Obviously invalid credit card number isn't flagged until "Review Payment"

Bug #920155 reported by Matthew Paul Thomas on 2012-01-22
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Payment service
Low
Unassigned

Bug Description

1. Launch Ubuntu Software Center.
2. In the screen for a purchasable item, click "Buy...".
3. Sign in if necessary.
4. Choose "Credit or debit card".
5. Focus the "Card number" field, and enter "0", or "123", or "4408 0412 3456 7890".
6. Focus any other field.

What happens: Nothing.

What should happen: An error message appears immediately next to the card number field -- "Hang on, that card number isn’t right."

http://en.wikipedia.org/wiki/Luhn_algorithm

visibility: private → public

I'd question whether "Hang on, that card number isn’t right." is consistent with our usual error reporting language.

Changed in canonical-payment-service:
status: New → Confirmed
importance: Undecided → Low
tags: added: buying-software
Jon Hanna (jonhanna) wrote :

A possible implementation of the client-side check:

function isValidCardNumber(cardNumber)
{
 //remove any whitespace typed by user.
 var normalized = cardNumber.replace(/\s/g, '');
 //while 16-digit cards are by far the most common
 //any number from 13 to 19 is possible, and indeed
 //found in real-world use.
 if(!/^\d{13,19}$/.test(normalized))
  return false;
 var tally = 0;//running tally
 var doub = false;//double every other digit
 for (var i = normalized.length - 1; i != -1; --i)
 {
  var digit = parseInt(normalized[i]);
  //double every other digit, but if > 9 subtract 9 to add digits
  //(e.g. 8 * 2 = 16, 16 - 9 == 1 + 6 == 7)
  tally += doub && (digit *= 2) > 9 ? digit - 9 : digit;
  doub = !doub;
 }
 //passes Luhn if result is 0 mod 10.
 return tally % 10 == 0;
}

Jon Hanna (jonhanna) wrote :

Oh. I misread as this being when payment service is used via the web, I see now the steps for reproducing are USC. Sorry :(

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers