johnl (12/22/82)
#N:ima:3100001:000:2423 ima!johnl Dec 21 16:08:00 1982 I got some interesting answers, but little hard data. In summary: === From cca!dee (Donald Eastlake) === I think the most usual thing is to multiply successive digits by successive integers and form the sum. The sum can then be divided by nine to get one digit (for ISBN numbers they divide by eleven and thus have 0-1-...-9-X as check digits). Thus the check digit for 37401 would be (3*1+7*2+4*3+0*4+1*5)/9 or 3. There are obviously a zillion minor variations on this. === From Dave Levenson, BTL Holmdel === There are several check digit validation (cdv) algorithms currently in use by the credit card industry. Some cards (notably MasterCard [nee Master Charge]) use different cdv algorithms depending upon which local bank issues a card. A typical cdv algorithm is: Multiply successive digits of the main account number (starting with the msd) by successive odd numbers decreasing from eleven (11, 9, 7, 5 etc). If you reach 1, start over at 11. Cross-add the products, and divide by 11. The remainder (use 0 if its 10) becomes the "check" digit. This digit may be appended to the right end of the number, or may be embedded. This is known as the "mod eleven" algorithm within the retailing industry. The mod nine and mod seven are also common. There also may be certain fields within the account number which are excluded from the cdv algorithm - typically the first four digits which identify the issuing company and geographic region, and/or the last three which identify one card-holder within a family or company card billing group. ====== Finally, one person who asked to remain anonymous told me that he had been visited by various sorts of policemen after discussing the details of such an algorithm at a meeting, and discouraged me from sending such info out to the net if I got it (which I didn't.) Clearly, it's illegal to steal a trade secret (the algorithm for card X) from someone who's authorized to know, but it's less clear what the rules are if you figure it out completely independently. If we really wanted to figure out the algorithms, we could post a list of possible specific algorithms and numbers, and people could try them on their various cards and report back on which algorithms worked on which cards, and we could look for a consensus. But I don't care that much, so forget it. John Levine, decvax!yale-co!jrl, ucbvax!cbosgd!ima!johnl, Levine@YALE (arpa).