Blog

MasterCard 2-Series BIN changes
01May

Magento and the MasterCard 2-Series BIN changes

By

Updated May 31, 2017

If you haven’t heard, MasterCard added a new series of credit card numbers recently, the 2-series. In the past, MasterCard BIN numbers have always started with a 5 (like 5424-0000-0000-0015), but that won’t be true anymore. Starting this year, MasterCard is issuing cards in the 22-27 range (like 2221-0012-3412-3456).

MasterCard requires all merchants to accept the new card numbers, and you could already be losing customers if you don’t. In June 2017, they will start testing merchants and ATMs to verify the new credit cards are accepted, and fine businesses that don’t.

The official deadline is June 30th, but we’ve heard some companies receiving letters threatening fines for non-compliance starting May 1st. Either way, verifying MasterCard 2-series compliance should be a high priority for all businesses—every person holding one is a potentially lost sale.

For more information on the changes, see the MasterCard info page: https://www.mastercard.us/en-us/issuers/get-support/2-series-bin-expansion.html

Who is affected?

Magento added official support for the new 2-series CC numbers in recent versions, but many Magento sites are still running older uncompliant versions.

The following Magento versions are affected:

  • All Magento 1 versions below CE 1.9.3.0 and EE 1.14.3.0
  • All Magento 2 versions below 2.1.3 (2.0.0 – 2.0.13, and 2.1.0-2.1.2)

If you are running Magento 1.9.3.0 or higher, or 2.1.3 or higher, you are not affected.

Not all payment methods are affected. This issue only affects inline credit card payment methods that use Magento’s built-in credit card validation. Any payment methods that use a redirect (like PayPal Express) or an on-site iframe should not be affected.

Affected payment methods include:

  • PayPal PayFlow Pro
  • PayPal Website Payments Pro
  • Authorize.Net
  • Authorize.Net Direct Post
  • Authorize.Net CIM
  • Stored CC (please don’t use this, it’s not secure; use a tokenization payment method instead)

…and many others.

Just to be clear: The problem is not with these payment methods or gateways. The problem is Magento’s core credit card validation, which they all use.

How do I fix it?

You can patch your store to add 2-series support by updating the validation code in several files. The files differ depending on whether you are on Magento 1 or 2. The actual files and code should be close to identical regardless of your M1 or M2 version otherwise.

In all cases, if at all possible, upgrade to the latest Magento release (CE 1.9.3.2, EE 1.14.3.2, or 2.1.6, at time of writing). There have been a lot of other fixes you are missing out on.

The changes detailed below reflect Magento’s official changes to support 2-series in the latest releases.

Magento 1

As of 2017-05-02, Magento has released an official patch to resolve the issue. We strongly recommend downloading and applying that patch.

Patch: SUPEE-8967

Download from the Magento Release Archive

Note: Per the patch notes, “For versions older than Magento CE 1.9.0.0, a previous patch for Discover changes (SUPEE-2725) need to be applied first.”

Or, to patch manually:

app/code/core/Mage/Payment/Model/Method/Cc.php
Find:
 'MC'  => '/^5[1-5][0-9]{14}$/',

Replace:
 'MC'  => '/^(5[1-5][0-9]{14}|2(22[1-9][0-9]{12}|2[3-9][0-9]{13}|[3-6][0-9]{14}|7[0-1][0-9]{13}|720[0-9]{12}))$/',
js/prototype/validation.js
Find:
 'MC': [new RegExp('^5[1-5][0-9]{14}$'), new RegExp('^[0-9]{3}$'), true],

Replace:
 'MC': [new RegExp('^(5[1-5][0-9]{14}|2(22[1-9][0-9]{12}|2[3-9][0-9]{13}|[3-6][0-9]{14}|7[0-1][0-9]{13}|720[0-9]{12}))$'), new RegExp('^[0-9]{3}$'), true],

 

Magento 2

As of 2017-05-30, Magento has released an update to fix the issue. We strongly recommend that you upgrade to Magento 2.0.14 or 2.1.7 if you are on a lower version.

Or, to patch manually:

lib/web/mage/validation.js
Find:
 'MC': [new RegExp('^5[1-5][0-9]{14}$'), new RegExp('^[0-9]{3}$'), true],

Replace:
 'MC': [new RegExp('^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$'), new RegExp('^[0-9]{3}$'), true],
vendor/magento/module-payment/Model/Method/Cc.php
Find:
 'MC' => '/^5[1-5][0-9]{14}$/',

Replace:
 'MC' => '/^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$/',
vendor/magento/module-payment/view/frontend/web/js/model/credit-card-validation/credit-card-number-validator/credit-card-type.js
Find:
 pattern: '^5([1-5]\\d*)?$',

Replace:
 pattern: '^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$',

 

If you need more assistance, please feel free to contact us.

 

Share this post

Author

Leave a Reply

Your email address will not be published. Required fields are marked *

We're sorry but your browser is out-of-date!

Please update your browser to view this website correctly.Let's update my browser now

×