| Please don't rely on this. For example of the extra detail that is really involved, see: http://en.wikipedia.org/wiki/List_of_Issuer_Identification_N... - e.g. 504837 is ATM only despite looking like a MasterCard. Card identification also occasionally changes - Diners was bought by MasterCard, Visa used to be 13 digits, etc. I'd be really wary of hard-coding this anywhere. If it passes the Luhn algorithm and the first digit is ok, consider just passing it on to your processor and seeing if it gets approved. Add a black list of known-not-to-be-valid prefixes if you'd like. But a whitelist of valid prefixes will break one day without warning while also not really being the full list of valid prefixes you think it is. If you really need to be doing this, you can pay for a regular feed from a processor, but the only use case I've ever seen for truly needing that was to identify debit cards by number. I've had cashiers force through faked manual auths on 19 digit private bank debit cards, which I assume is fraud disguised as incompetence. But I think dealing with a few weird cases (with proper auditing in place) is better than declining a legit card because they expanded the valid prefixes and your code wasn't updated. |
MasterCard didn't acquire Diners, it was just a partnership where Diners cards were branded as MasterCard and processed through MasterCard's network. Later Discover acquired Diners, and now they're processed through Discover's network.
But fair point - brand prefixes occasionally change, and if you hardcode them they'll eventually become out of date.