credit card validation
Moderator: General Moderators
credit card validation
Hi everyone,
have written a script where i recieve credit card details from the customer.
the input info is in 4 fields cc1 cc2 cc3 cc4. the two middle numbers are emailed to me & rest is stored in a db. all ssl
I now need to find a validation for the cc number .. is there a way i can combine the numbers into a single number so i can use one of the many validation scripts availble?
any help would be appreciated . thanks
have written a script where i recieve credit card details from the customer.
the input info is in 4 fields cc1 cc2 cc3 cc4. the two middle numbers are emailed to me & rest is stored in a db. all ssl
I now need to find a validation for the cc number .. is there a way i can combine the numbers into a single number so i can use one of the many validation scripts availble?
any help would be appreciated . thanks
the thing is that this credit card number will not be charged .. it is just to secure a booking (for an accommodation place) .. payment will be made face to face upon arrival .. so i don't actually need a service to "process" the cards ..
does this still fall into the same category?
thanks for your time..
does this still fall into the same category?
thanks for your time..
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
the credit card number is often used as a "unique identifier" in a lot of smaller booking businesses and things. What I would do is generate a somewhat short, globally unique (to your site at least), and email that ID to the user as their confirmation number. Require them to supply full name information when booking of one person in the party that will be using the reservation. Request that the person bring a photo identification (they have to anyways to use a credit card.) Verify the name against that supplied. It's best to get a phone number (or three) too during reservation so you can call the person who made the reservation if the person who shows up isn't that person, or whatever.
thanks for your input guys ... much appreciated
i'll explain what i've currently done
the customer goes to a booking form and requests accomodation for
arrival
departure
# people
requested room
their contact details name email phone address etc
a reservation (unique id)is assigned
then submit their cc info
cctype
number (in 4 separate fields)
expiry
All this is in an SSL environment & is done to just to secure their booking .. Because in the case of a "no-show" they will be charged a nominal fee.
the accomodation place then recieves an email with all booking details & 2 fields of the cc card. They log into the secure server to retrieve the other 2 cc fields in the database which when put together (in an order they only know) will give the full ccnumber.
So in effect the full ccnumber is never stored in the db.
Hope this sounds clearer
i'll explain what i've currently done
the customer goes to a booking form and requests accomodation for
arrival
departure
# people
requested room
their contact details name email phone address etc
a reservation (unique id)is assigned
then submit their cc info
cctype
number (in 4 separate fields)
expiry
All this is in an SSL environment & is done to just to secure their booking .. Because in the case of a "no-show" they will be charged a nominal fee.
the accomodation place then recieves an email with all booking details & 2 fields of the cc card. They log into the secure server to retrieve the other 2 cc fields in the database which when put together (in an order they only know) will give the full ccnumber.
So in effect the full ccnumber is never stored in the db.
Hope this sounds clearer
Sounds rather complicated to me.
Does the hotel actually require the cc number when you call them to get a room?
The only reason I see is that the hotel wants to charge a fee if the customer does not arrive.
Problem on hand is the cc card policy and you might get better advice of what is allowed and what not when you call each of the accepted cc card companies and ask them.
If you store the numbers annonymously meaning just confirmation number, cc card number and expiration date might actually be allowed.
The hotel could get it with the confirmation number but for a hacker it would be a problem as the name is missing in the database. However as the email part is the least secure you might still look at a security nightmare.
Does the hotel actually require the cc number when you call them to get a room?
The only reason I see is that the hotel wants to charge a fee if the customer does not arrive.
Problem on hand is the cc card policy and you might get better advice of what is allowed and what not when you call each of the accepted cc card companies and ask them.
If you store the numbers annonymously meaning just confirmation number, cc card number and expiration date might actually be allowed.
The hotel could get it with the confirmation number but for a hacker it would be a problem as the name is missing in the database. However as the email part is the least secure you might still look at a security nightmare.
The other option is to store with each accomidiation the 'nominal' fee for the no show and charge the client that basic amount through a c.c. processor, then if the client is a now show then the accomidation has their nominal fee and when the client shows up the hotel has to just charge the differnce between the two.
Of course you should generate a reciept and urge the client to print it out and take it with them to the hotel with their unique booking id, the fee's paid so far and what the balance is.
I set up a similar system before and every one seemed to be reasonable happy.
Of course you should generate a reciept and urge the client to print it out and take it with them to the hotel with their unique booking id, the fee's paid so far and what the balance is.
I set up a similar system before and every one seemed to be reasonable happy.