Credit card (PAN) numbers failing Luhn check

[benjamindonnachie]

Thank you very much for this project, it's really simplified creating the data I need to simulate a breach.

However, I've taken some of the credit card numbers and passed them through the Luhn algorithm and (on a dip sample) they fail Luhn validation:

Taking 6304764553616362 for example: Number is not valid. If you change the last digit from 2 to 9, the sum will be 60, and the number will be valid.

https://goodcalculators.com/luhn-algorithm-calculator/ © 2015-2023 goodcalculators.com

Checksum is calculated in https://github.com/benkeen/generatedata/blob/master/client/src/plugins/dataTypes/PAN/PAN.generate.ts :

// calculate check digit const checkDigit = ((Math.floor(sum/10) + 1) * 10 - sum) % 10; panNums += checkDigit;

I'll take a closer look over the next couple of days to determine whether this meets Luhn.

[benjamindonnachie]

I think this should do it...

Line 40: while (pos < numChars-1) { change to: while (pos < numChars) { (Logic - string is reversed - still need to process last digit as that's the first digit in the PAN)

Line 48: if (pos != (numChars - 2)) { change to: if (pos +1 < numChars) { (Logic - skip evens if the PAN length is odd. As the string is reversed and pos jumps in twos, test whether would exceed bounds).

Then testing with www.typescriptlang.org it generates correct Luhn check digits for generated even (e.g. VISA) and odd (e.g. Amex) length PAN numbers.

[benjamindonnachie]

Created pull request https://github.com/benkeen/generatedata/pull/844

Needs testing in full environment rather than just the http://www.typescriptlang.org/ playground. I'll try to get to this over the coming days.

[benjamindonnachie]

Tested using a PAN randomly generated using Generate Code ("6304764553616362"):

` //let panNums = "630476455361636"; // check digit should be 9. let panNums = "63047645536163"; // check digit should be 4. const numChars = panNums.length; // const reversedNums = utils.stringUtils.reverse(panNums); const reversedNums = panNums.split("").reverse().join("");

// calculate sum let sum = 0; let pos = 0; while (pos < numChars) { const currentNum: number = +reversedNums[pos]; let odd = currentNum * 2; if (odd > 9) { odd -= 9; }

    sum += odd;

    if (pos +1 < numChars) {
        const currentNum: number = +reversedNums[pos+1];
        sum += +reversedNums[pos+1];
    }

    pos += 2;
}

// calculate check digit
// const checkDigit = 10 - (sum %10);
 const checkDigit = ((Math.floor(sum/10) + 1) * 10 - sum) % 10;

console.log("Input")
console.log(panNums);

panNums += checkDigit;

console.log("Output");
console.log(panNums);

};`

Output for odd length:

Sum = (6 + 6 + 0 + 8 + 7 + 3 + 4 + 1 + 5 + 6 + 6 + 2 + 6 + 6 + 4) = 70 70 mod 10 = 0, that means this number is valid. https://goodcalculators.com/luhn-algorithm-calculator/ © 2015-2023 goodcalculators.com

Even length:

Sum = (3 + 3 + 0 + 4 + 5 + 6 + 8 + 5 + 1 + 3 + 3 + 1 + 3 + 3 + 3 + 9) = 60 60 mod 10 = 0, that means this number is valid. https://goodcalculators.com/luhn-algorithm-calculator/ © 2015-2023 goodcalculators.com

Works standalone; needs testing within full environment.

[benkeen]

Thanks @benjamindonnachie! Looks good, but I'll leave this open until tomorrow night when I can confirm it's working on my end.

Appreciate the fix.

[benkeen]

No luck, I'm afraid. I tried a few Visa numbers and all were invalid. All complained about the last digit, e.g.

4287475778422
4929217516178
4916373745428

[benjamindonnachie]

No luck, I'm afraid. I tried a few Visa numbers and all were invalid. All complained about the last digit, e.g.

Thanks Ben. That's frustrating, when I try on the typescript playground I get the right results:

[LOG]: "Input" 
[LOG]: "428747577842" 
[LOG]: "Output" 
[LOG]: "4287475778428" 

[LOG]: "Input" 
[LOG]: "492921751617" 
[LOG]: "Output" 
[LOG]: "4929217516174" 

[LOG]: "Input" 
[LOG]: "491637374542" 
[LOG]: "Output" 
[LOG]: "4916373745424" 

Can you confirm how generatePAN() is called? If you could add a console.log(panNums); just before // calculate sum ? Or is there any chance of access to your test environment? (I suspect not but it's worth asking!).

Kind regards,

Benjamin

[benjamindonnachie]

A few example panNums from the start of the function might do it.

[benkeen]

Never mind! It was on my end, I apologize. The older code had been cached. When I wiped out the old web worker files I get green across the board for the PAN numbers I was generating. Thanks @benjamindonnachie! I'll get this into the next release. I'll try to get it out this weekend.

[benjamindonnachie]

Great news - thanks for the update.