views:

643

answers:

3

Hi

I have to take user credit card detail for payment through paypal. For first time user enter detail at that time payment is done through paypal pro. So for first time if card in not valid then payment will not done and payment done if card is valid.

Now my problem is that for first time user enter a valid card detail and payment done. now after payment done, if user modify the credit card detail at that time i need to check if card is valid for paypal or not.

So are there any API which only check the credit card detail and not process any payment?

I am running on php and mysql

Thanks

Avinash

A: 

Without knowing much about Paypal I would imagine that they have some kind of authorization API where you can do a $0.00 authorization to see if the card is valid.

Remember the PCI requirements when storing credit card details.

phidah
A: 

What details of the creditcard can be changed by the customer that have impact on the data that you have stored. If the customer changes something substantial like his embossing name, then the issuer gives the customer a new card. From your point of view, this should be a new card (even if the cardnumber did not change).

If you save some other details, then you're saving too much.

From my point of view (I'm working at an issuer), don't go the way of authorizations of $0.00. If you want to charge the customer, then do your authorization. Not Paypall, but the issuer will handle the autorization. And in the end, only the issuer knows if the card is valid or not.

robertnl
+1  A: 

With Paypal your options are very limited. If you're using Paypal Pro you can verify the card exists and is legitimate by doing an Authorization Only for $0.00. If you're using the other payment methods offered by Paypal you won't be able to do this.

Your other options then would be to verify the card at least contains valid information. You can verify the card number is legitimate by using the Luhn algorithm. All credit card numbers are issued in a pattern that can be verified using that algorithm. It can't confirm that the card is valid but it will eliminate fake credit card numbers from being entered. You should also verify that expiration date is not expired and that the CVV code is only three digits long for Visa, MasterCard, and Discover Card and four digits long for American Express.

If you need code for validating the card number against the Luhn algorithm let me know and I can append my answer to include it.

EDIT (added Luhn algorithm code in PHP):

function passes_luhn_check($cc_number) {
    $checksum  = 0;
    $j = 1;
    for ($i = strlen($cc_number) - 1; $i >= 0; $i--) {
        $calc = substr($cc_number, $i, 1) * $j;
        if ($calc > 9) {
            $checksum = $checksum + 1;
            $calc = $calc - 10;
        }
        $checksum += $calc;
        $j = ($j == 1) ? 2 : 1;
    }
    if ($checksum % 10 != 0) {
        return false;
    }
    return true;
}

Usage:

$valid_cc = passes_luhn_check('4427802641004797'); // returns true
$valid_cc = passes_luhn_check('4427802641004798'); // returns false
John Conde
yes sure please, it will be good for me to get it.
Avinash
The Luhn algoritm helps, but this check is well-known (including the dark side ... )
robertnl
@Avinash - I've added PHP code that checks a credit card number against the Luhn algorithm.@robertnl - The Luhn algorithm is a good way to make sure a bad card number has not been provided without having to pay your gateway and merchant account providers to validate a credit card. It's not a complete solution but the best you can do for free.
John Conde