How many consumers are actually aware this happens though is another topic all together.

Nice post – I do a lot of work in the payment processing industry and have to deal with these kind of issues quite often.

In my experience BINs are not accurate enough (in Europe at least) to reliably determine which bank issued the card BUT they are often used to choose to route transactions through different acquirer networks (e.g. if NatWest charge 2p per Visa txn, 8p for Mastercard whilst HSBC charge 6p for both, send Visa cards to Natwest and all others through HSBC).

Card fraud is a fun place to explore too. Most wannabe fraudsters follow the pattern of making a few small online payments to test out your system, then hit you with a big transaction. They’ll use a few different proxies too, so you can often do some IP geolocation and check whether it was physically possible to transport the card between those locations in the timeframe between payments.

One of the most useful indicators when profiling customers is the return code from the bank indicating whether your transaction succeeded or failed. Just one (00) for a successful authorisation, but another hundred or so for declined transactions. Record and mine that info to figure out who’s running out of money at the end of each month or exceeding frequency limits (an early fraud indicator).

If you’re taking payments online, a word of warning to follow the PCI DSS standards – basically have a very secure network and don’t record any card data – as fines are high and auditing is getting tougher.