My name is Jason Discount. I am an American living in Australia where I develop software primarily for primary schools and manage servers.
Recently, TF Source was in the press due to a breach of their security. This was discovered by the fact that many of their customers found unidentified charges on their credit cards. As most of their customers were all members of the same internet community, the parallels were quickly made and TF Source was identified as the source of the breach. Being a member of the TF community, as well as a web developer well versed in eCommerce, this was of particular interest to me…
Unfortunately, TF Source committed what I consider to be a cardinal sin. They offered the ability for a customer to store their credit card (not a sin in itself), but they did not allow you to opt-out of this. Firstly, I think it should always be the reverse, requiring a user to opt-in, but either way, they provided no ability for a user to remove their credit card after completing an order.
Well, “No problem.” you might say. “Just put in a dummy credit card after you’ve completed your order.” Sure, that’s a great idea, and exactly what I recommend, but if a web developer skilled in credit card fu wrote their web app, it’s not that easy.
The last digit of every credit card number is a checksum. In short, a checksum is the result of a mathematical calculation that can be applied in order to check the legitimacy of a number. Credit card companies have been using a consistent formula to determine the last digit of a credit card based on a mathematical equation using the rest of the digits of the credit card. The formula in use to verify this number is called the Luhn algorithm. Numerous code examples are linked at the bottom of the Wikipedia article.
Now, it would be less than ideal to keep making up random strings of 16 numbers until you come up with one that validates, so here’s an easy one for you to remember:
5105105105105100
Or as I like to mentally remember it:
510-510-510-510 — 5100
So, if you’re a TFSource customer, go log in, delete your precious real credit card number and stick that one in instead and keep the 510 number handy for any other poorly implemented ecommerce solution.
“Surely this is an isolated problem?”
Hopefully, one day it will be. However, I’ll give you one parting example of another instance where this will come in handy, Amazon. Unfortunately, Amazon requires you to enter your payment details before they let you know the shipping cost. Personally, I find this a bit rude, so I just insert my 510 and get my quote.
Obviously, this is not a legitimate credit card number and should not be attempted to be used for legitimate purchases. Needless to say, it’s not a card that’s in use and you will simply get an error. However, some might consider an attempt to use it as such as a breach of whatever applicable laws or policies are in place, so use it wisely
