We have a persistent problem where our customers enter an incorrect credit card expiration date, and I can only attribute it to some flaw in our user interface design - surely 15% of our customers aren't complete idiots...
The problem compounds because we don't authorize the card immediately - authorization is a manual process from our backoffice interface, usually an hour or two after the order is placed. So when we get an authorization failure, we have to contact the customer and wait usually a day or two before we get a response and find out the expiration was really 08/05 instead of 02/06...
But I think our UI is pretty standard - we have a pair of drop-down combo boxes, one for expiration month and one for year. The months are listed as "Jan (01)" etc.
I've wondered if maybe a free-form 4-digit edit box might be more appropriate but so far have decided against it because of the range of validation issues it would bring.
Do others see an inordinate number of invalid expiration date entries?
Good choice to not use freeform text-entry and fiddly validation -- using drop-downs is the easiest way, for both the implementor and the end-user.
We found that we got the least amount of data-entry errors in on the cc payment page by making the year drop-down into a four digit number, and pre-filling it with the range [current year] to [current year + 10] (inclusive). This way, the only room for error is if the customer mis-interprets their expiry date at time of purchase.
We also do similar for card 'start date', when applicable.