

Ribbon BIN API – Find out how your customers are paying - kloncks
http://bins.ribbon.co

======
brryant
Very cool! But unfortunately the reality is most startups never capture the
first 6 numbers of credit cards if they are using a payment gateway (stripe,
recurly, etc). Do you have ideas on how we can access the BIN without
compromising security if we're using said services?

~~~
yookd
Hi, I'm David, one of the engineers at Ribbon.

If you use any payment gateway, you need to send the full credit card number
from the client so the gateway can return a token that identifies the card in
their vault.

You can do the same and write some JS to get the first 6 numbers and send a
GET request to our API without compromising security. The BIN (first 6 numbers
of credit cards) is not considered the primary account number so it's safe to
send (and even store).

~~~
kirkbackus
Can I store a BIN and associate it to a customer without breaking PCI
compliance?

~~~
duskwuff
You're allowed to store up to the first six and last four digits of a credit
card number without encryption.

~~~
bradbeattie
[https://www.pcisecuritystandards.org/documents/pci_dss_v2.pd...](https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf),
PCI DSS 3.3 would seem to be the most applicable section here.

------
kloncks
We built this internally for our needs, then decided to give it out to any
service that needs similar functionality. The first six cards of any card
tells us some interesting information on the identity of the card, such as
type (debit/credit), brand (amex, visa), country (US, ES, GA), and issuer bank
(chase, wells), etc.

This would be of good use if you want to do things like, block international
cards, charge less for debit cards, or generate more analytics about how you
get paid.

We're giving it away for free for most practical purposes, up to 1,000
requests a day. If you want more, just shoot us an email, hany@ribbon.co

~~~
whisk3rs
Where do you get the BIN data?

~~~
kloncks
A bunch of different sources, including some bank databases. We also have to
update it regularly.

------
zachperret
This is neat! How does the data differ from
[http://www.binlist.net/](http://www.binlist.net/)? More current?

~~~
kloncks
Bigger database, more current, more updated, easier to deal with, among other
things :)

------
nijiko
Way easier and more secure to simply use scripting to do this locally.

------
Atlas
This is very useful data if you are doing payment aggregation. Per association
rules, you cannot discriminate against different card types.

~~~
kloncks
We charge less for debits vs credits, rather than giving a different fee for
Visa vs MasterCard.

------
robkao
this is super sweet! will give this a shot in our app.

