The first several digits of credit cards identify the issuing bank, and is commonly referred to as the Bank Identification Number (BIN), but also generically known as Issuer Identification Number (IIN). As fintech services have proliferated, more issuers have come online. Historically the first 6 digits have been reserved for BINs, but quickly the major card brands realized that they would run out of possible combinations.
As a result, the major card brands decided that the first 8 digits should be used to represent BINs and would provide a wider range of combinations. However, a transition from 6 to 8 digits would be complex and take time.
Several years ago, the major card brands agreed that April 2022 would be the date in which all new BINs would only be issued with 8 digits. 8 digit BINs had been issued prior to April 2022, but there was no rule enforcing it; as a result 6 digit BINs could have also been issued.
To be clear, April 2022 is not a cutover from 6 to 8; a vast majority of BINs in existence will remain 6 digits for the foreseeable future, but April 2022 represents a point where 8 digit BINs need to be taken more seriously.
What is the impact for merchants?
While 8 digit BINs will become more common after April 2022, transactions will remain the same for merchants. For example, because Spreedly distributes the full 16 digits to PSPs, gateways, and receivers, the distinction of 6 vs 8 digits does not matter with regard to Spreedly transmitting the data.
BINs are used by merchants to tell them information about the issuing bank, such as country, and card type (prepaid, gift, credit, etc). Spreedly has always offered the first 6 digits of credit cards for merchants to perform their own BIN analysis (this is in the API response as `first_six_digits). The analysis has historically been the merchant's responsibility, meaning we supply the digits and then some merchants use a BIN Lookup Service to determine the issuer of a card.
The introduction of 8 digit BINs can complicate this process, since a BIN is no longer guaranteed to be only the first 6 digits of a PAN.
PCI rules have made it permissible for Spreedly to share more digits with the merchant. Spreedly will be offering a new field on the payment_method called `issuer_identification_number` that will return the maximum allowable digits under PCI guidelines.
This will not replace `first_six_digits` as doing so could break merchants' applications that are relying on that element. This new element is now available. However, if a merchant has concerns, we can disable the element per environment until they are ready to consume the new field.
It is important to note that returning the maximum digits is not the same as determining if it’s 6 or 8. The card networks will still support both possible values. A vast majority of cards will still be 6 digits in early April, but that will change over time as networks only issue 8 digits going forward.
Need more details? See our 8 digit BIN documentation.