- ISO 7812
ISO 7812, first published by the
International Organization for Standardization (ISO) in1989 , is the international standard governingmagnetic stripe identification cards, such as door entry cards,automated teller machine (ATM) cards, andcredit card s. The ISO 7812 is available in two parts, ISO 7812-1 and ISO 7812-2. For the full specification including current additions you need both editions.Credit card number s are in fact ISO 7812 numbers. The maximum length of such a number is 19 digits.A ISO 7812 contains a single-digit "major industry identifier" (MII), a six-digit "issuer identifier number" (IIN), an "account number", and a single digit
checksum . The major industry identifier is considered to be part of the issuer identifier number.Major industry identifier
The major industry identifier (MII) is the first digit of the ISO 7812 number. It identifies the industry within which the card is to be used.
If the major industry identifier is 9 the next three digits are the numeric-3 country code from
ISO 3166-1 .Issuer Identifier Number
The first six digits, including the major industry identifier, compose the "issuer identifier number" (IIN). This identifies the issuing organisation. The
American Bankers Association is theregistration authority for IINs. The official ISO registry of IINs, the "ISO Register of Card Issuer Identification Numbers", is not available to the general public. It is only available to institutitions which hold IINs, issue plastic cards, or act as a financial network or processor. Institutions in the third category must sign a license agreement before they are given access to the registry. Several IINs are well known, especially those representing credit card issuers.Donald E. Eastlake wrote a series of
Internet Draft s—the final of which was [http://www.watersprings.org/pub/id/draft-eastlake-card-map-08.txt draft-eastlake-card-map-08.txt] ("ISO 7812/7816 Numbers and theDomain Name System (DNS)", issuedFebruary 2001 , expiredAugust 2001 )—proposing the lookup of card issuers automatically based on the IIN using the domain name system. Although the domain name for doing this, reg.int, was registered by theInternet Assigned Numbers Authority (IANA) the proposal foundered due to the opposition of the ISO 7812 andISO 7816 registration authorities, who were concerned that this proposal would make the ISO IIN registry publicly available.The secrecy regarding the official ISO registry of IINs is probably motivated by concern for
security through obscurity . However many people argue that this—and any attempt at security through obscurity—is pointless for a number of reasons. Knowing the contents of the IIN registry would be of limited help in carrying out fraud. The most common IINs (such as those for credit card companies Visa andMasterCard ) are already widely known, and someone seeking to reconstruct the ISO registry could find the most common entries just by asking a large number of people to tell them their card type and the first five digits of their card. Such a publicly-contributed IIN database [http://www.bindatabase.com already exists] ; however, it was recently shut down after complaints from MasterCard International that continued access to the site "could expose MasterCard and its member banks to potential fraudulent and reputational risk" and "promoted identity theft." bindatabase.com hopes to reopen the site.Account Number
The account number consists of digits seven to second last, a maximum of 12 digits.
Check digit
The final digit is a
check digit . This is calculated with theLuhn algorithm .
Wikimedia Foundation. 2010.
