For the Offline Payment method(Credit Card) we check the CV2 or CVV2 code. We use
the "mod10" algorithm, this is based on the ANSI X4.13 system. This is the system
used to issue them, so if the number is incorrect it will not proceed and will
ask for the number again.
Here's how the algorithm works for verifying credit cards:
1. Starting with the second to last digit and moving left, double the value of all
the alternating digits.
2. Starting from the left, take all the unaffected digits and add them to the
results of all the individual digits from step 1. If the results from any of the
numbers from step 1 are double digits, make sure to add the two numbers first (i.e.
18 would yield 1+8). Basically, your equation will look like a regular addition
problem that adds every single digit.
3. The total from step 2 must end in zero for the credit-card number to be valid.
For an interesting article on this please see http://perl.about.com/cs/intermediateperl/a/111303.htmThe reason we can not store the CV2 code is because it is against Visa and
MasterCard rules see: http://usa.visa.com/media/business/cisp/Level_3_Service_Provider_Compliance_Questionnaire.pdf(section 3.3 on page 13).