Maestro, music please

We’ve been working on a change request to add Maestro to the credit cards that we accept for ecommerce payments. Switch started in 1988 but has now merged with the Maestro network owned by MasterCard in the UK.

Until recently, if you took Switch payments then UK customers who had new Maestro cards would still be ok (as long as you accepted the new 6759 prefix for your payments) however with the merging of the worldwide card base there’s a whole new set of card numbers which need validating.

A quick search on 18-digit Maestro cards that HSBC have been issuing raised a few e-commerce shopping cart forums where people were confused about these new card types. So I thought I’d share my findings:

Validating payment card details is important to catch incorrectly entered details from the customer before requesting payment authentication from your banking service, saving unnecessary external calls.

Information from BarclayCard‘s site about card type formats showed though that Maestro cards can have 16, 18 or 19 digits. This is an important deviation from the standard 16 digits that used to be a quick check.

We ask the customer what Card Type they want to pay with in order to present the relevant input fields to collect all the information the bank requires for that type. Issue number and start date are two common items of information which can be mandatory or optional depending on the issuer.
Using BIN ranges, you can detect what kind of card an entered number represents. You could have a single step where a customer enters their card number, and based on that then it would prompt for other information. The trouble is that there are card features that say that items like Card Security Number are optional, so it’s down to the individual card issuers’ preferences.

Based on the Card Type selected, we then validate the details the customer has entered to make sure they make sense. To do this, we make use of Regular Expressions. For ages, regular expressions have been a black art to me. They are very powerful but at first glance mean little to the uninitiated. The advantages of regular expressions can really be seen when using them for validation as you can specify the ranges of values that are valid.

The regular expression we’re using to authenticate Maestro cards is:

(^6759[0-9]{2}([0-9]{10})$)|
(^6759[0-9]{2}([0-9]{12})$)|
(^6759[0-9]{2}([0-9]{13})$)

Each pattern match is separated by ‘|’ characters to indicate OR. The leading ‘^’ and the trailing ‘$’ on each expression means that the pattern has to match the beginning and end of the string. Therefore, this has to match exactly and not just be a substring of the card number we’re comparing this with.

6759 is the literal match for the Maestro card leading card number digits. The BarclayCard document says that the next two digits can between 00 and 99. The pattern states we’re looking for two numerical digits 0 to 9. The last bit of the pattern then make up either the remaining digits to make the card number 16,18 or 19 (10, 12 or 13 remaining characters). We could’ve easily just matched using 12, 14 or 15 digits instead of splitting it out, but this retains the formatting specified in the document.

The new regular expressions are working really well now, and with a change of validation, can look forward to welcoming new customers who prefer paying with Maestro.