, but hey IANAL.
-
Re:Yeah right
most places that use credit card numbers for "Verification" and dont charge you anything, will assume the number is real if it "could be" valid
This site details the verification procedure for most credit cards http://www.beachnet.com/~hstiles/cardtype.html You can download programs that make valid looking credit card numbers, of course, you cant buy things using them but they will pass verification... -
Re:Retribution
Hah. Good idea.
I hope you're giving the phishing sites numerically valid credit card numbers- essentially there's a checksum hidden in a card number. Phishers can screen out completely randomly generated card numbers because their checksum doesn't match.
Here's a link to the algorithm*
http://www.beachnet.com/~hstiles/cardtype.html
Enjoy.
*No, reverse-engineering the algorithm won't generate a valid card, but it'll generate a "not obviously invalid" card. -
easy to detect cc numbers
Easy.
1. Dont do autocomplete (or make this a default off option) on ssl forms.
2. Credit card #'s are 16 digits with known prefixes. Detecting them isnt a difficult problem. Same with social security numbers. -
Re:Real problem targeting spamSure, there will be spam that also has you send you money to China/Afganistan etc, but that will make the spam much less profitable, as most people won't do so. Lastly, most people will use credit cards, and I assume that most SPAM scams are frauds too, so the chargebacks will be hell for the spam beneficiary.
Chargebacks will be especially nice when spam fighters start submitting hundreds of bogus orders, with made up CC numbers. Perfectly safe if you use an open proxy, and pretty effective too (as long as the check digit matches, but it is easy to produce matching numbers...): for verification beyond check digit, the spammer has to pass card number, expiration date and billing/shipping address to his card processing firm before he can know the thing is bogus, but for each card check that turns out negative, it gives the spammer a black mark. Eventually, he'll be kicked...
-
Better Page
Here is a better page that includes starting digits for the different cards, and includes the checking algo used to verify cards.
-
CC# are not very random at all
Credit card numbers are not as random as you might think. A good overview can be found at this site.
-
Here is the correct algorithm for CC validation:
Here is a great site that has the algorithm and info necessary to validate any type of credit card. This is VERY useful info! http://www.beachnet.com/~hstiles/cardtype.html