Bank Identification Numbers (BIN) are the first four to six digits you see in your credit, debit or prepaid card number. The number is embossed on the front of the card and appears in print just below as well. They are used to facilitate payment processing, help fight fraud and provide businesses with greater insight into their customers.

On their most basic level, BINs serve to identify the issuer of the credit card in question and the industry they are in. Because of that, and the fact that more and more issuers are no longer banks, these numbers are increasingly referred to as Issuer Identification Numbers (IIN). Each issuer has a unique IIN.

The first digit of the IIN is the Major Industry Identifier (MII). There are ten possible digits for the MII, with its value ranging from 0 to 9. Below is a table showing each number with its corresponding industry or segment. 

Major Industry Identifier (MII)Issuer Category
0ISO/TC 68 assignments
1Airlines cards
2Airlines cards and other future industry assignments
3Travel and Entertainment Cards
4Banking and Financial Cards
5Banking and Financial Cards
6Merchandising and Financial Cards
7Gas Cards
8Healthcare and Telecommunications Cards
9For Use by National Standards Bodies

Note that based on MIIs American Express is considered a Travel & Entertainment card, Visa and MasterCard are considered Banking & Financial cards and Discover is considered a Merchandising & Financial card. This reflects the primary purpose of these card brands when they were launched.

The IIN provides merchants with a lot of other information besides just the issuing entity. For example, when cardholders enter card details for an online transaction, just those first few digits tell the retailer:

  • The name, address, and phone number of the bank where the funds will be transferred from
  • What type of card it is (debit, credit, gift, etc.)
  • What level the card is (corporate, platinum, etc.)
  • In which country the issuer is located 

Following the BIN or IIN is the individual account number. The last digit on a card is the checksum, which is generated using a specific algorithm so that a card can be quickly determined to be authentic or not.  Under the global industry standard, the entire card number can be up to 19 digits long. 

Using the BIN for authorization

The BIN works by identifying the issuer that receives the transaction’s authorization request and whether or not the account is valid. It is also used to determine if the account has sufficient funds for the transaction, which facilitates the approval or rejection of a transaction. This all goes on in the background during all transactions. A credit card processing system cannot function completely without the BIN.

BIN attacks

Using BINs for marketing purposes

BINs also can be used to provide merchants with valuable sales intelligence, such as changing purchasing patterns, different purchases by different consumer demographics and card decline rates. Data from the BIN will show the type of card that a customer uses, enabling targeted promotions to specific consumer personas. 

For example, if a customer uses a gift card that suggests that one of their friends or family members knows that they purchase from you frequently, or suspects that they might be interested in doing so. It would make good business sense to send that customer information about your customer loyalty program as a way of securing their future business.

Let’s take another example. Let’s say you see from the BIN that the customer is using an American Express platinum card. In that case, you may want to suggest some higher ticket items for purchase since you know the customer is relatively affluent.

Using a BIN to fight fraud

Aside from facilitating payment authorization and providing useful sales data, BINs are also used to provide an additional element of security for payment card transactions. They are used to analyze transactions and filter out suspicious transactions that are executed using stolen or fake cards. 

Although the information garnered from a BIN is fairly basic, it can be used to spot potentially fraudulent transactions. For example, a business in the U.S. receiving an order from a customer in Canada might not be all that unusual, but if the BIN indicated that the card was issued by a German bank, that could be a good reason to examine that transaction more closely. Many fraud prevention tools will use the BIN as one variable for detecting potentially fraudulent transactions. 

Fighting off BIN attacks

Sometimes fraudsters try to get around the BIN’s safety features using special software. These criminals take the first six digits from a real BIN and then generate different combinations of the remaining account number and checksum to test en masse on eCommerce sites. 

Typically, the currency amounts of the transactions seeking authorization will be small to help them fly under the radar. However, you will be able to catch the fraudulent transactions with velocity checks. These tools check the frequency with which new credit card numbers are coming from the same IP address or with the same associated email address or other such details, revealing and blocking submissions from bots.

Looking to learn more

Beyond BINs and velocity checks, there are plenty of tools and solutions to prevent payments fraud. Head to the AcroCharge website if you’re looking to learn more about payments or eCommerce fraud prevention technology.

Join the Discussion