How to choose the ideal BIN for a specific merchant: from theory to practice

[Good Carder]

From a carder to carders. You bought a card, set up antidetect, and prepared a proxy. But the BIN turned out to be "red" — the payment failed due to fraudulent. You're losing not only the card, but also time and stress. Why does one BIN work on Amazon but not on Shopify? Why does one bank tolerate non-3DS payments, while another blocks them even after a successful check? The answer isn't magic, but systems analysis.

In this article, I'll discuss how to choose a BIN for a specific merchant type, what parameters influence throughput, how to build your own "BIN → gateway → country" matrix based on logs, and I'll provide a ready-made algorithm for selecting a BIN for any purpose in 30 minutes.

Part 1: Why BIN is 80% of Success​

The BIN (Bank Identification Number) is the first six digits of the card number. It's used by the merchant and payment gateway to determine:

• Issuer country (US, UK, CA, AU, EU).
• Card type (Credit, Debit, Prepaid).
• Issuing bank (Chase, Bank of America, Barclays, Revolut).
• 3DS support (VBV/non-VBV).
• Fraud level (whether this BIN has been seen in BIN attacks).

As of 2026, Stripe Radar and Adyen use dynamic BIN blacklists that are updated in real time. If your BIN is on such a list, your card won't work, even with a perfect proxy and a well-warmed profile. On the other hand, "green" BINs (with a low fraud history, non-3DS, Credit) can have a success rate of 30-40% on the right merchants.

The key rule: the same BIN can have a 50% success rate on small WooCommerce stores and 0% on Amazon. The goal is to find a match.

Part 2. What BIN parameters affect traffic?​

2.1. Issuer's Country​

The BIN country must match the country of the proxy and the target merchant (or be geographically close).

Country BIN	Best goals	Why
US	US stores (Amazon, Walmart, Target, small Shopify)	AVS checks ZIP, but with full Fullz the passability is high
UK	UK stores (ASOS, Argos)	AVS also works, but many UK merchants ask for 3DS
EU (DE, FR, ES)	Only non-3DS BIN or low-value up to €30	PSD2 obliges 3DS, exceptions only for small amounts
CA, AU	Local shops	AVS works, but the market is small

Statistics (2026): US BINs are processed at American merchants 3-5 times more often than EU BINs. Always use a card from the same country as your target country.

2.2. Card Type: Credit vs. Debit vs. Prepaid​

Type	Passability	Risk of BIN blocking	Where is it better to use?
Credit	High (40–60%)	Short	All goals
Debit	Average (20–40%)	Average	Small purchases (<$100)
Prepaid	Low (<10%)	High	Only non-3DS low-value targets

Prepaid BINs (Vanilla, Amex Gift, Netspend) are increasingly being blocked at the gateway level. Even if the card is valid, Stripe will return the fraudulent amount. Avoid using prepaid cards for serious transactions.

2.3. Non-3DS status​

3DS (Verified by Visa, Mastercard SecureCode) is a carder's main enemy. Non-3DS BINs are cards that don't require authentication. They're more expensive ($30–$80), but they pay for themselves.

Where to look for non-3DS BINs:

• Free BIN database binx.vip
• Closed Telegram channels and forums (Exploit, XSS).
• Paid BIN databases marked "non-3DS, tested".
• Self-testing: buy a card, try it on the 3DS website, see the answer.

Important: non-3DS status may change. Banks are gradually enabling 3DS. A BIN that was good a month ago may require authentication today.

2.4. Issuing bank​

Some banks are known for their tolerance towards fraud, while others are known for their aggressive blocking.

Good banks (US)	Bad Banks (US)	Note
Chase	Wells Fargo	Chase more often non-3DS
Bank of America	Citibank	BoA is more lenient towards high-risk transactions
Capital One	PNC	Capital One rarely blocks by BIN.
US Bank	TD Bank	—

Europe: Revolut, N26, and Monzo aggressively block fraud. It's better to use cards from established banks (Barclays, Lloyds, Deutsche Bank).

2.5. BIN Fraud Score​

IPQualityScore and other services rate BINs on a scale from 0 to 100. The higher the score, the more often cards with that BIN are used in fraudulent transactions.

Fraud Score	Recommendation
0–30	Take it boldly
30–60	Check non-3DS status, test
60–100	Don't buy it - BIN is blacklisted.

How to check: Enter the BIN into IPQualityScore or Scamalytics. The free versions provide an approximate estimate.

Part 3. Building the "BIN → Payment Gateway → Country" Matrix​

Theory is useless without practice. You should maintain a table where you record the throughput at different gateways for each BIN.

3.1. Table Structure (Google Sheets)​

BIN	Bank	Type	Non‑3DS	Page	Stripe	Adyen	Braintree	WooCommerce	Shopify
414720	Chase	Credit	Yes	US	25%	10%	30%	40%	20%
439305	Microsoft	Prepaid	No	US	0%	0%	0%	5%	0%
536425	Mastercard	Credit	Yes	THAT	15%	5%	20%	30%	10%

How to fill out: After each attempt (successful or unsuccessful), record the result. After 50-100 attempts, you will begin to see patterns.

3.2. Log Analysis​

Example from a real table (fictional, but typical):

BIN 414720 (Chase):
- Stripe: 25% (15 успеха из 60)
- Adyen: 10% (4 из 40)
- Braintree: 30% (12 из 40)
- WooCommerce: 40% (20 из 50)

Conclusion: BIN 414720 works best on WooCommerce stores and Braintree. It's less successful on Stripe and Adyen.

What to do: Buy cards for this BIN and target WooCommerce stores with the Braintree payment gateway.

3.3. Tools for automatic BIN monitoring​

• Stripe Radar. The Stripe dashboard has a "Radar" section that displays statistics on the BINs used in your test transactions. However, this only works if you have your own merchant account.
• Adyen BIN checker. In the Adyen test environment, you can send API requests specifying a BIN and receive a response indicating 3DS support and risk level.
• A custom Python script using curl_cffi and residential proxies. Send a request to create a SetupIntent in Stripe with a card where only the BIN is known and the rest of the details are fake. Analyze the response.

import random
from curl_cffi import requests

def check_bin(bin):
# Генерируем фейковые данные карты
card_number = bin + ''.join([str(random.randint(0,9)) for _ in range(10)])
data = {
"type": "card",
"card": {
"number": card_number,
"exp_month": random.randint(1,12),
"exp_year": 2028,
"cvc": str(random.randint(100,999))
}
}
response = requests.post(
"https://api.stripe.com/v1/payment_methods",
headers={"Authorization": "Bearer sk_test_..."},
json=data,
impersonate="chrome120"
)
if response.status_code == 200:
print(f"BIN {bin} seems valid (no immediate block)")
else:
print(f"BIN {bin} blocked: {response.json().get('error',{}).get('code')}")

This method does not provide a 100% guarantee, but it helps to filter out clearly dead BINs.

Part 4. Algorithm for selecting a BIN for a specific purpose in 30 minutes​

Let's say you've found a store you want to attack. It's a Shopify store with a Stripe payment gateway (identifiable by the iframe and the domain js.stripe.com). Your task is to choose the BIN that will yield the highest success rate.

Step 1: Determine the merchant type and payment gateway (1 minute).

• Open the checkout page.
• Look at the URL and the presence of an iframe.
• If you see stripe.com, it's a Stripe gateway. If you see braintreegateway.com, it's Braintree. If you see adyen.com, it's Adyen.

Step 2: Check your table (5 minutes).

• Find the BINs in the table that have the highest success rate on this gateway.
• If the table is empty, go to step 3.

Step 3: Select 3-5 BINs from “good” banks (Chase, BoA, Capital One) (5 minutes).

• Use lists from closed sources or purchase cards with these BINs from a trusted seller.

Step 4: Check non-3DS status (10 minutes).

• Take a test card with this BIN (you can buy the cheapest one).
• Try making a payment on a website with 3DS enabled (for example, a small European store). If 3DS isn't requested, the BIN is good.

Step 5: Perform a micro-check at the target store (10 minutes).

• Make a purchase of a minimum amount ($1-5).
• If the payment went through, the BIN is valid.
• If it fell from insufficient_funds, the card is empty, but the BIN is alive.
• If do_not_honor - the card is dead, but the BIN may be alive (try another card with the same BIN).

Step 6: Make a decision.

• If out of 3-5 cards with BIN at least one passes the test, the BIN is valid.
• If everyone crashed with fraudulent, BIN is blacklisted by the gateway.

Part 5. Errors when choosing a BIN​

Mistake 1. Buying cards based solely on price, without looking at the BIN.
Cheap cards ($5-$10) almost always have a BIN with a high fraud rate. Pay $30-$50 for a verified BIN.

Mistake 2. Using one BIN for everything.
Even a good BIN may not work on a specific gateway. Test.

Mistake 3. Ignoring BIN updates.
Banks change BIN ranges every 3-6 months. A BIN that worked in January may be dead by June. Update your lists.

Mistake 4. Not keeping a spreadsheet.
Without statistics, you won't be able to replicate success.

Summary​

Choosing a BIN isn't magic, it's a systematic analysis. Keep a spreadsheet, test on small amounts, and compare it with the merchant and payment gateway type. Use non-3DS BINs from major banks (Chase, BoA) with a fraud rate of <30. And never use prepaid. After 100-200 attempts, you'll see clear patterns, and your success rate will increase from 5% to 20-30%.

A quick one-line reminder:
"BIN determines country, type, 3DS, and reputation. The 'BIN → gateway → success' table is your compass. Non-3DS Chase on WooCommerce gives a 40% success rate. Don't use prepaid, don't skimp on Fullz. And always test with a small amount before hit to a big one."