|
ISO 7812 is the international standard governing magnetic-stripe identification cards, such as door entry cards, ATM cards, credit cards. Credit card numbers are in fact ISO 7812 numbers.
The format of such a number is as follows.
Maximum length 19 digits.
Major Industry Identifier
First digit: Major Industry Identifier (MII)
| MII Digit Value | Issuer Category |
|---|
| 0 | ISO/TC 68 and other industry assignments |
| 1 | Airlines |
| 2 | Airlines and other industry assignments |
| 3 | Travel and entertainment |
| 4 | Banking and financial |
| 5 | Banking and financial |
| 6 | Merchandizing and banking |
| 7 | Petroleum |
| 8 | Telecommunications and other industry assignments |
| 9 | National assignment |
If MII is 9, then next three digits are the numeric-3 country code from ISO 3166-1.
Issuer Identifier Number
First six digits, including MII, are the issuer identifier. Issuer identifier number (IIN).
The registration authority for issuing IINs is the American Banking Association.
The official ISO registry of IINs, the "ISO Register of Card Issuer Identification Numbers" is not available to the general public. It is only available to:
- institutitions which hold IINs
- institutitions which issue plastic cards
- institutitions which act as a financial network or processor (this later category must sign a license agreement)
Although the register of IINs is not available to the general public, several IINs are well known on the Internet. See Credit_card_number#Credit_card_numbering for some commonly known prefixes of IINs.
Donald E. Eastlake, 3rd, wrote an series of Internet Drafts, the final of which was draft-eastlake-card-map-08.txt (http://www.watersprings.org/pub/id/draft-eastlake-card-map-08.txt) ("ISO 7812/7816 Numbers and the Domain Name System (DNS)", issued Feb 2001, expired Aug 2001), proposing the lookup of card issuers automatically based on the IIN using DNS. Although the domain name for doing this, reg.int, was registered by IANA, the proposal floundered, due to the opposition of the ISO 7812 and ISO 7816 registration authorities, who were concerned that this proposal would make the ISO IIN registry publicly available.
The secrecy regarding the official ISO registry of IINs is probably motivated by concerns of "security through obscurity". However, many would argue this (as all attempts at security through obscurity), is mostly pointless:
- knowing the contents of the IIN registry is of exceedingly limited help in carrying out fraud
- the most common IINs (such as those for Visa, Mastercard, etc.) are already widely known, and someone seeking to reconstruct the ISO registry could find the most common entries just by asking a large number of people to tell them their card type and the first five digits of their card.
Account Number
Account number: digits 7 to second last (maximum length 12 digits).
Check digit
The final check digit is calculated with the Luhn algorithm.
| 
