All geek questions in one place

Updated BIN / IIN ranges for credit card types

We are currently checking the credit card number with Reg Ex to find the type of card using the ranges from Wikipedia , but this is not up to date.

This SO article is similar to the requirement and provides a good link to the Barclaycard Resource , however, this requires a manual check to make in Reg Ex or another system.

Does anyone use or know the supported / updated Regex or csv, which can be easily imported when changes are made to these ranges, for example, when new Mastercard debit cards are rolled out.

Update

Now we get the XML IIN file from Verifone , which performs our card processing. The file is read from top to bottom until the first range is found that matches the leading 6 digits of the card number.

+4
source share
1 answer

If you only need a card type, then an algorithmic approach is probably best (for example, the prefix "4" is Visa, "5" is Mastercard, etc.). But if you need an issuing country, institution, etc., then access to a regularly updated BIN list is mandatory.

If you have a trading relationship with the bank, you should be able to get it from them, possibly in accordance with some non-disclosure agreements. Without a relationship, most banks will most likely just say no. Access to the BIN list is not a big security risk, but banks really like to have their secrets :-) I know RBS has one available to customers.

At the previous company I worked with, we planned to download monthly from their password-protected website, and then imported it into our risk management database. The risk management team still needed manual processes for unlisted BIN ranges, since there is a delay between when the range is activated and when your banking information is updated.

Depending on your requirements, you may need to process sub-BIN ranges (prefixes of 9 or 10 digits), as a large bank may assign part of the range to secondary players or branding services. This is especially important when differentiating debit cards and credit cards (the risk level is usually higher for credit cards).

Some banks do not have very good verification of the data in these lists (I saw only a very long Excel table) - a meeting with repeating, divided and combined ranges is very likely, so you will need to merge based on the range of the algorithm - it's a little difficult to get all the boundary conditions.

A decent version of the BIN list will include the prefix range, card type (with separate credit and debit types), country, card number length and institution name. You will probably have to programmatically manage the β€œlast modified” field in the importer logic.

If you need to perform a risk assessment, you can also watch MaxMind on the Internet MinFraud (I would recommend additional results from the Premium version). It provides a good risk rating of around $ 0.01 per request.

+5
source

Source: https://habr.com/ru/post/1337479/

More articles:


All Articles