On Mon, Jun 15, 2020 at 4:15 PM Wilmar Pérez <firstname.lastname@example.org> wrote:
> I have an application collecting credit card data. Before sending the information out to the payment entity I am trying to make sure the information entered is, at least, valid. I already worked out the card number and cvv numbers but I am not so sure about the expiry date. The format I get the info is MMYY.
> -- Extract the last two digits of the Year
> current_year = string.sub(current_year , 3, 4)
> (card_exp_year < current_year) or (card_exp_year == current_year and card_exp_month < current_month)
> I do not know if this is the most elegant solution but it works. However it has a huge bug: it will fail at the end of the century. Since I only know the last two digits of the expiry date year, if a card expires in 2102 for instance and we were in 2099 my logic would wrongly reject the date (02 is less than 99).
You need to make an assumption: one possibility is to assume that no
credit card will be valid for more than 50 years, and that nobody will
try to use a credit card that's been expired for more than 50 years.
You can then replace your "card_exp_year < current_year" check with
"(card_exp_year - current_year) % 100 < 50".
Joseph C. Sible
I caution against a more fundamental assumption being made here: that the expiration date is, in fact, something that should be getting validated.
There is no standard specifying whether the card is considered expired during the listed month or whether it is considered valid for that month and expired after that month ends. There is also no standard specifying that a card must be rejected after the expiration date has passed, and many credit card providers will continue to honor cards for some period of time past the printed expiration date.
For what it's worth, not every credit card provider even uses expiration dates, so that's something to be careful about too.