ISO/IEC 7812 Identification cards — Identification of issuers was first published by the International Organization for Standardization (ISO) in 1989. It is the international standard that specifies "a numbering system for the identification of issuers of cards that require an issuer identification number (IIN) to operate in international, interindustry and/or intra-industry interchange",1 and procedures for registering IINs.2 ISO/IEC 7812 has two parts:
- Part 1: Numbering system
- Part 2: Application and registration procedures
An ISO/IEC 7812 number contains a single-digit major industry identifier (MII), a six-digit issuer identification number (IIN), an individual account identification number, and a single digit checksum.1 The major industry identifier is part of the issuer identifier number.
The major industry identifier (MII) is the first digit of the ISO/IEC 7812 issuer identifier number. It identifies the industry within which the card is primarily to be used.
|MII digit value||Issuer category|
|0||ISO/TC 68 and other industry assignments|
|2||Airlines and other future industry assignments|
|3||Travel and entertainment and banking/financial|
|4||Banking and financial|
|5||Banking and financial|
|6||Merchandising and banking/financial (Discover)|
|7||Petroleum and other future industry assignments|
|8||Healthcare, telecommunications and other future industry assignments|
|9||For assignment by national standards bodies|
If the major industry identifier is 9 the next three digits are the numeric-3 country code from ISO 3166-1.
The first six digits, including the major industry identifier, compose the issuer identifier number (IIN) which identifies the issuing organization. The IINS was previously called the "bank identification number" (BIN) and some places still use that term.
The registration authority of assigned IINs is the American National Standards Institute,3 but previously it was the American Bankers Association. The official ISO registry of IINs, the "ISO Register of Card Issuer Identification Numbers", is not available to the general public. It is only available to institutions which hold IINs, issue plastic cards, or act as a financial network or processor. Institutions in the third category must sign a license agreement before they are given access to the registry. Several IINs are well known, especially those representing credit card issuers.
Donald E. Eastlake wrote a series of Internet Drafts—the final of which was "ISO 7812/7816 Numbers and the Domain Name System (DNS)"4 (issued February 2001, expired August 2001)—proposing the lookup of card issuers automatically based on the IIN using the domain name system. Although the domain name for doing this, reg.int, was registered by the Internet Assigned Numbers Authority (IANA) the proposal floundered due to the opposition of the ISO/IEC 7812 and ISO/IEC 7816 registration authorities, who were concerned that this proposal would make the ISO IIN registry publicly available.
The secrecy regarding the official ISO registry of IINs is probably motivated byoriginal research? concern for security through obscurity. However, many peoplewho? argue that this—and any attempt at security through obscurity—is pointless for a number of reasons. Knowing the contents of the IIN registry would be of limited help in carrying out fraud. The most common IINs (such as those for credit card companies Visa and MasterCard) are already widely known, and someone seeking to reconstruct the ISO registry could find the most common entries just by asking a large number of people to tell them their card type and the first five digits of their card. Such a publicly contributed IIN database already exists;5 however, its precursor was recently shut down after complaints from MasterCard International that continued access to the site "could expose MasterCard and its member banks to potential fraudulent and reputational risk" and "promoted identity theft."citation needed
The account number consists of digits seven to second last, a maximum of 12 digits. The account number is allocated by the card issuer.