I'm not sure if you mean "given a database of a lot of people's real credit card numbers, figure out which person made a transaction" (to defeat privacy protections), or "given only the last four digit, predict an entire credit card number with no other information" (to defeat anti-fraud protections).<p>I think the first case is possible because people's purchases tend to be extremely different, while the second case is not possible because the last digits of the card are generated at random. While there is a checksum in use<p><a href="https://en.wikipedia.org/wiki/Luhn_algorithm" rel="nofollow">https://en.wikipedia.org/wiki/Luhn_algorithm</a><p>that only rules out 9/10 of the possibility space, and the remaining 1/10 is still extremely large.