Wednesday, July 7, 2010

The credit card 'Da Vinci Code'

A pre-computer security feature was slipped into your credit card numbers and remains there today. Pull out a card and a pencil to see the math trick for yourself.

Did you know your credit card has a "Da Vinci Code"?

It's true. Those raised numerals on your card are not only your account identifier that banks and merchants need to transact business on your behalf, but a little-known credit card version of the Da Vinci Code that verifies its validity without the aid of computers.

Even cooler, the code, which can reveal whether a credit card number is fraudulent, is cryptically hidden within the sequence of the card numbers. Every legitimate credit, debit and ATM card on Earth contains this formula.

This low-tech mathematical sleight of hand, dubbed the Luhn formula after its inventor, Hans Peter Luhn, played a tangential role in the development of the World Wide Web, search engines such as Google, text messaging and other high-tech wonders.

In the unlikely event that you've given any thought at all to your credit card numbers, you probably view them as merely series of random numerals: 16 digits on Visa, MasterCard and Discover cards, 15 on American Express cards and 14 on Diner's Club/Carte Blanche cards.

On a 16-digit card, the first six numerals identify the card issuer, and the next nine numerals are the card account number (AmEx uses an eight-digit account number.)

But there is absolutely nothing random about the final digit of your credit or debit card number. It has been appended as a so-called check number, or key, to verify the card is valid. It's this check number that gives the Luhn formula its Da Vinci Code allure.

When a card number is generated using Luhn's algorithm, various combinations of the digits on the card must ultimately add up to a number that is perfectly divisible by 10. For this reason, Luhn's formula is also referred to as modulus 10, or mod 10 for short. Change any digit or transpose nearly any two digits, and the Luhn check will catch it.

The Luhn formula was designed to instantly detect accidental data entry errors -- missed keystrokes, transpositions and the like -- not as a defense against fraud. It doesn't identify where an invalid number went sideways; it simply flags it as nonconforming.

Luhn checking won't tell you anything about the underlying card account itself. Nor should it be confused with card-verification-value codes, those extra, unembossed numbers on major credit cards that attempt to verify that the physical card is (or has been) in your possession.

Thread counts and keywords

Luhn, who died in 1964, wasn't hunting for the first "killer app" in the credit card world. In fact, when the German-born IBM scientist proposed his formula in 1954, general-purpose credit cards hadn't even been developed. Luhn's formula would later be included as the sum-check for a hand-held mechanical reader, for which he received a patent in 1960.

A former assistant manager of a textile mill, Luhn spent the 1930s and '40s as an engineering consultant to that industry. His Lunometer, a simple rulerlike tool that visually measures the thread and line count in fabrics, is still in use today. Luhn earned more than 80 patents, including a computing gas pump, a cocktail recipe organizer (during Prohibition, no less), an inexpensive foldable raincoat and a forerunner to American Airlines' Sabre reservation management system.

After joining IBM in 1941, Luhn pioneered fundamental concepts in business information retrieval, including keywords in context and selective dissemination of information. Those breakthroughs laid the groundwork for such ubiquitous computer processes as keyword search, e-mail, instant messaging and RSS feeds.

First line against fraud

Although its original intent was to identify human error in the pre-computer days of manual data entry, the Luhn check remains a valuable first line of defense against credit card fraud today.

If the card numbers don't tumble correctly through the algorithm (now computed literally faster than the blink of an eye), the transaction will be halted automatically before it even reaches the card issuer for authorization. Chances are excellent that the next line of anti-fraud software would net any fishy card numbers that slipped through the Luhn check.

For fraud, you have two choices: taking someone else's number or making one up. Luhn didn't know about that type of thing, but his algorithm still helps solve it. If you were ordering something online, it obviously would be nice to give somebody else's number, but that doesn't work.

Why don't you check for yourself

No comments: