Validating a Credit Card Number using Luhn's Algorithm


Article ID: 160639


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover


If incidents are being triggered by numbers that are not real CCNs you can use a Luhn Checker to determine if it passes the algorithm or not.


The Luhn Check Digit Algorithm

The Luhn algorithm is primarily used for the validation of credit card numbers.  Not only does this provide a catcher for data-entry errors, it also doubles as a weak security tool.  Most credit cards and many government identification numbers use the algorithm as a simple method of distinguishing valid numbers from collections of random digits. 

See below for an example of how the Algorithm works, or use the attached .jar file to do the work for you.

The following steps are required to validate the primary account number (originally excerpted from, but that page is no longer active):

Step 1: Double the value of alternate digits of the primary account number beginning with the second digit from the right (the first right--hand digit is the check digit.)

Step 2: Add the individual digits comprising the products obtained in Step 1 to each of the unaffected digits in the original number.

Step 3: The total obtained in Step 2 must be a number ending in zero (30, 40, 50, etc.) for the account number to be validated.

For example, to validate the primary account number 49927398716:

Step 1:

        4 9 9 2 7 3 9 8 7 1 6         x2  x2  x2  x2  x2 ------------------------------         18   4   6  16   2

Step 2: 4 +(1+8)+ 9 + (4) + 7 + (6) + 9 +(1+6) + 7 + (2) + 6

Step 3: Sum = 70 : Card number is validated

Note: Card is valid because the 70/10 yields no remainder.

[The original source above notes that ICVERIFY is the original source of this data.]

Make sure that you:

  1. have started with the rightmost digit (including the check digit) (figure odd and even based upon the rightmost digit being odd, regardless of the length of the Credit Card.) ALWAYS work right to left.
  2. the check digit counts as digit #1 (assuming that the rightmost digit is the check digit) and is not doubled
  3. double every second digit (starting with digit # 2 from the right)
  4. remember that when you double a number over 4, (6 for example) you don't add the result to your total, but rather the sum of the digits of the result (in the above example 6*2=12 so you would add 1+2 to your total (not 12).
  5. always include the Visa or M/C/ prefix.

Attachments get_app