It varies from person to person and bank to bank.
Most sites assume a max of around 10 years; I've never seen one that long, but if the banks trust the guy that much, I want his business ;)
just received a new one yesterday and the dates are 09/06 - 09/09 so three years.
If you have to ask this question, why are you building a site to hold credit card details ,,,,
Generally, unless you're a really big, heavily insured corporate, you should be looking at credit card payment processors who handle all the credit card transactions on your behalf
If you want to handle credit card payments yourself, you would also have to qualify for the security and other operational and trust certifications all the credit cards you've mentioned require
Credit cards have different lengths of expiration.
Why not build it out for 10-12 years? It won't do any harm and I'm sure you are putting current year at the top so they don't have to scroll down much, right?
As the others have said - it depends on the issuing bank, but if you just build the dropdown to make it eight or ten years out, you should be fine.
The other option, is not let them enter the information and then your change it if necessary
Thank you all for weighing in on this topic. I guess I'll choose the 10-year option: that should cover most bases.
>>why are you building a site to hold credit card details<<
I'm validating the essential information (cc number, cc exp date) before sending it on to the CC payment gateway.
I have yet to see any gateways that demand validation , it usually optional.
Each person to their own, but most people are reluctant to input CC details to unknown websites,
anyway, that what I see with customers
I think all ecommerce sites require that the customer input, at the very least, a credit card number and the expiration date before the order is sent to the payment gateway.
I recently had to update our expiration list for the same reason as the OP. A customer wrote to us that his expiration year was not available in our pull down menu on the order page.
Use the system date on your server and dynamically go out at least 10 years. I have cards in my wallet that are valid through 2010.
Using your system date and dynamically adding for the max year means you don't have to go update your code manually every few years.
All of my credit cards (all VISA) expire 4 years later. But my new VISA debit card which I just got in last week doesn't expire until 2016. I dunno why they put a 10 year limit on these things. After 2 months of heavy use the magnetic strip on the back of my cards go bad and I just have to get a new card with a new number.
[edited by: OvertureUser at 9:42 pm (utc) on Oct. 4, 2006]