Domain: merriampark.com
Stories and comments across the archive that link to merriampark.com.
Comments · 8
-
Re:I'd rather use
There are enough numbers. Each issuer has 1 trillion numbers and there's about a million possible issuer numbers... there's a useful description of the anatomy of credit card numbers at http://www.merriampark.com/anatomycc.htm
-
Impressive, not *too* surprised
Okay, guessing all 9 digits is good, so I'm not downplaying the success of this research. My sister and I were born 3 minutes apart and our SSNs are 20 values apart.
But the first 5 have always been not too difficult for some areas as it's based on date and location of birth (or date of issue, but there's obviously a correlation between the two). This makes it invaluable as a social hacking tool.
Just like the easy-to-guess Soundex numbers found on many state licenses, as well as the fact that credit cards use a system for numbering, simply correctly identifying the first few digits of a number can sometimes gain someone's trust ("Okay, I'm going to verify the first 4 digits of your Driver's License, but I won't disclose the whole thing over the phone. After I've verified this information, I will need...")
-
Re:PCI DSS
Oops, you just killed a valid webpage:
http://www.merriampark.com/anatomycc.htm*grumble* trigger-happy regexp jockeys *grumble*
-
Re:Credit cards suck
There are 16 digits, sure, but the first 6 digits are essentially the issuer- the last digit is the check digit.
There are really only 9 digits in the account per issuer. It's still quite a lot, but not the vast amount you state.
http://www.merriampark.com/anatomycc.htm -
Re:Pollute the phishing sites
Well, I wouldn't write "f**k you spammer" or anything like that, it makes your entries distinguishable. If you want to ensure having a correct credit card number (except for the CVV code, bug the phisher couldn't verify those directly anyway), you could use something like this quick dirty hack I wrote up a few months ago to spam a phishing site using simple wget queries. To read up on the format of valid credit card numbers, see for instance this article on the anatomy of credit card numbers. The following code worked for me to create numbers that were accepted by a phishing site I spammed:
my $cc = substr("000000" . int(rand(1000000)), -6); # Any format
# Add 9 digits for the account number
$cc .= int(rand(900000000))+100000000;
# Check digit: Luhn Code
my $checknum = 0;
for (my $j = 0; $j < length($cc); $j++) {
my $val = substr($cc, $j, 1);
if ($j % 2 == 0) {
# These will be doubled
my $v = 2*$val;
$v -= 9 if ($v > 9);
$checknum += $v;
} else {
# These will just be added normally
$checknum += $val;
}
}
# The last digit should add up to a multiple of 10
$cc .= ($checknum%10 != 0)?(10-($checknum%10)):'0';
# Output an expiration date (arbitrary, 2007..2015)
my $month = int(rand(12))+1;
my $year = qw(2007 2008 2009 2010 2011 2012 2013 2014 2015)[int(rand(9))];
# Random CVV2 code
my $cvv = substr("000" . int(rand(1000)), -3); -
Re:Retribution
Credit card numbers have a number of properties encoded in them, including a simple checksum. It would take only a trivial amount of processing to rule out the vast majority of the numbers generated by your script.
-
What happens to the credit cards?
Their numbering must eventually end and what will happen then?
For VINs 'doppelgangers' might be a solution, using some other marker to identify in conjunction with the VIN, like the area those VINS were issued in.
Remembered a link here to credit card numbering logic, interesting read. -
Re:Credit cards
Actually the first digit doesnt always tell what kind of card it is. You can also work the checksum algorithm from simply the numbers (This is called the Luhn alogrithm). The way credit cards are usually handled is as follows:
(where the numbers are the first numbers of the credit card number)
Visa - 4
Mastercard - 51-55
Discover - 6011
Amex - 34
In fact credit card companies have a specific range of numbers to pull from, clubs have another range, and there a few other number ranges that are broken up... see:
http://www.merriampark.com/anatomycc.htm for a better indepth overview.