Seller Log Analysis: How to Determine Whether a BIN is Blocked Based on Error Patterns

[Good Carder]

From a carder to carders. You've received dozens of rejections. You've changed proxies, profiles, and websites, but it's all to no avail. The reason could be trivial: your BIN is blocked at the payment gateway level. But how can you distinguish a BIN block from one based on IP, fingerprint, or simply a dead card? The answer is in the logs. Stripe, Adyen, and Braintree return different error codes and timings for different types of blocking. If you don't know how to read them, you'll be guessing, changing cards, proxies, and antidetec, wasting time and money.

In this article, I'll teach you how to analyze error patterns to confidently say: "BIN is dead" or "there's an issue in the environment." You will learn how to decipher decline codes from Stripe, Adyen, and Braintree, how to distinguish BIN blocking from IP or fingerprint blocking, how to use test cards to check gateway response, and how to plot BIN success graphs over time to identify blocking trends.

Part 1: Why BIN blocking is a diagnosis, not a guess​

BIN (the first 6 digits of the card) can be blocked for various reasons:

• BIN attacks (massive enumeration of cards of the same range).
• High percentage of chargebacks for cards of this BIN.
• Blacklisting a range by a payment gateway or acquirer.

When a BIN is blocked, any card with that BIN will be rejected, regardless of its balance, CVV, or even whether it's active or not. For carders, this means wasting time buying cards with that BIN is pointless.

But how can you tell a BIN block from:

• Problems with proxies (IP blacklisted, bad reputation)?
• Problems with fingerprint (antidetect is leaking)?
• Dead card (do_not_honor, expired_card)?

Key principle: BIN blocking manifests itself equally for all cards in the same BIN and is instantaneous (<1 second response time). Environmental errors (IP, fingerprinting) often result in a delay of >1 second and can vary depending on the cleanliness of your environment.

Part 2. Deciphering Stripe, Adyen, and Braintree Error Codes​

2.1. Stripe​

Stripe returns an error object with a code and decline_code field. The following codes are typical for BIN blocking:

Error code	Decline code	Typical timing	Meaning
fraudulent	fraudulent	<1 sec	BIN is blacklisted by Stripe Radar.
blocked	blocked	<1 sec	BIN was blocked by the merchant via Radar Rules.
generic_decline	generic_decline	<1 sec	BIN is blacklisted (general blocking)
card_declined	do_not_honor	1–3 sec	The card is dead (issuing bank), no BIN
card_declined	insufficient_funds	1–3 sec	The card is alive, but empty.

Important note: If Stripe returns fraudulent in 0.3–0.8 seconds for all cards with the same BIN, this indicates a BIN lock. If the timing is >1 second and the do_not_honor error is returned, the issue is specific to the specific card.

2.2. Adyen​

Adyen returns resultCode and refusalReason.

resultCode	refusalReason	Timing	Meaning
Refused	FRAUD	<1 sec	BIN is blacklisted
Refused	BLOCKED	<1 sec	BIN blocked by the merchant
Refused	DO_NOT_HONOR	1–3 sec	The card is dead
Refused	NOT_ENOUGH_BALANCE	1–3 sec	Insufficient funds
Error	TIMEOUT	>3 sec	Network or proxy problem

In Adyen, BIN blocking almost always results in FRAUD with a timing of less than 1 second.

2.3. Braintree​

Braintree returns processor_response_code and processor_response_text.

Code	Text	Timing	Meaning
2000	Fraud	<1 sec	BIN is blacklisted
2000	Blocked	<1 sec	BIN blocked by the merchant
2005	Do Not Honor	1–3 sec	The card is dead
2004	Insufficient Funds	1–3 sec	Insufficient funds
2003	Expired Card	1–3 sec	The deadline has expired

Part 3. How to distinguish between BIN blocking and IP or fingerprint blocking​

3.1. Differential diagnostic table​

Lock type	Error code (Stripe)	Timing	Behavior when changing proxies	Behavior when changing a card
BIN	fraudulent / blocked	<1 sec	The error persists	The error persists (for all cards in this BIN)
IP	fraudulent / generic_decline	1–3 sec	The error disappears when changing the proxy.	The error may persist for some cards.
Fingerprint	fraudulent	1–2 sec	The error may persist when changing proxies.	Disappears when changing the antidetect profile
Dead card	do_not_honor	1–3 sec	The error does not depend on the proxy	Disappears when changing the card (but not the BIN)

3.2. Practical differentiation algorithm​

1. Check the timing. If it's <1 second, suspect BIN or IP blocking.
2. Replace the card with the same BIN. If the error persists, the BIN is suspect.
3. Change your proxy to a known-clean one (residential, fraud score <30). If the error disappears, the issue was with the IP.
4. Change the antidetect profile (new fingerprint). If the error disappears, the problem is with the fingerprint.
5. Check using a test card (see Part 4).

3.3. A practical example​

You hit 5 cards with BIN 414720. All crashed with Fraudulent within 0.5 seconds. You changed the proxy, but the error persisted. You changed the antidetect profile, but the error persisted. You bought a card with a different BIN, but it cleared. Diagnosis: BIN 414720 has been blocked by Stripe. Stop buying cards with this BIN.

Part 4: Using Test Cards to Check Gateway Response​

4.1 Stripe Test Cards​

Stripe provides test card numbers that always return specific error codes. These can be used to understand how the gateway responds to certain types of failures without risking your actual cards.

Card number	Expected decline code	Timing	Usage
4000 0000 0000 0002	do_not_honor	1–3 sec	Simulates a dead card
4000 0000 0000 0009	fraudulent	<1 sec	Simulates a BIN lock
4000 0000 0000 0010	generic_decline	<1 sec	Simulates a general block
4000 0000 0000 0030	insufficient_funds	1–3 sec	Simulates a lack of funds

Practical application: If you suspect your BIN is blocked, submit a request with the test card 4000 0000 0000 0009. If Stripe returns "fraudulent" within 0.5 seconds, your IP and fingerprint are clear, and the problem is with the BIN. If the test card passes (i.e., do_not_honor with a timing of 2 seconds), your IP and fingerprint are clear, and the problem is with the specific cards.

4.2. Testing via live cards with a known status​

Another approach: buy a card with a known-good BIN (for example, 414720, if it's not already blocked) and test it. If it works, but your cards with the same BIN fail, the problem is with the cards (they're dead), not the BIN.

Part 5. Plotting BIN's success over time​

BINs don't die instantly. There's usually a trend: initially a high success rate, then a gradual decline, and then a complete shutdown. Log analysis allows you to identify this trend and abandon BINs in a timely manner.

5.1 Data Collection​

The log should contain the following fields: bin, timestamp, success (1/0). Group the data by BIN and by day (or hour).

5.2. Plotting a graph​

import pandas as pd
import matplotlib.pyplot as plt

df = pd.read_csv('carding_log.csv', parse_dates=['timestamp'])
df['date'] = df['timestamp'].dt.date
bin_data = df[df['bin'] == 414720].groupby('date')['success'].mean() * 100
plt.plot(bin_data.index, bin_data.values)
plt.xlabel('Date')
plt.ylabel('Success Rate (%)')
plt.title('BIN 414720 Success Rate Over Time')
plt.show()

5.3. Interpretation​

• Stable high percentage (30–50%) → BIN is alive.
• Gradual decline (from 40% to 10% in 2-3 weeks) → BIN has started to be blocked. Prepare for replacement.
• A sharp drop to 0% → BIN blocked. Stop purchasing cards from this BIN.

An example from a real log: BIN 414720 yielded a 35% success rate in January, 25% in February, 10% in March, and 0% in April. By April, there was no longer any point in buying cards of this BIN.

Part 6. Errors in log analysis​

Mistake 1. Ignoring timing. The same fraudulent code at 0.5 seconds and 2 seconds are different stories. Always check the response time.
Mistake 2. Too little data. Don't draw conclusions about BIN based on 3-5 attempts. At least 20-30 attempts are needed for statistical significance.
Mistake 3. Mixing different gateways. BIN can be blocked in Stripe but work in Braintree. Analyze each gateway separately.
Mistake 4. Not considering proxy quality. If you use bad proxies, you will receive fraudulent activity even on live BIN. First, make sure your environment is clean.

Part 7. BIN Blocking Diagnostic Checklist​

• Collect logs for 20+ cards of the same BIN.
• Record the decline code and timing for each attempt.
• Check the timing. If it's <1 second and the code is fraudulent/blocked, suspect the BIN.
• Change your proxy to a known clean one (residential, fraud score <30).
• Change the antidetect profile (new fingerprint).
• Check with Stripe test card 4000 0000 0000 0009.
• Analyze the BIN success graph over time.
• Conclusion: if BIN is blocked, stop using it. If the problem is in the environment, change the proxy or fingerprint.

Summary​

Analyzing seller logs isn't guesswork, but system diagnostics. Decline codes, timing, test cards, and success graphs allow you to accurately determine whether BIN is blocked or whether there's a problem with your environment.

• BIN blocking: code fraudulent / blocked, timing <1 sec, error does not depend on proxy and fingerprint.
• IP blocking: error disappears when changing proxy.
• Fingerprint blocking: the error disappears when changing the antidetect profile.
• Dead cards: code do_not_honor, timing 1–3 sec.

Use Stripe test cards to verify hypotheses and plot success graphs over time to see trends. This will save you thousands of dollars on buying dead BINs.

A quick one-line cheat sheet:
"fraudulent in 0.5 seconds — BIN is dead. do_not_honor in 2 seconds — card is dead. Test card 4000 0000 0000 0009 confirms. Change your proxy and fingerprint — if that doesn't help, the BIN is blacklisted. Plot your success graph by day — drop to zero."