search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Wednesday, August 4, 2010

Your credit cards cannot be found by your last 4... and how I learned to generate valid credit card numbers

 So I thought to myself the other day that if there is a checksum on credit cards and we know the type of card and the last 4 that are left on a receipt can we find a small number of valid cards and figure out YOUR number? Now im not a crypto math guy so I knew people must have already handled this... I was right and a cool optimized a luhn function so I could check a million numbers in about 3 sec.

Ok so lets first talk about where all those numbers come from what we can assume about them and why it doesn't mean a damn thing, heres a valid cc number I generated at random and what we know from it

4

0

3

7

1

8

1

9

2

2

7

9

0

4

2

0



Check Digit

Bank Id

On receipt

Unknown

I learned the first 6 digits are a bank id and after digging around awhile i made this fusion table public to hold the data. Its way cool cuz now we can lookup what type of card it is and where it came from... i dont know why we ever ask debit or credit. so then i learned how the checksum works and got this optimized version of the luhn checksum algorythm or mod 10 as its sometimes called because after you do this little trick you look to see if the number is evenly divisible by 10.
because of the way this works it turns out that for a million number there are about 100k valid numbers in that bunchso wrapping this up i found that there are tons of numbers and its trivial to make valid ones, and they only work if you have the expiration date so i deem the numbers are safe for now...
ill release some code on how you can use the fusion table to lookup cards bank and origin later

oh and heres 100k valid cc numbers :)

0 remarks:

Post a Comment

Link to this post if you found it usefull

Your credit cards cannot be found by your last 4... and how I learned to generate valid credit card numbers