Credit Card Basics

[LeJerque]

Greetings! I'm a Zen Cart first-timer as of about a month ago--I've managed to get relatively far with it, but now I need some help. My apologies if this is answered in another thread; I scoured the FAQ and wiki and this board and couldn't find what I was after. I appreciate the help (and pity) I will hopefully receive.

In preparation for going live with my online store, I've been putting Zen Cart through its paces, placing fake orders, testing out the different shipping selections, coupons, etc. My concern is that when I go to use the basic Credit Card module (not authorize.net, just vanilla CC info; I plan to enter them manually into a physical terminal), I want to test the number-splitting feature (and other things), so I try putting in fake numbers just to see if they transmit. Even though I have not yet connected my store to any gateways or authorization services, Zen Cart refuses to accept any of the numbers I try, rejecting them as invalid. While I'm very glad to know the software has a way to tell a number is fake, do I need to be concerned? I actually used a real number at one point to see if it was just rejecting them all out of hand, and it accepted that one. Has that data now been transmitted to a third party?

Further, is there a way to use other numbers for testing, or am I simply restricted to the 4111 number? What is Zen Cart communicating with in order to determine the numbers' validity?

Please forgive my clear and apparent ignorance on this issue. Thank you for your time (and your excellent product)!

[DrByte]

When using the vanilla CC module, Zen Cart does not send your credit card number to anyone for validation. It uses built-in logic to evaluate the card's validity. If you google for MOD10 or Luhn algorithm, you'll see the formula/concept used to check a credit card number for validity.

Zen Cart uses this MOD10 approach combined with the list of accepted cards you have configured in Admin->Configuration->Credit Cards. If the number fails validation or is a card-type that is not accepted based on your settings, it will be rejected with the error message you mentioned.

So, testing with your own personal number is a good approach. Here's an acid test: If you're not comfortable using your own CC number on your own website, why would you expect customers to do that either ? Your fear that it was transmitted to someone else is valid. That's also the reason why the card digits are split up before being emailed, and are not stored in your store in their entirety.

There are other test numbers you can use (after removing dashes), such as:
Visa#: 4111111111111111
Visa#: 4007000000027
MasterCard: 5431-1111-1111-1111
MC#: 5424000000000015
Discover#: 6011000000000012
Amex: 341-1111-1111-1111
Discover: 6011-6011-6011-6611
AMEX#: 370000000000002
Visa#: 4222222222222



You might also note that Zen Cart uses these Credit Card Prefix Patterns (and more) to detect which kind of card your customer has entered.
Visa: 13 or 16 numbers starting with 4
MasterCard: 16 numbers starting with 5
Discover: 16 numbers starting with 6011
AMEX: 15 numbers starting with 34 or 37
There are many other articles about the anatomy of credit card numbers

[LeJerque]

Ah, that makes sense. As I expected, the problem can be explained by the fact that I don't know what I'm doing.

Thank you for your quick and helpful reply!