How do credit card checksums work

Once I got home, I was able to confirm that is, indeed, how most Bank of America debit card numbers begin. Indeed, you really should just hang up when you get such calls. I wanted to see how this scam proceeded.

At this point I was told a few more details explaining that my card beginning with needed to be revalidated because of a internal security failure and that I should press 1 to continue. I pressed 1 again. I was then asked to enter my Bank of America debit card number. Unfortunately, I was not able to construct a number off of the top of my head that would pass their validation check.

While I knew it should begin with thanks to the robocall , I did not know at the time that the next two digits should be between 64, 65, or 66 for Bank of America.

I did know that the last digit of the sixteen digit number should be calculable from the preceding 15 digits by the Luhn checksum algorithm.

But it is a safe bet that those would have been requested at some point. Those of course, would have been easier to fabricate as they have no quick validation system. The Luhn checksum is not some super secret security feature, it was a simple system designed to identify errors when exchanging credit card numbers in common use. At best, it can play a minor role in basic security checks to weed out those who just try random numbers.

The system is designed to catch common errors. Thanks to your feedback and relevant comments, dCode has developed the best 'Luhn Number Checksum' tool, so feel free to write! Thank you! Luhn 's algorithm calculates, from a number or a sequence of digits , a check key called checksum , this key is a digit which is dependent on the others. If a character is misread or badly written, then Luhn 's algorithm will detect this error.

Example: is a valid card number, is the initial number and 4 is the checksum. Example: If a user enter 2 and 3 are switched , then the program calculates the luhn checksum for and finds 5 instead of 4 expected, the number is invalid and so the code has been badly typed. The Luhn algorithm starts by the end of the number, from the last right digit to the first left digit. Multiplying by 2 all digits of even rank. If the double of a digit is equal or superior to 10, replace it by the sum of its digits.

So is valid according to Luhn. Generated by the banks, Visa and MasterCard have their own algorithm based on private key using the personal account number, the expiry date of the card and the service code, this information is then compared by those calculated by the bank. There are even banks that offer to change these numbers at will. A secondary purpose of the check digit is to thwart clumsy attempts to create phony credit card numbers.

A counterfeiter familiar with the Luhn algorithm, however, could get past this particular hurdle. Verifying a digit card number starts by taking the first 15 digits, which are the institution code and the individual account identifier. For example, in the card number , those digits would be:. When this number is added to the check digit, then the result must be an even multiple of In this case:. The number is therefore valid. If the algorithm doesn't produce a multiple of 10, then the card number cannot be valid.

Personal Finance Credit Cards. What Is the Checksum on a Credit Card? By Cam Merritt.