Credit Card Validation Rules

Credit Card Validation Rules
••• credit card image by jimcox40 from

Most credit-card validation systems are run by a Mod 10 algorithm. This algorithm can be modified to filter various validation rules or requirements. Although there are several rules that can be applied to the validation of credit cards, most companies will choose certain ones based on preference and security needs.

Provider Recognition

The first two to six digits of a credit card determine who the credit provider is. For example, Master Card begins with the numbers 51-55, American Express begins with 34 or 37 and Discover begins with 6011. Master Card and Discover each have 16 numbers while American Express has a total of 15 digits. Being able to compare the number of digits to the beginning codes provides one more layer of protection for provider verification.

Expiration Date

For every credit-card number, there is an expiration date. This is the most common qualifier for credit card validation. If the expiration date is expired or does not match the information held by the credit card provider, the card will be rejected or declined.


Being able to validate the address or zip code connected to the credit card is often required as information that is not available on the card. This is personal information that someone who is not authorized on the card will probably not have. It is not on the card so it is external information that has to be acquired or possessed.

Card Security Code

With today's technology, it is becoming easier and easier to acquire credit-card numbers. Card security codes are much more difficult to obtain with the credit information. Card security codes are 3 digits on the back of the card that come at the end of the card number. Companies that require this as a verification rule do so to confirm that the credit card is in the physical hands of the user.


The signature on the back of a credit card was once a main rule of validation. Signatures were compared to other forms of identification to verify the user. This was critical before credit card machines were electronic. When credit card transactions were all manual, this was the only means to assure the vendor that the person was authorized to use the card. Cards can still be declined if the signature does not match the driver's license or identification card.