Friday, June 6, 2008

EnScript to do Credit Card LUHN test + a little more

I was working on writing a custom EnScript for a friend and decided to make a small little LUHN validation EnScript to test the validity of a credit card. I later used the code to incorporate into the custom EnScript, but decided to post this little utility in case someone else has a use or wants to look at it for code ideas.

A LUHN validation test is a mod 10 algorithm that can test the validity of a credit card number. It does not guarantee that the number is actually a working credit card number, it just satisfies one of the major requirements in order to qualify the number as a valid credit card number. The process is explained here at wikipedia and also here is a good graphic from http://www.thetaoofmakingmoney.com/2007/04/12/324.html that illustrates the process:



The problem with just doing the LUHN test is that you will get false positive hits such as a credit card number of "6666666666666664" that passes the LUHN test, but is actually not a valid card number. EnCase has a built-in function called isValidCreditCard(). Since that function is a built-in function, there is no way to see exactly what the function is checking for, but it seems to do just a simple LUHN test as described above, because it passes the number of "6666666666666664" as being valid.

There is general table of credit card vendors located here: http://en.wikipedia.org/wiki/Credit_card_number that explains that the first few digits of a credit card number correspond to the card type (i.e. Visa, Mastercard, etc.) So using this list, I wrote the EnScript to validate the number using the LUHN algorithm, then to check this chart to see if it is assigned to a known vendor.





If the credit card number passes the LUHN test and is assigned to a known vendor according to the table discussed above, the following screen will be displayed:



Written and tested in EnCase v6.10

Download here

4 comments:

Anonymous Monday, 09 June, 2008  

Great Script,

I was exporting the results and running it through a perl script that would parse out by brand with expiration date for Track 2. Modified versions of my script would just do PANS or Track 1.

Chris

H. Carvey Sunday, 15 June, 2008  

This is very useful stuff for a variety of analysis, but in particular the PCI forensic audits.

The caveat is that even if three tests are successful...length, BIN combinations, and Luhn formula...you still do not know if you have legit, issued credit card numbers without taking them to the brands.

H

Anonymous Monday, 16 June, 2008  

IsValidCreditCard() simply checks Luhn's algorithm. I've reviewed its correctness before... works well, but I don't think it accepts >16 digit numbers.

Good idea using the prefix codes for validation.

Anonymous Monday, 07 July, 2008  

I tried to read this post but have NO CLUE what it's about...LOL! I just stopped by to say, "Hi!"

Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles