[Volpe]

https://siftscience.com/docs/rest-api

There is no requirement in their api to supply CC details... so no requirement to be PCI.

So it would be weird if they did mention PCI...

The first 6 and the last 4 is not enough to make a valid CC... And if you are still guessing the last details then it's the same as just guessing the full number. (just you'll get their quicker)

[alttag]

No, but 10 of 16 numbers that must conform to a checksum algorithm significantly reduces the search space to a point that a brute force seems trivial if other information is already possessed (e.g., zip code, or especially, cvv).

[nwh]

The MyKi ticketing system in Australia prints the first 6 digits, last 4 digits, expiry date and full name on it's recepts. I mentioned to them in the past how easily it could be attacked, but the response was "nobody would do that".

[Volpe]

Brute forcing "ALL" the credit card numbers is not hard... Limitiing the search space doesn't make it easier... it just saves a little bit of electricity.