Credit Card Regex Java Validator

What is a Credit Card Regex?

Credit card numbers follow strict formatting standards defined by card networks. A credit card regex is used to ensure that the number structure aligns with the expected format before further verification like Luhn’s algorithm.

Each card type has a unique starting digit(s) and length:

But what do those numbers mean in practice? Credit card numbers are usually grouped in blocks of four on the physical card to aid readability, and each major card network uses a specific structure. Recognizing these patterns allows you to identify the card company just by looking at the number:

• Visa: 13 or 16 digits, always starting with 4.

• MasterCard: 16 digits, starting with numbers from 51 to 55, or any number between 2221 and 2720.

• Discover: 16 digits, starting with 6011 or 65.

• American Express: 15 digits, starts with 34 or 37.

• Diners Club: 14 digits, begins with 300–305, 36, or 38.

• JCB: 15 digits starting with 2131 or 1800, or 16 digits starting with 35.

Java Regex Patterns for Credit Cards

Here are some common regex patterns:

Visa:

^4[0-9]{12}(?:[0-9]{3})?$

Mastercard:

^5[1-5][0-9]{14}|^2(2[2-9][0-9]{2}|[3-6][0-9]{3}|7([01][0-9]{2}|20))[0-9]{12}$

American Express:

^3[47][0-9]{13}$

These patterns check for structure only — not actual card validity.

Java Code Example

import java.util.regex.Pattern;
import java.util.regex.Matcher;

public class CreditCardValidator {
    public static void main(String[] args) {
        String visaCard = "4111111111111111";
        String visaPattern = "^4[0-9]{12}(?:[0-9]{3})?$";

        Pattern pattern = Pattern.compile(visaPattern);
        Matcher matcher = pattern.matcher(visaCard);

        if (matcher.matches()) {
            System.out.println("Valid Visa card number");
        } else {
            System.out.println("Invalid Visa card number");
        }
    }
}

Luhn Algorithm: Verifying Credit Card Numbers in Java

Regex helps ensure a card number looks right, but how do you check if the number itself could actually be valid? That’s where the Luhn algorithm comes into play—a built-in checksum method used by credit card networks to catch accidental typos and most fake numbers.

The good news: implementing this check in Java is straightforward. The algorithm works as follows:

1. Start from the rightmost digit and move left, doubling every second digit.

2. If doubling the digit results in a number greater than 9, subtract 9 from it.

3. Sum all digits.

4. If the total modulo 10 equals zero, the number is valid.

   
   

Here’s a simple Java method for Luhn validation:

public class LuhnValidator {
    public static boolean isValid(String ccNumber) {
        int sum = 0;
        boolean alternate = false;
        for (int i = ccNumber.length() - 1; i >= 0; i--) {
            int n = Character.getNumericValue(ccNumber.charAt(i));
            if (alternate) {
                n *= 2;
                if (n > 9) {
                    n -= 9;
                }
            }
            sum += n;
            alternate = !alternate;
        }
        return (sum % 10 == 0);
    }
}

Usage:

Call <mark style="color: #272B32; border-width: 1px; border-radius: 4px; box-shadow: 0px 1px 3px 0px rgba(0, 0, 0, 0.1), 0px 1px 2px -1px rgba(0, 0, 0, 0.1); background-color: #E9D5FF; border-color: #C084FC;">LuhnValidator</mark>.isValid("4111111111111111").

Returns true if the number passes the Luhn check, false otherwise.

This step is a must when you need to distinguish between a properly formatted number and one that could actually exist—before any payment processing or storing data for later.

Adding Luhn Algorithm Validation

While regex patterns confirm a credit card number’s structure, they don’t guarantee the number is actually valid. That’s where the Luhn algorithm comes in—a simple checksum formula used by most major card networks as the final layer of defense against typos and invalid numbers.

Here’s how it works in Java:

• The algorithm processes the digits of the card number from right to left.

• Every second digit (starting from the end) is doubled. If doubling results in a value over 9, subtract 9 from it.

• All the resulting numbers are summed.

• If the total sum is divisible by 10, the number passes the check.

A sample method for validating credit card numbers with the Luhn algorithm:

public static boolean isLuhnValid(String ccNumber) {
    int sum = 0;
    boolean alternate = false;
    for (int i = ccNumber.length() - 1; i >= 0; i--) {
        int n = Character.getNumericValue(ccNumber.charAt(i));
        if (alternate) {
            n *= 2;
            if (n > 9) {
                n -= 9;
            }
        }
        sum += n;
        alternate = !alternate;
    }
    return (sum % 10 == 0);
}

This method checks if the given credit card number string passes the Luhn check. For best results, use it alongside your regex pattern to validate both format and authenticity.

Sample Inputs

Valid:

• Visa: 4111111111111111

• MasterCard: 5555555555554444

• AMEX: 371449635398431

  
  

Invalid:

• 1234567890123456 (invalid prefix)

• 411111111111111 (wrong length)

• abcdefg12345678 (non-digit characters)

Use Cases

• Checkout Forms: Validate credit card number format before API calls.

• User Onboarding: Ensure card format is correct during setup.

• Fraud Prevention: Quickly reject obvious fake card numbers.

• Data Cleaning: Validate and cleanse stored card numbers in logs or databases.

Other Common Regex Use Cases in Java

Regular expressions aren't just for credit cards—they’re the Swiss Army knife of input validation. Here are a few everyday cases where regex proves invaluable in Java applications:

• Email Addresses: Ensure users provide properly formatted addresses (e.g., user@example.com), catching obvious typos before they cause headaches.

• Postal Codes: Validate formats for countries like the US (12345 or 12345-6789), Canada (K1A 0B1), or the UK (SW1A 1AA).

• Phone Numbers: Check for valid patterns across North America ((555) 555-1234 or 555-555-1234), as well as international formats with country codes.

• Passwords: Enforce complexity rules—minimum length, a mix of uppercase/lowercase letters, digits, and special symbols. Great for nudging users away from “password123”.

• Dates: Confirm dates are entered in accepted formats, like YYYY-MM-DD or MM/DD/YYYY, which helps avoid confusion between 12/11 and 11/12.

• SSNs and Tax IDs: Quickly spot valid US Social Security Numbers (123-45-6789) or other regional tax identifiers.

• ISBNs & Reference Numbers: Match standardized codes (like ISBN-10 or ISBN-13 for books, or barcodes).

• Currency Formats: Spot numbers with mandatory symbols (such as $1,234.56 or €1.234,56) for financial input.

• Special Character Detection: Identify presence or absence of Unicode symbols—useful for supporting Greek, Cyrillic, or emoji in user input.

• Line and Word Counts: Restrict input to a certain number of lines or words for form fields.

With the right regex, you can tackle nearly any pattern matching or input sanitization needed for modern apps.

Pro Tips

• Never store raw card numbers. Use a Hash Generator Java or a secure tokenization service.

• Always combine regex checks with Luhn’s algorithm for actual card number validation.

  While a regular expression can filter out obviously invalid credit card numbers, it won't catch every possible error—especially if someone accidentally swaps or mistypes digits. That’s where the Luhn algorithm comes in. This checksum formula, used by credit card companies worldwide, verifies whether a card number is structurally valid by performing a simple calculation on its digits.

  
  

  Here’s a quick overview of how the Luhn algorithm works:

  • Starting from the rightmost digit (the check digit), move left and double the value of every second digit.

  • If doubling a digit results in a number greater than 9, subtract 9 from it—or, alternatively, add the digits together.

  • Sum all the digits (after any modifications).

  • If the total modulo 10 is zero, the card number passes the check.

  
  

  Below is a sample implementation in Java:

  public class Luhn {
      public static boolean check(String ccNumber) {
          int sum = 0;
          boolean alternate = false;
  
          for (int i = ccNumber.length() - 1; i >= 0; i--) {
              int n = Integer.parseInt(ccNumber.substring(i, i + 1));
  
              if (alternate) {
                  n *= 2;
                  if (n > 9) {
                      n = (n % 10) + 1; // Same as subtracting 9
                  }
              }
  
              sum += n;
              alternate = !alternate;
          }
  
          return (sum % 10 == 0);
      }
  }

  By pairing regex validation with the Luhn algorithm, you’ll ensure that credit card numbers are both correctly formatted and mathematically valid—helping to reduce

  errors and fraud.

  
  

• Never store raw card numbers. Use a Hash Generator Java or a secure tokenization service.

• Don’t rely only on regex for fraud detection — it’s for format validation, not legitimacy.

• Sanitize input by removing spaces or hyphens before matching against the regex.

• Customize regex if you only support certain card types (e.g., Visa + MasterCard).

  • Use a separate pattern per card type for better UX and targeted validation messages.

  • Feel free to adapt the sample code snippets or regex patterns above to match your specific needs and validation rules. For instance, you can fine-tune patterns to restrict accepted card lengths, prefixes, or add support for additional card brands as required. This flexibility allows you to tailor the validation logic for your application's unique requirements and user base.

• Use a separate pattern per card type for better UX and targeted validation messages.

Combine with These Tools

• Password Regex Java Validator: Add secure password validation in signup flows.

• Java Regex Tester: Edit or test regex variations for other card types.

• Token Generator: Generate secure payment session tokens.

• Base64 Encoder: Encode credit card tokens for secure transmission.