The validations I know of are:

• Checksum the whole card number should add up to zero. (range is 0-9)
• Check the first digit(s) against the card type
• Check the length against the card type
• Check the CCV length against the card type (I think all the major types are 3 anyway)
• Of course make sure it is accepted card type as well as non expired.

Are there any other validations :) (I expect many folks did not know about all of these)

The reason I ask is because I overheard there was one to checksum number against expiration or CCV.. I just wanted to check.

• Card Number (aka PAN, Primary Account Number)
  Don't take any advice as gospel. The card number is comprised of a 6 digit Issuer Identification Number (IIN), an account number and a luhn check digit. The IIN ranges are constantly changing and industry sectors that rely on this information (such as Payment Processors) will generally be updated as changes occur. It's reasonably safe to assume that the card number should be between 16 and 19 digits, and start with 3, 4, 5 or 6. Beyond that trying to identify the card type from the IIN is prone to error unless you are frequently updated.

• Luhn / Mod10 check digit.
  The last digit of the card number is a check digit to pick up transposition errors which may have occured when an operator has keyed in the card number. The wikipedia article is a good source for more info and code samples.

• Magnetic stripe
  If you have physical access to the card, and a magstripe reader, then track 2 contains banking card info. Amongst the details are card number, expiry date, LRC (check digit) and a Service Code. The service code (only available on mag stripe) informs how the card may be used, eg only for national payments, only for use at an ATM (not as a payment card), whether cash back should be offered etc.

• CCV / CSC / CV2
  Security digits are never embossed onto the card, or recorded on the magstripe. Should be three digits on all except Amex (always 4 digits)

• Issue date
  Used for manual (sanity) check only. Not sent during the authorization request

• Expiry date
  A common misconception is that expired cards cannot be used. They frequently can, but they must go through online authorization first (so that the acquiring bank has final say on whether it is permitted or not). Expiry dates can be up to 20 years in the future (and even further in some rare cases)

• Issue number
  Only available on certain card types. Should be captured and used in the authorization request.