What's crazy is that we've had public key encryption for over 40 years, and we're still publishing magic numbers on little pieces of plastic that give whoever sees them the power to take all our money without our consent.
Something not clear from the article: The tech already supports longer numbers. Diners, Discover, UnionPay cards already allow up to 19 digits officially. The problem could be in the custom forms which think 4x4 is the right format, but the back-end should "just work" with them.<p>What I really don't understand is why the article makes it seem like a national problem given the prefix is assigned to the companies, rather than countries as such. (Although companies will get ranges and then assign specific IINs countries normally)<p>It seems that IINs are undergoing changes anyway and April 2022 is a deadline for everyone to support 8-digit prefixes correctly.
>the company decided to take makeshift measures such as reusing credit card numbers of discontinued cards after a certain period had passed since cardholders canceled their memberships. However, there are considerable risks of fraudulent usage<p>What are the risks here, and why aren't they already present by someone generating credit card numbers with a RNG? AFAIK credit card transactions are authenticated by at least expiration date and cvv, so there isn't a risk of reusing credit card numbers.<p>>and a source close to the credit card industry said, "Increasing the number of digits is the only real way to deal with the problem. There will likely be a shift toward increasing the number of digits in the first half of this decade."<p>ipv6 deployment all over again
Assuming the last digit is a checksum and the first six are taken by the routing information, that leaves them 9 digits or a billion possible numbers per credit card issuer. Japan has a population of about 125 million. Are Japanese people cycling their numbers so frequently? Or are they big on ephemeral card numbers?<p>Is it not possible for an issuer to get a second prefix if they run out of digits?<p>I also wonder if credit card numbers aren't living on borrowed time anyway. Instead of adding more digits it might make sense to remove the digits entirely and only allow token based transactions. This does assume we figure out a way to do online purchases not using the digits.
Semi-off-topic, but does anyone know about the "churning" culture in Japan vs the US? What are the numbers? Here in the US you can generally expect sign up bonuses of a few hundred dollars, and a return of around 2% on your transactions, with category bonuses up to 5%. What do people get in Japan? I've just Googled it, and apparently some cards get 1 mile per 100 JPY (approximately 1%) - do some get more than that? What about sign up bonuses?<p>To give the European perspective, there's much less "churning", available, partly because of laws that limit transaction fees. Sign up bonuses are usually around $50-$150, and many cards have no benefits _and_ an annual fee. Cashback, if you do get it, is usually 1% or less, with exceptions going up to 1.5% or so.
Beyond assigning IINs more judiciously, credit rating systems could drop the concept of "more accounts = better credit". It would discourage people from opening 7 credit cards to raise scores, when 1 or 2 would do.
This is a ridiculous story.<p>Japan has a population of 150M.<p>If you can't give folks a number from SIXTEEN digits - something is wrong with the folks giving out the numbers.<p>Some answers to the excuses. The 6 digits at front, if a company legit runs out of numbers, ask for another prefix.<p>The reality. Instead of using the numbers properly (random ID to tie to a user account) they are probably putting some kind of structure into the digits that results in very inefficient use.<p>These are the 10 digits available PER PREFIX!<p>1,234,567,890<p>Even with a check digit you are at a billion numbers PER PREFIX! You can't get 125 million folks into this address space?<p>Absolutely pitiful.
>In the case that the number of card digits will be increased, it is necessary to discuss within the industry whether the 16-digit cards that already exist should all be changed into new cards as well, or if the two types can exist alongside each other.<p>This is literally a non issue. Amex cards have 15 digits and a 4 digit CVV I've literally never had any issues with it.
Strange that systems have limitations like this. I know, there's always design trade offs.<p>This is just one of those things that looks like it should be <i>last_number += 1</i>
I'd like a unique card number with every transaction, that I set online to exactly the amount I'm spending. And it expires after that one use.<p>Eliminates risk of 'stealing' a credit card, mostly.<p>But it would use a butt-ton of numbers. Maybe a UUID?
I wonder how this became a problem. Your CC number is not just 16 digits long. It's 16, plus expiration, plus the 3-4 extra security digits, plus your name, plus your zip code. That's quite a lot of entropy.