Fintech Guide to Bank Identification Numbers (BINs)

When you’re building a card program, one of the first major sets of decisions you’ll make is around Bank Identification Number (BIN) sponsorship, which includes finding a bank partner.

For fintech operators looking into card issuing, there’s a lot to consider. Having a clearer understanding of how BINs work can often impact how you design your card program, and launch it more quickly.

This guide covers:

• BINs and BIN ranges
• Types of BINs
• Shared vs. Dedicated BINs
• BIN sponsorship
• Card program management

What is a Bank Identification Number (BIN)?

A Bank Identification Number is a proprietary sequence of numbers used on payment cards to signal to other participants in the payment system which bank has issued a card.

A BIN’s placement as the first 6 to 8 numbers on a payment card identifies the card network and the issuing bank. A BIN is the property of the partner bank and the card networks.

In the US, BINs are only issued by chartered banks. In other parts of the world, payment cards can be issued by other types of non-bank entities and are identified by Issuer Identification Numbers (IINs).

The 16-digit Primary Account Number (PAN) is made up of four components:

• Major industry identifier (MII): identifies the card network. American Express's MII is 3, Visa is 4, Mastercard is 5, and Discover is 6.
• Bank identification number (BIN): identifies who issued the card.
• Account identifier: identifies the individual account.
• Validator digit (checksum): Issuers put the first 15 digits into a formula called the Luhn Algorithm, which produces the validator digit.

Who needs a BIN?

Any company that wants to build a card program needs access to a BIN, which by definition means that the company also needs a bank sponsor. Getting a bank sponsor involves having a bank review and approve your card program.

If you’re acting as your own program manager, you work with the bank directly. If you’re working with an issuer processor or with a Banking-as-a-Service (BaaS) provider that is also acting as your program manager, this is part of the service they provide.

What’s the difference between a 6 digit and an 8 digit BIN?

Historically, BINs and IINs were 6 digit specifiers. In 2017, the International Organization for Standardization / International Electrotechnical Commission (ISO/IEC) Joint Technical Committee changed the standard (ISO/IEC 7812) from 6 to 8 digits in anticipation of an expected shortage in the available supply of IINs.

What is a BIN range?

A BIN range is a subset of an entire BIN. A single 8-digit BIN has room for ten million unique card numbers. This is typically more than enough capacity for any individual card program. Typically, 8 digit BIN ranges are assigned at a program level. If you're working with a program manager, it's actually possible for many companies to share a 6 digit BIN.

What is a BIN sponsorship?

A BIN sponsorship means that the sponsor bank has approved your card program and allocated you a dedicated BIN or a BIN range on a shared BIN.

Types of Bank Identification Numbers

There are 6 primary types of BINs that are determined by how the card will be used (consumer or commercial) and how the card will be funded (prepaid, debit, or credit). Here are some common use cases for each:

1. Consumer prepaid: gift cards, corporate incentives/rewards
2. Commercial prepaid: bill pay, group purchasing, media/ad buying
3. Consumer debit: neobank, on-demand services, crypto
4. Commercial debit: expense management, neobank, crypto
5. Consumer credit: BNPL, credit-builders, crypto
6. Commercial credit: expense management, BNPL, online travel

How the card is used (Consumer or Commercial)

Cards can be used either for consumer or for commercial purposes, and the use cases are pretty clear. A business purchasing items or making payments is commercial use. An individual purchasing items or making payments is consumer use.

We frequently talk with companies who want to get on a commercial BIN because the interchange revenue is higher. There is generally not a gray area between consumer and commercial use cases, but we’ve written in depth about maximizing interchange revenue.

How the card is funded (Prepaid, Debit, or Credit)

There are three types of funding methods: prepaid, debit, and credit. Credit has the highest merchant acceptance rate; prepaid has the lowest.

Shared vs Dedicated BINs

A BIN can be dedicated to a single company or can be shared across multiple companies. We talk with a lot of companies who believe that they need to be on a dedicated BIN. That may be the best solution for some but it’s important to understand the pros and cons of each option.

A dedicated BIN can be the right decision if you know from the start that you’ll need more than 1 million account numbers very quickly.

Companies also push for dedicated BINs because they think that switching sponsor banks is easier with a dedicated BIN. The reality is that there is always friction in moving banks, and this is especially true when there are physical cards involved. Because physical cards are printed with the sponsor bank’s name, if you change banks they will need to be reprinted and reissued, and you risk losing a certain percentage of customers.

Another reason that companies opt for a dedicated BIN is if they’re concerned that they may have to share a BIN with companies that could have higher rates of fraud than their own. This can result in the entire BIN being blocked by merchants, not just the range used by a company with higher fraud rates. If you’re considering a shared BIN, ask how the card issuer screens companies and how they combat fraud.

How to get a BIN sponsorship

Convincing a bank to be a BIN sponsor for your card program involves finding a bank with revenue goals that are aligned with your program. For example, if a bank is looking to increase its deposits in order to increase its interest revenue, bringing them a card program that isn’t connected to bank accounts is not going to be very attractive.

However, a bank looking to increase revenue through transaction fees would be much more interested in this program. As a rule of thumb, banks are likely to want a minimum of $75 million in deposits or $5-$10 million a month in transaction volume. In your first meeting with a bank, ask them what their revenue goals are; most will be happy to tell you.

Banks will also want to really understand your product and proposed customer audience so they can assess the risks inherent in your program. The bank will also want to know what is the ultimate source of the funds that are being spent on the cards. They will want to see how it travels from there to any other entities and finally to the merchant.

For example, if a client is attaching a wallet provider (i.e. Dwolla, Sila), the bank will want to know who are the consumers/entities loading funds into those wallets, how are those funds moving to the Program Manager/Bank, and then how do they settle with the networks. They will want to know if that source of funds is from consumers or businesses. And they'll be looking for red flags such as funds coming from other countries or from crypto sources.

Timelines

If you’re acting as your own program manager, getting a BIN sponsorship is a lengthy process. From first conversation to program launch, getting a BIN can take at least 6 months and usually longer.

After the bank determines that your program supports their revenue goals, there’s a thorough due diligence process to make sure that the bank understands and is willing to accept your program and the risks associated with it.

The bank will also need to review your website, app, and marketing materials, legal documentation, cards and carriers, sometimes customer service scripts and logs, and your company's BBB website prior to launch.

Once your card program is active, they will expect to continue to review changes as well as new documents and materials. You should also expect to be communicating regularly with the bank, sometimes multiple times per day.

Compliance requirements

A sponsor bank devises an oversight program that typically includes data reports sent on a daily, weekly, or monthly basis.

In addition to data reports, an oversight program may include monthly, quarterly, and annual BSA/AML and regulatory reporting. The bank will also want to understand your cardholder onboarding flow, including KYC/KYB processes, vendors, and policies.

If you’re working with a card issuer as your program manager, they will take on many of these responsibilities.

Monthly Reporting

Regulatory Compliance

1. Complaint logs, including regulatory complaints (NYDFS, OCC), threats of legal action; BBB complaints; claims of discrimination, etc.
2. Applicable dispute logs
3. Overdraft logs (if applicable)
4. Issuing and activity metrics

BSA/AML Compliance

1. Number of SAR referrals submitted last month

Fraud

1. Fraud account detection rates
2. Average number of transactions per fraud case
3. Average fraud case duration
4. Average loss per fraud case
5. Percentage of fraudulent e-commerce transactions USD 25 or less reported to Fraud and Loss Database.

Quarterly Reporting

Regulatory Compliance

1. Complaint reviews
2. Forms and disclosures, including material changes/updates to any forms and disclosures.
3. Program updates and reporting to ensure findings from prior quarters are mitigated and resolved

BSA/AML Compliance

1. KYC/PII for new accounts opened in the last 90 days.
2. AML Transaction Monitoring Alerts
3. Escalated AML Transaction Monitoring alerts
4. OFAC Screenings
5. Suspicious Activity Report (SAR) referrals
6. List of negative media matches for financial crimes where account was still open
7. Any alert testing completed during the quarter

Fraud

1. List of fraud false positive alerts and escalated alerts for each month of the quarter
2. Any alert testing completed during the quarter

Annual Reporting

1. Independent BSA/AML audit
2. Transaction monitoring system/model validation
3. Systems used for AML, OFAC, and fraud monitoring systems
4. Current list of fraud detection rules
5. Current list of AML detection rules
6. Current alert matching criteria and lists used for OFAC screening
7. BSA, OFAC, Unlawful Internet Gambling, and Fraud & Identity Theft Programs/Policies
8. Description of BSA, OFAC, Unlawful Internet Gambling, and Fraud & Identity Theft Programs training courses assigned with proof of completion by all staff
9. Review and sign off on AML warranty

Legal forms review

A sponsor bank will need to review all cardholder and user agreements, including:

• Cardholder Agreements and/or Authorized User Agreements, as applicable
• Terms of Service
• Privacy policy (including any GLBA notice, if applicable)
• ESIGN Agreement
• Fee disclosures (if applicable)
• Cardholder onboarding flow (including KYC/KYB processes, vendors, and policies)

We have free templates for these documents available in our Lithic Legal Library.

Marketing materials review

A sponsor bank exercises oversight over a company’s marketing and collateral and will also want to review and approve each blog or social media post that a company wants to issue before it’s used. Your sponsor bank may want to review some or all of the following.

• Blog posts
• Social media posts
• FAQs
• Email campaigns
• Cardholder onboarding flows
• Card images/text
• Card carriers
• Press releases
• Websites
• Mobile applications
• Printed materials/ads
• Digital ads/banners
• Testimonials, endorsements, or case studies

We have marketing guidelines available to help you navigate regulatory requirements.

Processor-only vs. Program managed

A processor-only relationship with a card issuer means that you work with your sponsor bank directly and act as your own program manager. We’ve found that as companies scale their programs, they often move to a processor-only relationship and manage their programs in-house in order to keep a larger share of interchange.

Until a company is able to take on this role for itself, it can work with a program manager to outsource many critical tasks. A program manager should be able to deliver value across the following areas.

Approval time

Find out if your issuer/processor needs to send your program to the bank for review or if they can make a decision about your program themselves. In some cases, banks have provided clear parameters that only programs that look like edge cases need bank review before they can launch.

Documentation and templates

As discussed above, banks have certain expectations about your documentation and processes. Working with a program manager who can provide you with templates that have been approved by the bank, best practices, and guidance can save time and money.

BIN configurations

Your program manager will also help with BIN configurations to make sure they are set up to optimize features and functionality that are applicable to your current program or may be of interest in the future.

Compliance

In a program managed relationship, the program manager will often handle the requirements and reporting for compliance, risk, and fraud. In a processor only relationship, the company manages everything themselves with an in-house team. This is a great option once you hit a certain scale, but it can be more than most companies want to take on initially.

Check out these resources If you need help designing your compliance program or hiring a compliance team.

Additional resources

• What Bank Partners Want from Fintechs by Lithic
• Selecting a Bank Partner by Lithic
• Preparing for 8-Digit BINs by Deloitte
• 8-Digit BIN Expansion and PCI Standards by Mastercard
• Eight-Digit BIN FAQ by Visa
• Fintech Guide to Physical Cards by Lithic