Nordea Personkonto validates to true with birthdate + 1 digit

swantzter / kontonummer

Parse, validate and format Swedish bank account numbers

https://kontonummer.se

MIT License

5 stars 2 forks source link

Nordea Personkonto validates to true with birthdate + 1 digit #32

Open Jokab opened 11 months ago

Jokab commented 11 months ago

Hi!

First of all, thanks for a great package.

I'm having an issue with Nordea Personkonto validation. It seems that the validation check will pass if you take the date of birth part of a personal number and add one digit.

For example for the fake personal number 791212-9280, the only correct account number should be 7912129280. However if I write 7912124, this also passes. For other personal numbers some other extra digit may be required, which I assume is to pass the mod checks. Another fake example is 4609271897 which passes with 4609277.

I think this may be wrong and perhaps stems from that account min and max length are not really checked anywhere. Is this by design or a bug?

Best, Jakob

swantzter commented 10 months ago

Hi, sorry I haven't been able to look at this yet. It's marinating as one of two unresolved emails in my personal inbox so I haven't forgotten. December just isn't the best month for FOSS work for me. Just didn't want to leave you with radio silence until then :)

tedeh commented 7 months ago

I also have an issue with Nordea account validation. It might not be exactly the same as the one reported here but since it concerns Nordea accounts I'm posting my feedback here anyway instead of creating a new issue.

For a made-up Nordea account like 3227-001370 (10 digits) I get validation to pass as a "type 1" account even though it is in fact invalid. Another service I'm interacting with requires Nordea accounts to be between 11-15 digits in total, including the sort code.

There are some validation requirements published here: https://www.nordea.se/privat/produkter/konton-betalningar/clearingnummer.html

I believe validating the length of Nordea numbers might improve functionality?

swantzter commented 7 months ago

@tedeh Det är för att det är korrekt som '3227-0001370' för typ 1 fyller man på med 0:or i början på numret för att det ska bli 11 tecken om det är för kort. (inkl clearingnr) om du kör .format() efter får du det paddat

swantzter commented 7 months ago

@Jokab your issue is actually because of tbe same reason mentioned above, account numbers that are entered "too short" implicitly have leading 0's to make up the correct length.

Something that could be introduced is a "strict length" mode that requires leading 0's to be specified manually instead of being implicitly added

NiKiZe commented 7 months ago

Typ1 är strikt alltid 4+7, bör inte 0 paddas. Lika så 3300 (och 3782 som inte ska användas) är strikt alltid 4+10.

Skulle kunna ge förslag på att använda utfyllt, men inte automatiskt validera ok.