Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...

When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store


Zend_Validate_CreditCard allows you to validate if a given value could be a credit card number.

A creditcard contains several items of metadata, including a hologram, account number, logo, expiration date, security code and the card holder name. The algorithms for verifying the combination of metadata are only known to the issuing company, and should be verified with them for purposes of payment. However, it's often useful to know whether or not a given number actually falls within the ranges of possible numbers prior to performing such verification, and, as such, Zend_Validate_CreditCard simply verifies that the credit card number provided is well-formed.

For those cases where you have a service that can perform comprehensive verification, Zend_Validate_CreditCard also provides the ability to attach a service callback to trigger once the credit card number has been deemed valid; this callback will then be triggered, and its return value will determine overall validity.

The following issuing institutes are accepted:

  • American Express

    China UnionPay

    Diners Club Card Blanche

    Diners Club International

    Diners Club US & Canada

    Discover Card







    Visa Electron

Invalid institutes

The institutes Bankcard and Diners Club enRoute do not exist anymore. Therefore they are treated as invalid.

Switch has been rebranded to Visa and is therefore also treated as invalid.

Supported options for Zend_Validate_CreditCard

The following options are supported for Zend_Validate_CreditCard:

  • service: A callback to an online service which will additionally be used for the validation.

  • type: The type of creditcard which will be validated. See the below list of institutes for details.

Basic usage

There are several credit card institutes which can be validated by Zend_Validate_CreditCard. Per default, all known institutes will be accepted. See the folowing example:

= new Zend_Validate_CreditCard();
if (
$valid->isValid($input)) {
// input appears to be valid
} else {
// input is invalid

The above example would validate against all known credit card institutes.

Accepting defined credit cards

Sometimes it is necessary to accept only defined credit card institutes instead of all; e.g., when you have a webshop which accepts only Visa and American Express cards. Zend_Validate_CreditCard allows you to do exactly this by limiting it to exactly these institutes.

To use a limitation you can either provide specific institutes at initiation, or afterwards by using setType(). Each can take several arguments.

You can provide a single institute:

= new Zend_Validate_CreditCard(

When you want to allow multiple institutes, then you can provide them as array:

= new Zend_Validate_CreditCard(array(

And as with all validators, you can also pass an associative array of options or an instance of Zend_Config. In this case you have to provide the institutes with the type array key as simulated here:

= new Zend_Validate_CreditCard(array(
'type' => array(Zend_Validate_CreditCard::AMERICAN_EXPRESS)

Table 172. Constants for credit card institutes

Institute Constant
China UnionPay UNIONPAY
Diners Club Card Blanche DINERS_CLUB
Diners Club International DINERS_CLUB
Diners Club US & Canada DINERS_CLUB_US
Discover Card DISCOVER
Visa Electron VISA

You can also set or add institutes afterward instantiation by using the methods setType(), addType() and getType().

= new Zend_Validate_CreditCard();

Default institute

When no institute is given at initiation then ALL will be used, which sets all institutes at once.

In this case the usage of addType() is useless because all institutes are already added.

Validation by using foreign APIs

As said before Zend_Validate_CreditCard will only validate the credit card number. Fortunately, some institutes provide online APIs which can validate a credit card number by using algorithms which are not available to the public. Most of these services are paid services. Therefore, this check is deactivated per default.

When you have access to such an API, then you can use it as an addon for Zend_Validate_CreditCard and increase the security of the validation.

To do so, you simply need to give a callback which will be called when the generic validation has passed. This prevents the API from being called for invalid numbers, which increases the performance of the application.

setService() sets a new service, and getService() returns the set service. As a configuration option, you can give the array key 'service' at initiation. For details about possible options take a look into Callback.

// Your service class
class CcService
    public function 
// some online validation

// The validation
$service = new CcService();
$valid   = new Zend_Validate_CreditCard(Zend_Validate_CreditCard::VISA);

As you can see the callback method will be called with the creditcard number as the first parameter, and the accepted types as the second parameter.

Zend Framework