Though I have a tolerably good handle on e-commerce software, I've not written much of it myself. In this respect, I'm not one to know what's going on under the hood at any given site: maybe there is a reason why something works the odd way it does.

But I've observed one technique that has been nearly universal: the practice of refusing to allow spaces or dashes in credit card number entry fields (this example from The Teaching Company):

If there were some security or integrity reason for disallowing these characters, I guess I'd buy it, but I've not found a single good reason for it. The consensus among those that I've spoken to is that it's nothing but lazy, sloppy programming. I completely agree.

It turns out that sometimes one can clean up the spaces and dashes in the same amount of code as the instruction not to (this example in perl):

$ccnum =~ s/[-\s]//g;

(No spaces or dashes)

Some sites cleverly avoid the "no spaces or dashes" shame by limiting the credit card entry to 16 characters: this has the same effect. It's just lame.

The shameful

Bluemountain.com -- added 2003/06/13 (no image available) The Teaching Company -- added 2003/06/13 Draper's & Damon's -- added 2003/06/13 Tickets.com They not only limit the credit card field to 16 characters, but allow no formatting in the phone number. Lame. -- added 2003/06/18 Adobe.com Only allowing 16-character input is the same as "no spaces or dashes" -- added 2003/06/16 Fonts.com -- added 2003/07/08 Palm.com -- added 2003/08/31 (thanks Techie2000) Google Gear -- added 2003/09/06 (thanks Scott) Network Solutions Only allowing 16-character input is the same as "no spaces or dashes" -- added 2003/09/10 Regsoft Only allowing 16-character input is the same as "no spaces or dashes" -- added 2003/09/12 ThinkGeek This might just be a bug: they allow 18 characters, which is one less than required to allow all the needed spaces, but it's still not right. -- added 2003/12/01 Citi Cards online Even a credit card company hasn't figured out credit cards! -- added 2003/12/01 Staples -- added 2003/12/26 (thanks Techie2000) IEEE 16-character limit - evidence that hardware guys can't do software -- added 2004/01/29 (thanks cinnamon) Quicken 2003 Software There is a field that allows plenty of room for spaces or dashes, but when trying to do an "online banking update" with First USA bank, it fails with an error code that is not elaborated on. It took a 20 minute phone call with First USA support - three different techs - before the guy asked if I had spaces or dashes in the field. AARGH. I don't know if this is a Quicken issue or a First USA one. AARGH. -- added 2004/02/06 Vanguard Group The same logic applies to Social Security Account Numbers as it does to credit card numbers. -- added 2004/02/09 (thanks Jeffrey) TurboTax Software Not allowing dollar signs or commas in money is not that big of an infraction as it is for credit card numbers and formatting, because we're accustomed to doing without, but it's not that hard to get right. -- added 2004/02/16 (thanks Jeffrey) Microsoft's Security CD offer Phone numbers without dashes! Ack! -- added 2004/02/18 (thanks cinnamon) Cowan Alexander (auctioneer) Not only do they limit the input to 16 characters, they don't even accept the card for payment! -- added 2004/04/04 eCompanyStore.com -- added 2004/04/22 Kintera.org They handle online donations for thinks like walk-a-thons. -- added 2004/04/27 [Home] Stephen J. Friedl Software Consultant Tustin, California USA