Main menu
WalkswithMePHP SecurityCredit Card Validation and Encryption using php

Credit Card Validation and Encryption using php

These days online security is very important and facing many hack attempt to the huge applications that keeps users private data, credit card validation and encryption / decryption are easily  check a credit card number is valid or not and helps to encrypt and decrypt the numbers safely to store on the DB.

Now many online stores keeping users private data such as credit card numbers for better user experiences like shopping same user without filling all the details again. Yes it has advantage to the user they can shop within few clicks once they setup the account information. So here is the security concern comes How these websites store users credit card numbers ? are they directly saving to DB or they encrypt ? what kind of encryption is good for credit card numbers etc are the main question comes on this topic.

Here I just explain a good credit card validation and encryption / decryption mechanism that can be used for PHP. first of all we can check credit card validation , these are not just numbers they have some proper algorithm to  create these credit card numbers for more readings of credit card numbers algorithm concept . Here we can check the credit card is valid or not using PHP .


function is_valid_card($number) {
// Strip any non-digits (useful for credit card numbers with spaces and hyphens)
$number=preg_replace('/\D/', '', $number);
// Set the string length and parity
$number_length=strlen($number);
$parity=$number_length % 2;
// Loop through each digit and do the maths
$total=0;
for ($i=0; $i<$number_length; $i++) {
$digit=$number[$i];
// Multiply alternate digits by two
if ($i % 2 == $parity) {
$digit*=2;
// If the sum is two digits, add them together (in effect)
if ($digit > 9) {
$digit-=9;
}
}
// Total up the digits
$total+=$digit;
}
// If the total mod 10 equals 0, the number is valid
return ($total % 10 == 0) ? TRUE : FALSE;
}

This function simply validate the Luhn Alogorithm and make sure the card numbers are proper in format. If you are planning to accept credit card numbers on your online store its better to just check the card numbers before submitting to the payment gateways.

Another important thing is credit card encryption and decryption on the websites those collect users private data they should have some security levels like SSL , encryption etc in any way keeping the credit card numbers directly as plain numbers on DB is not at all a good method, basically a privileged person can see those in this case, So for standards and security no one keeps the credit card numbers as a plain text of the DB. Here I will just explain a credit card number encryption / decryption with simple key script concept. I’m using “mcrypt_encrypt” for encrypting the card numbers.


function cc_encrypt($str)
{
# Add PKCS7 padding.
$EncKey = "25c6c7dd"; //For security
$block = mcrypt_get_block_size('des', 'ecb');
if (($pad = $block - (strlen($str) % $block)) < $block) {
$str .= str_repeat(chr($pad), $pad);
}
return base64_encode(mcrypt_encrypt(MCRYPT_DES, $EncKey, $str, MCRYPT_MODE_ECB));
}

For decryption of credit card numbers code will look like


function cc_decrypt($str)
{
$EncKey = "25c6c7dd";
$str = mcrypt_decrypt(MCRYPT_DES, $EncKey, base64_decode($str), MCRYPT_MODE_ECB);
# Strip padding out.
$block = mcrypt_get_block_size('des', 'ecb');
$pad = ord($str[($len = strlen($str)) - 1]);
if ($pad && $pad < $block && preg_match(
'/' . chr($pad) . '{' . $pad . '}$/', $str
)
) {
return substr($str, 0, strlen($str) - $pad);
}
return $str;
}

The usage is simple like,


$card_number = "378282246310005";
$encrypted_number = cc_encrypt($card_number);
$decrypted_number = cc_decrypt($encrypted_number);

The encryption and decryption using one key its you can change any time , Only the thing is which key is used for encrypting a card number the same key needs to use for decrypting too . Its gives more security for private data.

Hope all you enjoyed the article, Feel  free to write suggestion or open discussion below.

4 thoughts on “Credit Card Validation and Encryption using php

  1. Nice script.. I am getting error when use long security key, what would be max length for encryption security key?

Leave a Reply

Your email address will not be published. Required fields are marked *

 

FacebookTwitterGoogle+RSS