> I ask this because if you are validating card info then you are > handling/processing card info. Any business handling credit card > information should have PCI-DSS compliance. >
Yes - I'll soon return to having a web app talking to the Stripe <https://stripe.com/au> payments gateway, and if you use their controls correctly then you never see or touch the payment data yourself. Technically aside though, I notice credit cards (which ones?) use the Luhn <https://en.wikipedia.org/wiki/Luhn_algorithm> checksum algorithm. Have fun coding that yourself for Xmas! More technically interesting is that Luhn is from about 1960 and not that good. My favourite is Verhoeff <https://en.wikipedia.org/wiki/Verhoeff_algorithm> from 1969 which has been sadly neglected despite it's clever application of group theory. *Greg K*
