An IS auditor recommends that an initial validation control be programmed into a credit card
transaction capture application. The initial validation process would MOST likely:
check to ensure that the type of transaction is valid for the card type.
verify the format of the number entered then locate it on the database.
ensure that the transaction entered is within the cardholder’s credit limit.
confirm that the card is not shown as lost or stolen on the master file.
The initial validation should confirm whether the card is valid. This validity is established through
the card number and PIN entered by the user. Based on this initial validation, all other validations
will proceed. A validation control in data capture will ensure that the data entered is valid (i.e., it
can be processed by the system). If the data captured in the initial validation is not valid (if the card
number or PIN do not match with the database), then the card will be rejected or captured per the
controls in place. Once initial validation is completed, then other validations specific to the card and
cardholder would be performed.