← Back to context

Comment by SyneRyder

5 days ago

It's up to the company, but since many companies don't want to keep card numbers around (and some processors don't let you see the card number anyway), they're probably more likely to block on identity. Maybe flag the IP address of the transaction for "additional screening" on all future transactions, etc.

5 comments

SyneRyder

Reply
master_crab  5 days ago

IPs are notoriously unreliable for identity pinning, particularly in this age of CGNAT.

If they can’t or don’t want cc numbers (makes sense considering how painful PCI guidelines are anyway) does that mean they need to rely on more tools from the processors or user accounts maintained by the merchant themselves?

nubinetwork  5 days ago

CC numbers are also bound to get recycled eventually as cards expire and/or get replaced... even if you block a card, it might have a new owner 6 months or so later.

  • ValentineC  5 days ago

    The number space between the first 6 digits (BIN) and the Luhn check digit is 9 digits — that's 1 billion numbers that issuers can give out before a collision happens.

    • Marsymars  4 days ago

      That doesn't seem to be more than an order of magnitude off between available numbers and issued cards - a cursory search says there are over a billion credit cards in circulation in the US alone.

      1 reply →