Payment card numbers such as those on debit cards, credit cards, or store cards, used to be typed-in and quoted. This led to mistakes, though these days it happens only occasionally. To minimize this and avoid the complications that would follow if money was paid to the wrong account or ended up lost in the system, 16-digit card numbers are far from being the random numbers they appear to be. The numbers have a pattern and that pattern is verified using a single check digit.
We know we should never reveal our bank account details over the phone or in emails. Every once in a while though someone will fall for a phishing email and send off their card number. Software can be used to scan email traffic to identify bank account numbers in emails and thus reduce the chances of fraud. Also fictitious card numbers used to be generated by crooks unaware that the numbers are not random, and the software could identify these numbers.
What is the pattern in bank account numbers and how are errors spotted? The software makes use of an algorithm, which is a set of mathematical instructions performed in a prescribed sequence to achieve a goal, in this case a mistake in the pattern of numbers. Here’s how it works.
Take out a bank card and write down the long number on the front on a piece of paper and follow these steps (you don’t really have to do this of course).
1 Starting from the right, double the value of each alternate digit beginning with the second digit from the right (not the first digit)
2 Add the individual digits of the numbers obtained in step 1 together. If the number has two digits treat them as separate numbers and add them together ie. the number 14 becomes 5
3 Add together each of the unaffected digits in the original number
4 Add together these two totals together (the totals in 2 and 3)
If the final total is a number ending in zero (30, 40, 50, 60, 70 etc) then the card number is validated.
Here is an example using the card number 4556 7375 8689 9855
|Double every other number||8||10||14||14||16||16||18||10|
|Sum of digits||8||5||1||6||5||3||5||5||7||6||7||9||9||8||1||5||90|
The sum of all the digits is 90 which is divisible by 10, and therefore the card number is validated. If say the first two numbers had been switched around by mistake, the sum of the digits in the first two columns of the 3rd row would have been 1 and 4, instead of 8 and 5, and the total sum would have been 82. This is not divisible by 10, and the card number would not have been validated.
This algorithm, know as the Luhn algorithm after the IBM scientist Hans Peter Luhn who created it in 1954, is also known as the ‘modulus 10’ or ‘mod 10’ algorithm. It doesn’t have any significant security function, criminals are much more sophisticated, but the algorithm is in the public domain and is still in wide use today serving its original purpose of spotting accidental errors. (more…)