locked
Regular expressions for credit card numbers in C# RRS feed

  • Question

  • User-1410783915 posted

    I am looking for some regular expressions for credit card numbers. Ones that work. I Gleemed a few off of the web, yet the regular expressions are not working.

    Basically I have a method which is passed a credit card number as a string. Yet even if I pass in a valid number for either type of credit card, the regular expression is not working.
    Below I test for a valid master card number which is passed into the method. I have also tried validating the Visa number with a valid visa number, yet that does not work either?

     

    bool validateCard(string CreditCardNumber)
    {
       bool isValid = false; Match match;
       Regex regexMC = new Regex(@"^(?:2131|1800|35\d{3})\d{11}$");
       Regex regexVisa = new Regex(@"^4[0-9]{12}(?:[0-9]{3})?$");

        match = regexMC .Match(CreditCardNumber); if(match.Success == true)
        {
           isValid = true;
        }
    }

    Tuesday, October 1, 2013 10:02 PM

Answers

  • User281315223 posted

    According to this Stack Overflow thread, you could use the following Regular Expression to properly validate a credit card : 

    ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$

    You could use the following method to handle it : 

    public bool ValidateCreditCard(string creditCardNumber)
    {
                //Build your Regular Expression
                Regex expression = new Regex(@"^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$");
    
                //Return if it was a match or not
                return expression.IsMatch(creditCardNumber);
    }

    or if you wanted to ignore any '-' characters or white-space, you could just strip it out as seen below :

    public bool ValidateCreditCard(string creditCardNumber)
    {
           //Strip any non-numeric values
           creditCardNumber = Regex.Replace(creditCardNumber,@"[^\d]","");
    
           //Build your Regular Expression
           Regex expression = new Regex(@"^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$");
    
           //Return if it was a match or not
           return expression.IsMatch(creditCardNumber);
    }

    Alternative (Javascript approach)

    If you wanted to accomplish this same thing in Javascript, you could use the following : 

    function ccValidate(ccn){
          //Build your expression
          var regex = new RegExp("^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$");
          //Test your current value
          alert(regex.test(ccn));
    }
    

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, October 1, 2013 10:35 PM
  • User281315223 posted

    Basically any payment gateway out there such as Authorize.Net will provide the necessary service to properly validate credit-card numbers. If you are using an actual payment provider within your application (which I would assume you are since you are reading them in), they should have a service or API that will allow you to determine if a valid card was entered (much like AidyF mentioned).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, October 2, 2013 8:41 AM
  • User-760709272 posted

    Thanks to Ronen who always has a solution. I am using a third party toolkit to actually validate the credit card against the credit service provide. However I just needed a correct regular expression. Ronen seems to have it. Thanks to him.

    If you are using a third party toolkit to validate the card then use it, that's what it's there for, it has all the rules.  Valid credit card numbers are far more complicated than regular expressions allow.  Whatever regex you use, I guarantee I can give you valid numbers that your regex will deny, and invalid numbers that it will accept.  The documentation for your third-party toolkit will also ask you use the validation services that they provide.  You can accept what I'm saying in that your problem has no solution so use the third-party tools, or you can implement a regex and turn away valid customers....it's your website, it makes no difference to me :)

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, October 2, 2013 9:00 AM

All replies

  • User-760709272 posted

    I just wouldn't bother validating it.  If it's not a valid number the payment fails, why bother validating it?  I don't think you'll get a regex to validate all numbers as credit card numbers don't work like that, and you also have to cater for the Luhn check.

    Tuesday, October 1, 2013 10:27 PM
  • User281315223 posted

    According to this Stack Overflow thread, you could use the following Regular Expression to properly validate a credit card : 

    ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$

    You could use the following method to handle it : 

    public bool ValidateCreditCard(string creditCardNumber)
    {
                //Build your Regular Expression
                Regex expression = new Regex(@"^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$");
    
                //Return if it was a match or not
                return expression.IsMatch(creditCardNumber);
    }

    or if you wanted to ignore any '-' characters or white-space, you could just strip it out as seen below :

    public bool ValidateCreditCard(string creditCardNumber)
    {
           //Strip any non-numeric values
           creditCardNumber = Regex.Replace(creditCardNumber,@"[^\d]","");
    
           //Build your Regular Expression
           Regex expression = new Regex(@"^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$");
    
           //Return if it was a match or not
           return expression.IsMatch(creditCardNumber);
    }

    Alternative (Javascript approach)

    If you wanted to accomplish this same thing in Javascript, you could use the following : 

    function ccValidate(ccn){
          //Build your expression
          var regex = new RegExp("^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$");
          //Test your current value
          alert(regex.test(ccn));
    }
    

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, October 1, 2013 10:35 PM
  • User-760709272 posted

    Neither of those methods handle Luhn validation.  Credit card numbers are like email addresses....just don't bother validating them :)  All that's going to happen is that someone with a valid card isn't going to be able to use your site because their card doesn't match your validation.  I have implemented numerous low-level payment solutions and have been given documentation on cards, card types, their numers etc.  These always consist of big tables that contain the various specs from various providers to ensure your system accepts all types.  Never once have I simply been given a regex function and told "oh just use this".  If you try and validate your cards you will end up declining valid cards.  Just don't do it.

    Wednesday, October 2, 2013 8:01 AM
  • User-1410783915 posted

    Thanks to Ronen who always has a solution. I am using a third party toolkit to actually validate the credit card against the credit service provide. However I just needed a correct regular expression. Ronen seems to have it. Thanks to him.

    Wednesday, October 2, 2013 8:37 AM
  • User281315223 posted

    Basically any payment gateway out there such as Authorize.Net will provide the necessary service to properly validate credit-card numbers. If you are using an actual payment provider within your application (which I would assume you are since you are reading them in), they should have a service or API that will allow you to determine if a valid card was entered (much like AidyF mentioned).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, October 2, 2013 8:41 AM
  • User-760709272 posted

    Thanks to Ronen who always has a solution. I am using a third party toolkit to actually validate the credit card against the credit service provide. However I just needed a correct regular expression. Ronen seems to have it. Thanks to him.

    If you are using a third party toolkit to validate the card then use it, that's what it's there for, it has all the rules.  Valid credit card numbers are far more complicated than regular expressions allow.  Whatever regex you use, I guarantee I can give you valid numbers that your regex will deny, and invalid numbers that it will accept.  The documentation for your third-party toolkit will also ask you use the validation services that they provide.  You can accept what I'm saying in that your problem has no solution so use the third-party tools, or you can implement a regex and turn away valid customers....it's your website, it makes no difference to me :)

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, October 2, 2013 9:00 AM