Website showing entered credit card number as valid or invalid

Question

I noticed on a website that when I entered my credit card number, the entry box was highlighted blue:

I then tried a dummy credit card number, which made the box highlight red, indicating that credit card number can not be used:

I then tried entering other credit card numbers from expired credit cards and the box highlighted blue again, so the page is checking if entered credit cards belong to an actual card.

Is this a secure practice? Because I could iterate all number combinations and discover which numbers belong to an existing credit card.

Answer 1

I suspect that the site is simply checking that the card number passes the Luhn test. This is a simple test, based on a checksum, that many sites do to check for typos when entering the card number.

However, even if the card number entered passes the Luhn check, it may not be a valid card number for a currently active card. And, even if the card number is valid, the issuing bank may not approve the charge.