The specification for credit card numbering is governed by the International Standards Organization (ISO/IEC 7812-1:1993) and the American National Standards Institute (ANSI X4.13). These organizations do not make their standards public. The following information comes from my experience in working with electronic commerce for more than 15 years.
The first 6 digits of your credit card number (including the initial MII digit) form the Issuer Identifier Number or IIN. The IIN is also referred to as the Bank Identification Number or BIN. These digits identify which organization issued the credit card. You can lookup the issuing organization on the Internet using a BIN Database service ( ). In electronic commerce the BIN number can be very useful.
You can use the following card numbers to test transactions in the test environment only. When using test cards, you can specify an expiry date up to seven years in the future. The test cards do have a card verification code and issue number.
Carding, a term used for a process to verify the validity of stolen card data, is typically picked up by gateway providers by identifying multiple transactions from a single IP address or too many transactions in a certain number of minutes. Carding is not really viable due to widespread use of additional data such as the billing address, the card's expiration date and/or the 3 to 4 digit Card Security Code/CVV. BIN attacks are no longer viable because credit card issuers randomly generate the card numbers. Identity theft via application fraud and account takeover is not detectable by the merchant. Card not present transaction fraud has been thwarted by use of the name on the card, expiration date and the Card Security Code/CVV. Other than identity theft, the single biggest area for fraud in 2011 is gift cards (many are purchased with stolen credit cards). We use every available technique to avoid fraud. All but installment transaction fraud is handled by the credit card gateway. We use BIN data to combat against installment transactions (e.g. shipping only 30-day trials or two/three pay offers).