A ISO 7812 contains a single-digit major industry identifier (MII), a six-digit issuer identifier number (IIN), an account number, and a single digit checksum. The major industry identifier is considered to be part of the issuer identifier number.
|MII Digit Value||Issuer Category|
|0||ISO/TC 68 and other industry assignments|
|2||Airlines and other industry assignments|
|3||Travel and entertainment|
|4||Banking and financial|
|5||Banking and financial|
|6||Merchandising and banking|
|8||Telecommunications and other industry assignments|
If the major industry identifier is 9 the next three digits are the numeric-3 country code from ISO 3166-1.
The first six digits, including the major industry identifier, compose the issuer identifier number (IIN). This identifies the issuing organisation. The American Bankers Association is the registration authority for IINs. The official ISO registry of IINs, the "ISO Register of Card Issuer Identification Numbers", is not available to the general public. It is only available to institutitions which hold IINs, issue plastic cards, or act as a financial network or processor. Institutions in the third category must sign a license agreement before they are given access to the registry. Several IINs are well known, especially those representing credit card issuers.
Donald E. Eastlake wrote a series of Internet Drafts—the final of which was draft-eastlake-card-map-08.txt ("ISO 7812/7816 Numbers and the Domain Name System (DNS)", issued February 2001, expired August 2001)—proposing the lookup of card issuers automatically based on the IIN using the domain name system. Although the domain name for doing this, reg.int, was registered by the Internet Assigned Numbers Authority (IANA) the proposal foundered due to the opposition of the ISO 7812 and ISO 7816 registration authorities, who were concerned that this proposal would make the ISO IIN registry publicly available.
The secrecy regarding the official ISO registry of IINs is probably motivated by concern for security through obscurity. However many people argue that this—and any attempt at security through obscurity—is pointless for a number of reasons. Knowing the contents of the IIN registry would be of limited help in carrying out fraud. The most common IINs (such as those for credit card companies Visa and MasterCard) are already widely known, and someone seeking to reconstruct the ISO registry could find the most common entries just by asking a large number of people to tell them their card type and the first five digits of their card. Such a publicly-contributed IIN database already exists; however, it was recently shut down after complaints from MasterCard International that continued access to the site "could expose MasterCard and its member banks to potential fraudulent and reputational risk" and "promoted identity theft." bindatabase.com hopes to reopen the site.
The account number consists of digits seven to second last, a maximum of 12 digits.