The Luhn test is used by most credit card companies to check the basic validity of a credit card number. It is not an anti-fraud measure but a quick check on data corruption. It still allows any digits that are odd or even to be switched in the sequence. Most credit cards are compatible with Luhn algorithm.
It is often applied to SSNs, company organization numbers, and OCR numbers for internet payments. The algorithm is simple.
- Take out the spaces from the string containing the credit card numbers
- Reverse the string containing the credit card numbers.
- Sum every digit whose order in the sequence is an odd number (1,3,5,7 …) to create a partial sum s1
- Multiply each even digit by two, and then sum the digits of the number if the answer is greater than nine. (e,g if digit is 8 then 8*2=16, then add the resulting digits: 1+6=7).
- Sum the partial sums of the even digits to form s2
if s1 + s2 ends in zero then the original number is in the form of a valid credit card number as verified by the Luhn test.
There are many ways of doing it in SQL. (and Rosetta Code is a good place to view solutions in various other languages). I believe that Peter Larsson holds the record for the fastest calculation of the Luhn test for a sixteen-digit credit card, with this code. As it stands, it isn’t a general solution, but it can be modified for different lengths of bank card.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
CREATE FUNCTION dbo.fnIs16digitValidCard ( @Card CHAR(16) ) RETURNS TINYINT AS BEGIN RETURN CASE WHEN @Card LIKE '%[^0-9]%' THEN 0 WHEN @Card IS NULL THEN 0 WHEN ( + 2 * CAST(SUBSTRING(@Card, 1, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 1, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 2, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 3, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 3, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 4, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 5, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 5, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 6, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 7, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 7, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 8, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 9, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 9, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 10, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 11, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 11, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 12, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 13, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 13, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 14, 1) AS TINYINT) + 2 * CAST(SUBSTRING(@Card, 15, 1) AS TINYINT) / 10 + 2 * CAST(SUBSTRING(@Card, 15, 1) AS TINYINT) % 10 + CAST(SUBSTRING(@Card, 16, 1) AS TINYINT) ) % 10 = 0 THEN 1 ELSE 0 END END |
Credit card numbers in general can have anywhere between eleven and twenty digits, depending on the provider. You can, of course, make Peter’s code more generic, though I suspect he’s come up with something even more blindingly fast.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
CREATE FUNCTION dbo.fnIsValidCard ( @TheCard VARCHAR(20) ) RETURNS TINYINT AS BEGIN RETURN (SELECT CASE WHEN Card LIKE '%[^0-9]%' THEN 0 WHEN Card IS NULL THEN 0 WHEN ( + 2 * cast(substring(Card, 1, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 1, 1) AS TINYINT) % 10 + cast(substring(Card, 2, 1) AS TINYINT) + 2 * cast(substring(Card, 3, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 3, 1) AS TINYINT) % 10 + cast(substring(Card, 4, 1) AS TINYINT) + 2 * cast(substring(Card, 5, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 5, 1) AS TINYINT) % 10 + cast(substring(Card, 6, 1) AS TINYINT) + 2 * cast(substring(Card, 7, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 7, 1) AS TINYINT) % 10 + cast(substring(Card, 8, 1) AS TINYINT) + 2 * cast(substring(Card, 9, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 9, 1) AS TINYINT) % 10 + cast(substring(Card, 10, 1) AS TINYINT) + 2 * cast(substring(Card, 11, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 11, 1) AS TINYINT) % 10 + cast(substring(Card, 12, 1) AS TINYINT) + 2 * cast(substring(Card, 13, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 13, 1) AS TINYINT) % 10 + cast(substring(Card, 14, 1) AS TINYINT) + 2 * cast(substring(Card, 15, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 15, 1) AS TINYINT) % 10 + cast(substring(Card, 16, 1) AS TINYINT) + 2 * cast(substring(Card, 17, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 17, 1) AS TINYINT) % 10 + cast(substring(Card, 18, 1) AS TINYINT) + 2 * cast(substring(Card, 19, 1) AS TINYINT) / 10 + 2 * cast(substring(Card, 19, 1) AS TINYINT) % 10 + cast(substring(Card, 20, 1) AS TINYINT) ) % 10 = 0 THEN 1 ELSE 0 END FROM ( VALUES ( convert(CHAR(20), CASE WHEN len(@TheCard)%2=1 THEN '0' ELSE '' END +@TheCard+'00000000' ) ) )f(card)) END |
This works because 0 digits do not affect the test, and you can merely assume that all strings are 20 characters long and zero-pad strings. If strings are odd in length (11,13,15 etc) then you can prepend a zero without affecting the checksum.
OK. So here is a pretty good solution that one can benchmark your own solution against. You would, of course, need to make sure that your solution actually can distinguish bogus from real cards. Here is a temporary table of various test cards and some bogus cards made by changing a few digits. Your solution must be able to correctly find the bogus cards. We can then check whether you have mistaken a bogus card for a good one and vice versa.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
IF EXISTS (SELECT 1 FROM tempdb.sys.tables WHERE name LIKE '#testdata%') DROP TABLE #testData CREATE TABLE #testData (Provider VARCHAR(30),Number VARCHAR(20)) INSERT INTO #TestData(Provider,Number) SELECT provider, number FROM (VALUES ('Airplus','122000000000003'), ('bogus','122002004005003'), ('American Express','34343434343434'), ('bogus','34343431343434'), ('American Express','378282246310005'), ('bogus','178282246310005'), ('American Express','371449635398431'), ('bogus','371494635398431'), ('American Express Corporate','378734493671000'), ('bogus','378734493671001'), ('Australian BankCard','5610591081018250'), ('bogus','561059108101825'), ('Dankort (PBS)','5019717010103742'), ('bogus','5019710710103742'), ('Diners Club','30569309025904'), ('bogus','36569309025904'), ('Diners Club','38520000023237'), ('bogus','38627080923237'), ('Diners Club','36700102000000'), ('bogus','36701002000001'), ('Diners Club','36148900647913'), ('bogus','36148910640913'), ('Discover card','6011000400000000'), ('Discover card','6011111111111117'), ('Discover card','6011000990139424'), ('bogus','6011000980139424'), ('JCB','3530111333300000'), ('JCB','3566002020360505'), ('JCB','3528000700000000'), ('Bogus','3528000000000000'), ('Laser','630495060000000000'), ('Laser','630490017740292441'), ('Maestro','6759649826438453'), ('Maestro','6799990100000000019'), ('Mastercard','5555555555554444'), ('Mastercard','5454545454545454'), ('MasterCard','5105105105105100'), ('Switch/Solo (Paymentech)','6331101999990016'), ('Visa','4111111111111111'), ('Visa','4012888888881881'), ('Visa','4222222222222'), ('Visa','4444333322221111'), ('Visa','4911830000000'), ('Visa','4917610000000000'), ('Visa Debit','4462030000000000'), ('Visa Debit','4917610000000000003'), ('Visa Electron (UK only)','4917300800000000'), ('Visa Purchasing','4484070000000000') )CreditCards(Provider,Number) GO DECLARE @Results TABLE (Provider VARCHAR(30),Number VARCHAR(20), conclusion CHAR(4)) INSERT INTO @results SELECT provider, number, CASE WHEN dbo.fnIsValidCard(number)=1 THEN 'good' ELSE 'bad' END FROM #testdata IF EXISTS (SELECT * FROM @results WHERE provider='bogus' AND conclusion='good') RAISERROR ('false positive result in test cases',16,1) IF EXISTS (SELECT * FROM @results WHERE provider<>'bogus' AND conclusion='bad') RAISERROR ('false negative result in test cases',16,1) go DECLARE @Results TABLE (Provider VARCHAR(30),Number VARCHAR(20), conclusion CHAR(4)) INSERT INTO @results SELECT Provider,number, CASE WHEN (sum(CASE WHEN seq%2=0 THEN /*it is odd-numbered (from the end!)*/ CASE WHEN digit > 4 THEN (digit * 2) -9 ELSE (digit * 2) END ELSE/*even-numbered */digit END)%10=0) THEN 'good' ELSE 'bad' END AS conclusion –into #result FROM ( SELECT provider, digits, seq, number, convert(INT,substring(number, digits+1-seq, 1)) AS digit, UniqueRow FROM –a number table (VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10), (11),(12),(13),(14),(15),(16),(17),(18),(19),(20) )NumberTable(seq) INNER JOIN (SELECT Provider, number, len(number), row_number() OVER (ORDER BY (SELECT 1)) FROM #TestData )processedNumber(provider,number,digits,UniqueRow) ON seq<=digits)g(provider, digits,seq, Number,Digit, UniqueRow) GROUP BY uniqueRow,Number,provider IF EXISTS (SELECT * FROM @results WHERE provider='bogus' AND conclusion='good') RAISERROR ('false positive result in test cases',16,1) IF EXISTS (SELECT * FROM @results WHERE provider<>'bogus' AND conclusion='bad') RAISERROR ('false negative result in test cases',16,1) |
So there you have it: a couple of SQL implementations of the algorithm. A spoiler alert is that they run at roughly the same speed but Peter’s version seems to have the edge in my timings. Can you think of a quicker, or more elegant, way of doing it?
Load comments