ID Verified
First 6, last 4 and the expiry are not regarded as private by the card vendors.
Perhaps, but it does not sit comfortably with me.
The first six digits usually define the bank that has issued the card.
The expiry year/month can be used in the future such that a scammer can often determine a routine replacement card's new expiry date. I have had a credit card in NZ long enough to remember when they had a two-year life and upon renewal, both a new card account number and new expiry date were on the replacement card. This was well before the days of setting up periodic automatic payments using credit cards.
If a scammer gets access to that partially obfuscated card info which provides issuing bank details, and has other info about a person such as name and address, they are well on the way to having very useful information to use. In this example, they may now know which bank to target, or to quote if they make a blind phone call to the that victim claiming to be from the victim's bank.
Long shot perhaps, but I have been there in the past.
I'm seeing sites now showing *nnn representing the the last four digits, with in essence only the last three digits nnn actually displayed. I'd be much happier with that.
