tiredofthebs

Reused account numbers

Recommended Posts

Has anyone read anything about Capital One reusing account numbers? Example if an account has been closed for 10 or more years they bring it back to life for someone else to use.

Share this post


Link to post
Share on other sites

Given that there is a limtied set of numbers it is possible they may recycle old closed account numbers.

A credit card number is based on the ISO7812 standard for magstripe readers. Since a credit card number is comprised of 14 to 16 digits, that means a unique account number only makes up 7 to 9 digits.

The ISO7812 standard includes a single digit for the Major Industry Identifier (MII), five digits for the Issuer Identification Number (IIN), and one digit as a checksum. That uses up 7 digits of a credit card number right there -- the first six numbers on a card are exactly the same on every card issued by that company. The last number is the checksum.

So that means the is a maximum of 999,999,999 unique account numbers if they use the 16 digit card block (which is the largest allowed by the ISO7812 standard).

Share this post


Link to post
Share on other sites

Very Possible. Same goes for bank account numbers.

Share this post


Link to post
Share on other sites

So that means the is a maximum of 999,999,999 unique account numbers if they use the 16 digit card block (which is the largest allowed by the ISO7812 standard).

It's actually more probable than that...

Most credit cards are broken down as follows:

System number--

A four digit number not seen in the account number. (A number assigned to the credit card that is only visible to banks and processors)

The actual 16 digit card number is [almost always] as follows

Four Digit - Prefix Number.

Two-Digit - Principle Number (Prin).

Three-Digit - Agent Number (Agent).

Seven Digit - Unique Customer Account Number. In this number, there is a check sum, although it is not always the last number. However, having a check sum, necessarily places constraints on the other categories... and limits the total combinatorics possibilities even further....

One other point of interest not related to this topic is: by taking the 7 digit unique customer account number, dropping the check sum digit and adding an arbitrary 1-2 digit number, you now have a number with which you can send ACH/Wire Transfers to your credit card provided you know the ABA R/T for that product/issuer... which is interesting, if nothing else...

The first 4 digits are the same; not the first 6. And, this also depends on issuer, but it isn't the same for each card issued by that issuer...

For example, and I'll use Chase (because I'm not affiliated with them in anyway and because they're so large this is mostly common knowledge)

All Chase Visa Signature start

with prefix 4147, although, if they run out, 4148 is reserved... I don't know if they made it there, yet or not.

All Chase Visa credit card products start with

4266,4267

All Chase Visa check card products start with

4060,4061

Then, products are grouped into different types and the "Prin" is used for those groups. Hypothetical example: all Chase Rewards credit cards opened after 2005 might start 426684...

a unique account number only makes up 7 to 9 digits.

Actually, a unique account number is almost always 7 digits regardless of the length of the card number, for reasons I won't get into here. Further, as outlined above, those 7 digits cannot be completely chosen at random.

Note: all of these product types also have a different internal system number used in processing. This is contained both in the mainframe software and in the magnetic stripe. Therefore, even if a card had exactly the same 16 digit number, (which is unlikely, because they would normally simply create a new prefix), the system number would be different, as they would certainly at least change the system number--one would hope..

Note: the CVV1/CVV2 values (one stored on the card, one stored in the card) are for the most part randomly derived, adding another category, and while these aren't required to make a purchase, it is required for verification, and it is tracked by the issuers on the authorizations... most merchant's require these, as it is an almost guaranteed charge back, if they don't...

Note: Even if someone reproduced a plastic card that had the exact same full 16 digit account number as you, and even if someone reprogrammed the full system number into the stripe, as well as the account number and both the CVV1 and CVV2, and even the expiration date... that would still only qualify for a "track 2 read". "Track 1" is still necessary for the card to qualify as being "magnetically present/swiped". Track 1 contains the customer's name, and other identifiers, often MMN and DOB... and reprogramming Track 1, even if you were smart enough and premeditated enough to do all of the rest wouldn't be a walk in the park. Without reprogramming Track 1, yes, the card might authorize, but the card reader would spit back the message "Authorization Approved--not verified by issuer as swiped", or similar. That would be the merchant's cue not to accept the card. Note: this is perfectly legal for the merchant not to accept the card in this instance.

If the merchant does accept the card, then a charge back is probably on the way in 30-60 days... either way, the customer doesn't get screwed. So, it isn't the doom and gloom scenario. It goes without saying that, if you're going to run a large business and if you're going to accept credit cards, it is important to train your associates in compliance...

In the almost impossible scenario that someone could reproduce a plastic and reprogram the magnetic stripe for track 1 and track 2, then there is the potential for real fraud that cannot be recovered. I am unaware of any scenarios where this has actually happened.

The point is: the systems were adequately designed. It's the people using the systems that are flawed, and the end result is fraud.

To get back onto the original line of thought in this topic:

If someone had exactly the same account number on a brand new card that you once had on your old card, it wouldn't affect anything. That is because all of the information about the account is stored in mainframe software and not on a "smart chip" located on the card, etc. The issuer would simply move the old account number "offline" and make way for the new account number. The chances of the information being confused for someone else's is not at all possible. That is, there would never be two active accounts with the exact same number.

Share this post


Link to post
Share on other sites
IThe first 4 digits are the same; not the first 6. And, this also depends on issuer, but it isn't the same for each card issued by that issuer...

For example, and I'll use Chase (because I'm not affiliated with them in anyway and because they're so large this is mostly common knowledge)

All Chase Visa Signature start

with prefix 4147, although, if they run out, 4148 is reserved... I don't know if they made it there, yet or not.

All Chase Visa credit card products start with

4266,4267

All Chase Visa check card products start with

4060,4061

Then, products are grouped into different types and the "Prin" is used for those groups. Hypothetical example: all Chase Rewards credit cards opened after 2005 might start 426684...

Dude, I was trying to keep it simple. I also had to be careful not to violate a NDA that I am bound to. I learned about how card numbers work from an IT project I was on and there are limits to how much info I can disclose. :ah:ah:ah:

But you essentially said the same thing I did with more detail. Once you add the 4 digit IssueID to the Prin you get 6 digits....which are always the same for that company's product.

Share this post


Link to post
Share on other sites

LOL, I know how you feel. Sometimes, I'd like to add more, but I just can't...

I didn't give away anything that someone couldn't get by surfing the internet vigorously... or by reading ISO/ANSI standards at a university library. The above is largely public knowledge... going into further detail might pose a problem, as the information becomes proprietary...

Another interesting point about account numbers...

Since account numbers identify which product type you have, and even which portfolio strategy (a whole 'nother ball of wax)... often times, subprime applicants get assigned account structures that cannot be transferred to another product type and cannot be changed to a different strategy...

An example of this is the low limit Capital One cards... you could have the card for years and your FICO could rise to 800, with 6-figure income, and if you want a higher limit or better APR, you still won't be able to keep the history on that account number; instead, you'd have to take a new app and have a new account structure built. (preferably not with Cap one, but it's up to you)

A less drastic example is let's say you open a credit card with a limit of $500, and the limit increases to $1000, then, $2000, then $3500... then you don't get a CLI for months... then out of the blue, you get "pre-approved" for a new card with a $4,000-$5,000 limit. You now say to yourself, "stupid, stupid comany... left hand doesn't know what the right hand is doing"... Well, that's not the case at all. They have simply noticed you deserve a CLI, but are limited in offering another CLI to that strategy, so they send a pre-approval for a whole new account with a new history. There are those who think it foolish to accept this new card as it would be a brand new account and would lower the average age of account, and would lower the FICO, (which is true) but accepting this card is probably wise, as it's almost always going to come with stronger benefits and a real potential for serious account upgrades...

I don't think I articulated that well, and I don't much care; it's after midnight on Saturday... further, I'm ambivalent about providing any more detailed information, as we start to tread into topics in which a layperson would be clueless..

Share this post


Link to post
Share on other sites

"You now say to yourself, "stupid, stupid company... left hand doesn't know what the right hand is doing"... Well, that's not the case at all. They have simply noticed you deserve a CLI, but are limited in offering another CLI to that strategy, so they send a pre-approval for a whole new account with a new history."

Hey hey there... I think you are quoting me since I recently said, "Stupid, stupid WaMu..."

Just so you know, it's not that I think they don't "know" what they are doing. I know it's a complex set of programs. I didn't really think that they "mistakenly" or "stupidly" or in any way erroneously or through a true oversight or problematic (to them) loophole offered me another card while simultaneously raising my rate on another.

I was just deriding the system that allows them to make "business decisions" (most likely never looked at by a set of human eyes.) I am sure if I were running their business, I'd love it and embrace it. But as a consumer, I enjoy griping about it. Because from my perspective, it would be simpler for both me and WaMu to just keep my rate low on the first card, raise the limit a little, or something like that, but no one there wants to take the time to actually review the situation and make decisions that take 5 seconds to think through. Programs being cheaper to run than paying people to sit at a desk and think, I am sure. It seems convoluted and unnecessarily complicated, the cumbersome way that they (and their risk management programs) prefer to do things.

Share this post


Link to post
Share on other sites
"You now say to yourself, "stupid, stupid company... left hand doesn't know what the right hand is doing"... Well, that's not the case at all. They have simply noticed you deserve a CLI, but are limited in offering another CLI to that strategy, so they send a pre-approval for a whole new account with a new history."

Hey hey there... I think you are quoting me since I recently said, "Stupid, stupid WaMu..."

Just so you know, it's not that I think they don't "know" what they are doing. I know it's a complex set of programs. I didn't really think that they "mistakenly" or "stupidly" or in any way erroneously or through a true oversight or problematic (to them) loophole offered me another card while simultaneously raising my rate on another.

I was just deriding the system that allows them to make "business decisions" (most likely never looked at by a set of human eyes.) I am sure if I were running their business, I'd love it and embrace it. But as a consumer, I enjoy griping about it. Because from my perspective, it would be simpler for both me and WaMu to just keep my rate low on the first card, raise the limit a little, or something like that, but no one there wants to take the time to actually review the situation and make decisions that take 5 seconds to think through. Programs being cheaper to run than paying people to sit at a desk and think, I am sure. It seems convoluted and unnecessarily complicated, the cumbersome way that they (and their risk management programs) prefer to do things.

I might have been talking about you... I don't honestly know. I probably was...

I'll elaborate a bit:

In your example, you have two cards. One of them was underwritten [at the time the account was opened] to an account structure and subsequent portfolio strategy that was less than prime.

As your credit improved, you were offered a card with a better portfolio strategy [break your two accounts down according to the number structure outlined above, and you can see which categories changed... for your curiosity only, as you won't have enough info to dissect the differences]

The rate jack on the other card had nothing to do with you. It had to do with that entire portfolio being raised. When they raise an entire portfolio at one time, it doesn't qualify as an adverse action against you as an individual, and isn't subject to the same notices and/or disclosures. Raising the rate on an entire portfolio is more cost-effective and easier to manage than reviewing every cardholder's account individually... [you also lose any rights to "opt out" of this change in agreement due to TILA, etc...]

I only recommend secured cards for rebuilding credit. One reason is: who wants a subprime card? Another reason is: who wants a card from a prime issuer that is underwritten to a subprime strategy?

These $300 Cap1 Cards... $200 Target Cards, etc.. aren't worth the plastic they're produced from..

Again, secured lines and loans, and then prime cards. No middleground! But, that's just me, and I'm picky in who I do business with. Note: this will also help you to build savings, and will force you to keep the savings while the security deposits are in effect, which is also very important.

Further, one thing I do everytime I'm approved for a new account, I call the credit department or "re-con" department and very clearly state [i use underwriting jargon, but you don't have to] that I want the best terms available for the product that I applied for. I then fax to the attention of an underwriter: proof of income, tax returns, W-2, verification of deposits and/or assets and sometimes credit reports from the other 2 CRA that I know they didn't pull...

This ensures that I get the best possible strategy and the best possible credit agreement that I can qualify for. If after doing this, I receive a letter of adverse action, then I know I didn't qualify for the best possible strategy...

Share this post


Link to post
Share on other sites
It seems convoluted and unnecessarily complicated, the cumbersome way that they (and their risk management programs) prefer to do things.

It only seems that way until you see the big picture.

There are two sets of customers that banks really like. Those who have outstanding profiles, 780+ CB scores and significant assets. True "transactors" [as opposed to "revolvers"] who use the credit card frequently, but only as a convenience--usually for the rewards and the consumer protections.

And, those who carry a balance for years, but always make the payments, sometimes late, but they pay the late fees, etc. [some of these customers charge off, but in the scheme of things, that's OK...]

Anybody in the middle is not appreciated by the issuer, and they would rather have you close your account. [Let this sink in before you threaten them that you will close your account if your late fee is not taken care of....] 1. Their risk profile is harder to gauge than either of the above categories. This makes them more expensive in terms of the cost-benefits. It costs to service the account, and it's harder to predict the cost of collection or the amount of capital needed to offset losses, etc. 2. By their nature, they're also not as profitable as either of the above categories.

Really, issuers would prefer that all customers be frequent transactors with high scores. But, the reality is that due to loosened credit regulations, they rely on extreme revolvers to offset unpredictable losses incurred from those in the middle strategies...

As guidelines tighten, it's interesting, and somewhat comical to watch how the issuers treat those with average profiles and average scores... and it's even more interesting to see how these "Joe Consumers" respond to it...

Share this post


Link to post
Share on other sites

I'm glad you are getting a good chuckle off us, then.

*by the way, I did get a notice and was told I could opt out.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.