Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Credit Card Error! The first four digits of the number entered are:


shanehamelin

Recommended Posts

Hey Everyone, I was sitting here wondering why I have not recieved any new orders since I put up my new store..

Well, Customers are getting this ERROR: Credit Card Error! The first four digits of the number entered are:

 

Here is my Code.. The only credit cards we take are Visa, MasterCard and AMEX

I dont need pre-authorization.. I just Manually Put the order in my CC machine here in

store, then ship..

 

Can someone look at this for me?

 

<?php
/*
 $Id: cc_validation.php 1739 2007-12-20 00:52:16Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 class cc_validation {
var $cc_type, $cc_number, $cc_expiry_month, $cc_expiry_year;

function validate($number, $expiry_m, $expiry_y) {
  $this->cc_number = ereg_replace('[^0-9]', '', $number);

  if (ereg('^4[0-9]{12}([0-9]{3})?$', $this->cc_number)) {
	$this->cc_type = 'Visa';
  } elseif (ereg('^5[1-5][0-9]{14}$', $this->cc_number)) {
	$this->cc_type = 'Master Card';
  } elseif (ereg('^3[47][0-9]{13}$', $this->cc_number)) {
	$this->cc_type = 'American Express';
  } elseif (ereg('^3(0[0-5]|[68][0-9])[0-9]{11}$', $this->cc_number)) {
	$this->cc_type = 'Diners Club';
  } elseif (ereg('^6011[0-9]{12}$', $this->cc_number)) {
	$this->cc_type = 'Discover';
  } elseif (ereg('^(3[0-9]{4}|2131|1800)[0-9]{11}$', $this->cc_number)) {
	$this->cc_type = 'JCB';
  } elseif (ereg('^5610[0-9]{12}$', $this->cc_number)) { 
	$this->cc_type = 'Australian BankCard';
  } else {
	return -1;
  }

  if (is_numeric($expiry_m) && ($expiry_m > 0) && ($expiry_m < 13)) {
	$this->cc_expiry_month = $expiry_m;
  } else {
	return -2;
  }

  $current_year = date('Y');
  $expiry_y = substr($current_year, 0, 2) . $expiry_y;
  if (is_numeric($expiry_y) && ($expiry_y >= $current_year) && ($expiry_y <= ($current_year + 10))) {
	$this->cc_expiry_year = $expiry_y;
  } else {
	return -3;
  }

  if ($expiry_y == $current_year) {
	if ($expiry_m < date('n')) {
	  return -4;
	}
  }

  return $this->is_valid();
}

function is_valid() {
  $cardNumber = strrev($this->cc_number);
  $numSum = 0;

  for ($i=0; $i<strlen($cardNumber); $i++) {
	$currentNum = substr($cardNumber, $i, 1);

// Double every second digit
	if ($i % 2 == 1) {
	  $currentNum *= 2;
	}

// Add digits of 2-digit numbers together
	if ($currentNum > 9) {
	  $firstNum = $currentNum % 10;
	  $secondNum = ($currentNum - $firstNum) / 10;
	  $currentNum = $firstNum + $secondNum;
	}

	$numSum += $currentNum;
  }

// If the total has no remainder it's OK
  return ($numSum % 10 == 0);
}
 }
?>

Link to comment
Share on other sites

Hi Shane,

 

Sorry you are having troubles with your credit card payments. I'm afraid I don't know enough code to be of much help. The reason I posted is that, in my own case, I initially thought I would do the same as you - that is, use the online ordering system to receive the customer info including cc#, and then process the transactions offline - but then learned that in doing so I would be in violation with my agreements with VISA and Mastercard, in that I would be using non PCI-compliant procedures.

 

You may be incurring hefty risks and putting the security of your customers' info in jeopardy. Just a heads-up in case you haven't explored these issues.

 

In any case, I've bumped your post to the top again now, so maybe someone else can answer the technical end!

 

~Wendy

Link to comment
Share on other sites

Hi Shane,

 

Sorry you are having troubles with your credit card payments. I'm afraid I don't know enough code to be of much help. The reason I posted is that, in my own case, I initially thought I would do the same as you - that is, use the online ordering system to receive the customer info including cc#, and then process the transactions offline - but then learned that in doing so I would be in violation with my agreements with VISA and Mastercard, in that I would be using non PCI-compliant procedures.

 

You may be incurring hefty risks and putting the security of your customers' info in jeopardy. Just a heads-up in case you haven't explored these issues.

 

In any case, I've bumped your post to the top again now, so maybe someone else can answer the technical end!

 

~Wendy

 

 

Im not going to take a double processing fee to do it any other way.. We have always do it that way.. Process credit

in store , not online but ever since we did a new look, cant seem to get it back that way..

Link to comment
Share on other sites

Hi Shane,

 

Our credit card processor (Moneris) offered us an eCommerce package for close to the same rate as our off-line processing was.

 

To stay within the guidelines and take credit card info over the internet, Moneris required that we become "PCI-Compliant". To fulfill the PCI-compliance requirements, we had to get SSL for our site, and get a "PCI-compliance Certificate". This cost a little money, but now we know that our customers' data is as secure as it can be, which protects us as well as them.

 

I made a posting about the process of getting PCI-compliance Certificate, here.

 

The credit card industry is primarily concerned about the storage of credit card info on unsecure servers. When a customer places an order through your site, SSL (if you have it) will protect their data in transit, but not once it is sitting on your (or your host's) web server. This is where the PCI rules come into play.

 

Luckily, when I went through this process, it was found that my hosting service (BellHosting.ca) had my site on a server that met the security rules (the PCI-compliance folks do a remote scan to check).

 

Anyway, if you become interested in PCI-compliance, I hope my link is helpful.

 

~Wendy

Link to comment
Share on other sites

Hi Shane,

 

Our credit card processor (Moneris) offered us an eCommerce package for close to the same rate as our off-line processing was.

 

To stay within the guidelines and take credit card info over the internet, Moneris required that we become "PCI-Compliant". To fulfill the PCI-compliance requirements, we had to get SSL for our site, and get a "PCI-compliance Certificate". This cost a little money, but now we know that our customers' data is as secure as it can be, which protects us as well as them.

 

I made a posting about the process of getting PCI-compliance Certificate, here.

 

The credit card industry is primarily concerned about the storage of credit card info on unsecure servers. When a customer places an order through your site, SSL (if you have it) will protect their data in transit, but not once it is sitting on your (or your host's) web server. This is where the PCI rules come into play.

 

Luckily, when I went through this process, it was found that my hosting service (BellHosting.ca) had my site on a server that met the security rules (the PCI-compliance folks do a remote scan to check).

 

Anyway, if you become interested in PCI-compliance, I hope my link is helpful.

 

~Wendy

 

Thanks Wendy,

We are on an SSL server and the store is https:// and secure... Im just confussed why before we did the make over, same OS Version we would just get an email for the order with credit card

info.. No we get this darn error

 

Shane

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...