Here is a huge disclaimer at once: this post is NOT about generating a fake CC number to use for online shopping or participating in a scam! Please beware that we are strongly against it and you may be prosecuted for any such attempt.
This article is for generating a “look-alike” credit card number for testing applications where it may be needed, such as shopping carts, online payment processors etc.
The first six digits of a credit card number identify the issuer of the card. It could be a bank, financial or governmental institution, airline, travel agency or even a department store.
The organization responsible for assigning an issuer identification number (IIN) is American National Standards Institute (ANSI). There are lists of some identification numbers publicly available on the web (google “List of issuer identification numbers”).
By looking at the first two digits of the card number it is possible to tell the type of card in most cases. Examples are:
| 4 | Visa |
| 50 to 55 | MasterCard |
| 3528 to 3589 | JCB (Japan) |
| 62 or 88 | UnionPay (China) |
The other digits except the last one constitute an individual account identifier whose maximum length is 12 digits.
The last one is a checksum digit derived using the Luhn algorithm (AKA modulus 10).
Knowing the number of a credit or debit card alone is not enough to make a transaction. For additional security a special code is used to authorize a payment. This code is called differently depending on the card system, such as:
| MasterCard | CVC2 |
| Visa | CVV2 |
| Discover | CID |
The security code can consist of 3 (Visa, MasterCard, JCB, Discover, China UnionPay) or 4 (American Express, Diners) digits, depending on the card type.
Virtual terminals and payment gateways are advised not to store the security code after a transaction. This measure reduces the probability of card fraud.
The security number is not the same as your card’s PIN number.
RandomProfile datasets contain credit card numbers generated in accordance with the above guidelines and will pass a validation check, as well as issuer identification.
Because both the card number, security code and expiration date are generated randomly, there is a next to zero probability that the combination will represent a real card.