Skip to content

    What is a Bank Identification Number (BIN) and how do I keep it secured?

    Image containing What is a BIN?

    Did you know that the first 4-8 numbers on a payment card, known as the BIN (Bank Identification Number), actually have a specific meaning and purpose? In order to protect yourself and your customers against potential BIN fraud, it is important to understand the meaning of all the numbers on a payment card, and especially the BIN.

    What is A BIN (Bank Identification Number)?

    A Bank Identification Number (BIN) is a set of digits, usually the first 4-8, found on charge cards, gift cards, credit cards, and debit cards. This number identifies the issuer and the bank that issued the card, helping to track cards and transactions. It is regulated by the American National Standards Institute (ANSI) and the International Organization for Standardization (ISO). 

    BINs, also known as Issuer Identification Numbers (IINs), can be used to quickly spot fraudulent charges on a cardholder's account. This ability to quickly identify and stop fraudulent charges is invaluable, as it can prevent financial losses and protect a cardholder's identity.

    How BINs Work

    To oversimplify this, think of BINs as the city, state, and zip code on a piece of mail. The contents of that piece of mail can then be seen as the instructions for either debiting or crediting funds at your bank. 

    Like the postal service, the networks use the BIN to identify where (i.e., the bank that issued the card) to send the instructions for further processing. From here, the issuing bank will use the other details captured from the card to identify which account to debit or credit (per the instructions) and to authorize or decline the transaction. 

    BINs can also carry a slew of additional details about a transaction and about your customers if you leverage a partner with enhanced BIN capabilities. You may be able to see transactional costs, e-commerce restrictions, 3DS eligibility, and more.

    How to Find Bank Identification Numbers

    Look at the first 4-8 digits on any of your payment cards. These comprise the Bank Identification Number. It's a bit more complex than that, however. The BIN actually contains two numbers: a Major Industry Identifier (MII) and Issuer Identification Number (IIN).

    What is a Major Industry Identifier (MII)?

    The Major Industry Identifier (MII) is typically the first number of the BIN and it is usually a 3, 4, 5, or 6. The MII allows the issuing bank to quickly identify the type of card and industry it is intended for with just a single number.

    What is an Issuer Identification Number (IIN)?

    Once you know the major industry, it's relatively straightforward to determine which card network issued a card. There are certain ranges of IINs (Issuer Identification Numbers) associated with each of the major card networks.

    For instance:

    • Visa's IIN range includes all BINs that start with the number 4
    • American Express's range has BINs that start with 34 and 37
    • Mastercard's IIN range covers BINs from 2221-2720 and 51-55
    • Discover Card's IIN range includes BINs that start with 6011, 622126 – 622925, 624000 – 626999, 628200 – 628899, 64, and 65

    Knowing the IIN of a card can help quickly and accurately ascertain the card issuer.

    What’s the difference between 6- and 8-digit BINs?

    Issuers are quickly running out of traditional 4-6-digit BINs, so they are now transitioning to 8-digit BINs. This change will not affect the length of the card number, but rather the digits used to identify accounts. Visa and Mastercard are among the companies making the switch, and all Visa BINs now have 8 digits starting in April 2022. 

    Despite this shift, PCI compliance standards still only allow the first 6 and last 4 digits of the card number to be revealed. This could limit businesses' access to extra BINs needed for fraud protection or other data tracking. Additionally, customers may find it confusing to identify their accounts with the new 8-digit BINs.

    Which Companies Need a BIN?

    Many companies want to issue their own cards to their customers for various reasons. To do this, a company will need access to a Bank Identification Number (BIN), which means that it also needs a bank sponsor. To get a bank sponsor, companies must first have their card program reviewed and approved by a bank. 

    These companies can typically secure these by working with Card Issuing Service Providers, like Lithic, or Banking-as-a-Service platforms, like Unit.

    How to Spot BIN Fraud? 

    Hacker attacks using Bank Identification Numbers occur when they use a known BIN number and append a series of randomly generated numbers to create the appearance of a legitimate card number. For example, they might take a BIN number from Mastercard's IIN range, such as 2221, and add twelve more randomly generated digits. This creates thousands of potential card numbers they can then try online to see if any are valid. 

    One way to spot BIN fraud is to be on the lookout for several small transactions, especially if the frequency and amount is not normal for your business. This could be a sign of fraud, as it may indicate someone is using your website to check card numbers for one that is valid.

    Also, watch for multiple declines in a short time frame. This could be a sign of someone using a stolen card number, as many attempts are being made quickly in the hopes of authorization before the card is shut off.

    Additionally, be aware of unusually large numbers of transactions, which could also signify a potential fraudster. Paying close attention to these signs can help protect your business from fraud.

    How to Protect BINs Against Fraud

    While you can’t protect against fraudulent or stolen credit cards, you can protect your organization from contributing to the problem. Companies can use tokenization to securely store payment card data while retaining the parts of the card number they need for internal use. Tokenization is a secure process that creates tokens, or substitutes for sensitive data, which can be used in place of the original data. 

    Basis Theory offers a third-party tokenization platform that not only stores and encrypts cardholder data (CHD), but allows customers to interact and use their cardholder data like plaintext without exposing themselves to the distractions and costs of PCI compliance. 

    Instead, our configurable tokens can store and keep parts of the payment card information, such as the first or last 4 digits, while removing the sensitive data, making it inaccessible even in the event of a cyber attack or data leak. 

    Stay Connected

    Receive the latest updates straight to your inbox