Can a crook get your entire credit card # by just knowing the last 3-4 digits?

You might be able to use some social engineering to get the full number if you have an authorization code, but it would take some work.

My BofA Visa starts with 43XX-.

Our library system requires a PIN number to self-checkout or log on to use a computer. Of course, our self-serve hold slips only show the last four digits of a library card number which has 8 significant digits for most people.

As to who you should report the security holes in your system’s … system to, start at the Director’s Office.

Nifty site, but there is one inaccuracy – or rather, an update needed. Visa no longer has 13 digit account numbers; all are 16. About eighteen months ago all of our terminals’ software was updated to accept only 16 digit Visa card numbers. This was not considered vital enough to call out and make sure everyone got updated, but if someone calls in, and we notice that they have the old version in their terminal, we are to encourage them to update. Master Card and Discover are 16 digits, AmEx is 15.

The check digit uses the Luhn algorithm. Here is Wiki on the subject. It’s quick and easy to calculate, and will catch any single-digit error, and all two-digit transpositions but 09/90.

I don’t see how. The authorization number is six digits (sometimes a letter or two will get into the mix). With the hundreds of millions of transactions every day, those authorization numbers are going to be repeated many times a day at the same bank, never mind at more than one bank. As people have pointed out, if it was a worry, the authorization number would not be printed on the same receipt as the truncated credit card number. That would be as dumb as writing your PIN on the back of your debit card.

Nope - the authorization number has no relationship to the credit card number.

Doh! That’ll teach me to oversimplify - they’ve obviously expanded usage over the last few years, and I had a brain-fart about the debit ranges. At any rate, if you know the acquirer brand and the issuing institution you can have a good go at figuring out the prefix of the cardnumber, and the more digits you can pin down, the easier it is to guess the whole cardnumber.

But at the end of the day, the risk of someone going to all this trouble is essentially irrelevant - phishing, skimming, videoing ATMs/POS terminals, dumpster diving and hacking are generally the way people get cardnumbers. Why spend hours cracking one card number when you can get thousands for less effort, and often the PINs/addresses to boot?

Anyone who worries about the last four digits is high-hanging fruit that doesn’t know how much really low-hanging fruit there is in the world.

So the OPs friend is a high-altitude fruit?:smiley:

I cannot throw much light on the op but as a recent victim of credit card fraud I would like to add a couple of things,
I’m one of those people who uses their card infrequently and always pay the balance at the end of the month so I tend not to keep a close eye on what’s happening with the card.
To cut a long story short I was defrauded for quite a bit of cash, panic ensued it all got sorted but here’s the thing the fraudsters had been in touch with my bank pretending to be me and changed my address to another city.
When I asked the fraud investigator how they had managed this as surely they would have to answer some security questions this is what he said , if your card has had its details stolen then they know your name and address from that they can look at the electoral register and find out your age etc. the most common security question is ….what is your mothers maiden name. given that they have your name address and age its then quite easy to pay a small fee to get a replacement birth certificate and then they have your mothers maiden name.
The advice I was given was to have the security question as what is your mothers maiden name but then to use something completely different a favourite pets name or so, that way they will never be able to alter your details to commit fraud.

As a law enforcement member, and a person trained in credit card fraud detection, there are a number of ways people can get your numbers. The biggest way is dumpster divers retrieving discarded receipts. Make sure that when you sign your receipt, that you totally scratch out the credit card number on it. Don’t worry, the merchant already has it in their electronic log, and they have been paid. Destroy any part of the number, expiry date, and your name. This is some of the easiest way to prevent being a victim of fraud.

See below for more info.

http://en.wikipedia.org/wiki/List_of_Bank_Identification_Numbers

The above shows the first digits of the credit card numbers, and what bank they belong to. There are credit card number generators, as well as CVV generators available (do a search). It basically would come down to nailing the expiry date then.

It isn’t very hard.

Now you know why the interest rates are so high, so that they can “make up” for the losses they write off to fraud.

Which shouldn’t be on there in the first place or it is a violation of the PCI Data Security Standard.