Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default [Done v155b] MasterCard 2-series BIN

    Not sure if this is considered a Bug Report, but I'd like to mention it here, in case ZenCart core needs updates to support the new MasterCard BINs.

    Please see the following email received from BPOINT:


    Dear Customer,
    Please be advised that MasterCard New 2 Series BIN Range is now available for testing on BPOINT.

    New 2 Series MasterCard BIN Range

    What is happening?
    The BIN makes up the first 6-digits of any card number. MasterCard previously issued cards with BINs beginning with 5. From 14 October 2016, MasterCard will start issuing additional card numbers with the BIN Range of 222100-272099.

    Will this affect me?
    If you have a website or systems that validate that a MasterCard begins with 5, you will need to update your website and/or systems to allow the new BIN range.

    When will it happen?
    MasterCard have announced that the New 2 Series BIN range will be effective on 14 October 2016.

    What will BPOINT do?
    BPOINT has prepared the systems to accept and process the New 2 Series BIN Range and is now available for testing.

    What do I need to do?
    If you currently have your own controls for BINs, please ensure that your systems are prepared.
    To conduct testing on BPOINT, please contact the BPOINT Support team to request test mode to be enabled.

    What can I test with?
    Card number 2720 0100 4036 0012
    Expiry date 0517
    CVN 123

    Who do I contact?
    If you have any questions, please contact our BPOINT Support team.

    Kind regards,
    BPOINT Support

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: MasterCard 2-series BIN

    Hi Jackie,

    Thanks for posting this.

    Two points which will help explain the scope of how this affects Zen Cart:

    1. In practice the majority of Zen Cart payment modules/plugins ignore the actual card-type, because it's not needed in order to actually process a transaction. This leaves it up to the actual payment gateway provider to accept/reject the card, based on their own rules and relationship with the merchant's account configuration.

    2. The only thing Zen Cart does with regard to "detecting the card type" is allow the storeowner to "turn off" (or "on") the ability to "accept" a certain card-type in their store. This is more an artifact than a necessity, but has its benefits insomuch as allowing to completely avoid sending a payment attempt for an Amex card if the storeowner already knows they don't accept Amex. This helps avoid the partial-auth "fee" that the gateway charges for attempting authorizations, even if the payment is not approved.
    So, unless the store is specifically trying to DISALLOW (new) MasterCard cards, this will be a non-issue for them.

    But for those stores who absolutely want to deny Mastercard cards, they must first do so in Admin->Configuration->Credit Cards,
    and then make the following code change to have that MasterCard denial include the new cards in the new "2" BIN range:

    /includes/classes/cc_validation.php
    change
    Code:
          $this->cc_type = 'Visa';
        } elseif (preg_match('/^5[1-5][0-9]{14}$/', $this->cc_number) && CC_ENABLED_MC=='1') {
          $this->cc_type = 'MasterCard';
    to:
    Code:
          $this->cc_type = 'Visa';
        } elseif (preg_match('/^(5[1-5][0-9]{14}|2[2-7][0-9]{14})$/', $this->cc_number) && CC_ENABLED_MC=='1') {
          $this->cc_type = 'MasterCard';
    This updated regex rule is a bit simplified, but will account for the majority of cases that will be encountered.

    Again, NONE OF THIS IS NEEDED if the storeowner DOES accept MasterCard cards.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: MasterCard 2-series BIN

    Wonderful, thanks Dr Byte for the detailed explanation. Most of my clients do accept MasterCard, so this should not be an issue.

    If we have any reports of rejected cards in the future, I'll be sure to post back here and let you know. Otherwise, consider the case solved!

  4. #4
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,669
    Plugin Contributions
    9

    Default Re: MasterCard 2-series BIN

    i think it will be a problem for those sites who have customized the user experience to validate the credit card type on the client side, ie using jquery or javascript.

    in the past, i have used this validator:

    https://github.com/PawelDecowski/jqu...tcardvalidator

    and he has not updated the code there, although it seems to be well documented in the issues, along with someone's quick fix for the regedit pattern.

    client side validation for credit cards is the way to go, and i suppose i should look at v160 and potentially do a PR there if that is currently not in the code.

    best.
    author of square Webpay.
    mxWorks has premium plugins. donations: venmo or paypal accepted.
    premium consistent excellent support. available for hire.

  5. #5
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,669
    Plugin Contributions
    9

    Default Re: MasterCard 2-series BIN

    Quote Originally Posted by DrByte View Post
    Hi Jackie,

    Thanks for posting this.

    Two points which will help explain the scope of how this affects Zen Cart:

    1. In practice the majority of Zen Cart payment modules/plugins ignore the actual card-type, because it's not needed in order to actually process a transaction. This leaves it up to the actual payment gateway provider to accept/reject the card, based on their own rules and relationship with the merchant's account configuration.

    2. The only thing Zen Cart does with regard to "detecting the card type" is allow the storeowner to "turn off" (or "on") the ability to "accept" a certain card-type in their store. This is more an artifact than a necessity, but has its benefits insomuch as allowing to completely avoid sending a payment attempt for an Amex card if the storeowner already knows they don't accept Amex. This helps avoid the partial-auth "fee" that the gateway charges for attempting authorizations, even if the payment is not approved.
    So, unless the store is specifically trying to DISALLOW (new) MasterCard cards, this will be a non-issue for them.

    But for those stores who absolutely want to deny Mastercard cards, they must first do so in Admin->Configuration->Credit Cards,
    and then make the following code change to have that MasterCard denial include the new cards in the new "2" BIN range:

    /includes/classes/cc_validation.php
    change
    Code:
          $this->cc_type = 'Visa';
        } elseif (preg_match('/^5[1-5][0-9]{14}$/', $this->cc_number) && CC_ENABLED_MC=='1') {
          $this->cc_type = 'MasterCard';
    to:
    Code:
          $this->cc_type = 'Visa';
        } elseif (preg_match('/^(5[1-5][0-9]{14}|2[2-7][0-9]{14})$/', $this->cc_number) && CC_ENABLED_MC=='1') {
          $this->cc_type = 'MasterCard';
    This updated regex rule is a bit simplified, but will account for the majority of cases that will be encountered.

    Again, NONE OF THIS IS NEEDED if the storeowner DOES accept MasterCard cards.
    i respectfully disagree.

    my test server is set to ACCEPT mastercard, and it errors out stating we do not accept that type of credit card.

    the function from where your code comes is validate, and it will return -1, and therefore i think it WILL be a problem.

    my test server is running v155.

    in addition, for those of so inclined i think the more "complex" regex rule is:

    Code:
     } elseif (preg_match('/^(5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$/', $this->cc_number) && CC_ENABLED_MC=='1') {
    use at your own risk!
    author of square Webpay.
    mxWorks has premium plugins. donations: venmo or paypal accepted.
    premium consistent excellent support. available for hire.

  6. #6
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: MasterCard 2-series BIN

    Carlwhat, that is a very valid point. However, I'm not sure the ZenCart team can change anything in the core code to fix this issue. 3rd party plugin devs will certainly need to take a closer look and provide a patch for their plugins.

    Is your test site running this jquery validator as well? Or are you saying that a clean install is having issues?

  7. #7
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,669
    Plugin Contributions
    9

    Default Re: MasterCard 2-series BIN

    my first point was a plugin that i am using.... obviously nothing that the ZC team can do.

    my second point relates to the core ZC, although the closer i am looking at it, i'm now not so sure.

    it seems that the only payment modules that use the validate function in the cc_validation class is paypaldp.php and some authorizenet modules. i use the authorizenet payment modules, and i have no doubt modified them. so i think perhaps drByte is probably right.... i'm unfamiliar with the paypal modules, and frankly it looks like those are the only 2 places where that class is being used.

  8. #8
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: MasterCard 2-series BIN

    Dr Byte, can you try testing with this number to see if it works? I think carlwhat may be right, the validation returns a -1 if the card doesn't match regex.

    Card number 2720 0100 4036 0012
    Expiry date 0517
    CVN 123

  9. #9
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: MasterCard 2-series BIN

    Quote Originally Posted by jackie.taferner View Post
    Dr Byte, can you try testing with this number to see if it works? I think carlwhat may be right, the validation returns a -1 if the card doesn't match regex.

    Card number 2720 0100 4036 0012
    Expiry date 0517
    CVN 123
    When testing with the regex I posted earlier, using the Authnet AIM module, if I have the MasterCard option turned on, that test number is accepted, and it shows MasterCard as the card-type on the checkout-confirmation screen.
    If I have MasterCard turned off in my Admin, then that test number is rejected.
    Both are the expected behavior.

    And I get the same results using carlwhat's regex ... and I agree: his is more thorough, and I'd recommend using his instead. Will be using it in the next version of Zen Cart: Update the cc_validation to recognize the new MasterCard BIN "2" range
    Last edited by DrByte; 12 Oct 2016 at 12:55 AM. Reason: Added github link
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  10. #10
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: MasterCard 2-series BIN

    @Dr Byte, I've applied your regex fix and it does appear to be working.

    To clarify, this is a client's site that DOES accept MasterCard, and is now working as expected.

    Thanks for your help!

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v155 [Done v155b] AJAX: Session-variable changes not saved
    By lat9 in forum Bug Reports
    Replies: 5
    Last Post: 18 Aug 2016, 12:20 PM
  2. Replies: 4
    Last Post: 27 Jul 2016, 03:04 PM
  3. Replies: 3
    Last Post: 15 Jul 2016, 03:40 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR