Suggestion - Masked Credit Cards and BIN Ranges Support

[Leeeeeeelo]

Dears,

Trust all is well.

I would like to suggest the below improvements on the credit card rule validation :

• Implement the ability to validate card numbers that are masked. This will happen in cases where an integration with 3rd party tools / SDKs are used to avoid having the current environment as PCI compliant. For example, the Visa test card number 4111 1111 1111 1111 would be 4111 11** **** 1111 if masked (usually first 6 digits and last 4 digits are preserved).

• Implement the ability to validate card numbers based on BIN Ranges. For instance, Visa cards start with 4. It would extremely helpful if one can validate further to check if the card belongs to a specific Bank, which would own a specific sub set (for example check https://www.bindb.com/bin-list.html).

Many thanks,

Best regards.

[ErikThiart]

We could add the following regex to https://github.com/Respect/Validation/blob/master/library/Rules/CreditCard.php under a "masked" brand maybe?

/^(\d{4}\s){2}\*\*\*\*\s{4}\d{4}$/

[alganet]

This is perhaps another rule, like MaskedCreditCard. Depending on the mask, it's possible to also check the brand, so I wouldn't use a "masked" brand parameter to check it.

It's kinda weird have two very similar rules though. Let's gather more feedback on this! I'll wait for a while until more people can join the discussion.

[henriquemoody]

In version 3.0 I've introduced some transformations in the templates, currently those are the supported ones:

• raw show the value as it is, without trying to escape/strigify it
• trans translates the value

I think I could add another one, like mask. What we would need to do is to implement this transformation when rendering the message, and change the template to something like:

#[Template(
    '{{name|mask}} must be a valid credit card number',
    '{{name|mask}} must not be a valid credit card number'
)]

I think mask could be a bit more complex than others, we could maybe pass some options to it, like:

• mask(all)
• mask(right, 4)
• mask(left, 4)
• mask(center, 4)

#[Template(
    '{{name|mask(center, 8)}} must be a valid credit card number',
    '{{name|mask(center, 8)}} must not be a valid credit card number'
)]

Thoughts?

[henriquemoody]

On second thought, I think that putting that in the template might be undesirable if you want to actually see the value.

I thought that maybe we could have a Mask rule, which would overwrite the input in the template. That could be useful for other cases, like if you're validating a password.

It could be something llike:

v::mask(v::creditCard(), ...)->assert("4111 1111 1111 1111");
// Message: "411111******1111" must be a valid credit card number


v::mask(v::lengthGreaterThan(10))->assert("aTG2NAoUDjobpepI8RcJ");
// Message: The length of "***" mus be greater than 10