Are non-VBV BINs more common with certain card types, issuers, or countries in 2025?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Non‑VBV (non‑Verified‑by‑Visa) BINs in 2025 are presented in the reporting as concentrated among specific card types (high‑limit/platinum/premium and certain debit/prepaid subtypes), particular large issuers (US banks like JPMorgan Chase, Citi, Chase/Amex mentions) and a handful of countries (notably the United States and some European/Swiss issuers), but the available sources are overwhelmingly from underground carding lists and marketplaces rather than neutral payments research, limiting confidence in prevalence claims [1] [2] [3] [4].
1. Card types: premium credit, certain debit/prepaid, and “non‑MSC” products show up most in lists
Multiple BIN lists and guides circulated in 2025/2026 repeatedly tag premium credit categories (Platinum, Infinite, Black) and a mix of debit/prepaid or payroll cards as frequently labeled “non‑VBV” in underground compilations, with vendors asserting that high‑balance premium cards and modern digital‑only products (sometimes called non‑MSC or non‑magstripe) are targeted because their risk models allow frictionless approvals [1] [5] [2]. These same sources also note that some debit and prepaid rails are listed as non‑VBV, reflecting that “non‑VBV” in practice became shorthand for any frictionless 3DS risk decision rather than a single technical profile [5] [6]. The aggregate message in the listings is clear: premium credit and certain digital debit/prepaid types recur in non‑VBV catalogues [1] [5].
2. Issuers: large US banks and certain global brands are repeatedly named, but motives are murky
Several underground guides and BIN collections single out major US issuers — including JPMorgan Chase, Citi, Chase/Amex and regional U.S. banks — as frequent sources of BINs tagged non‑VBV, and some vendors advertise specific BIN prefixes tied to these banks [7] [1] [8]. Forums and market threads also publish long, country‑sorted BIN dumps that list major global issuers alongside smaller banks [9] [10]. However, these publications have a clear commercial and operational agenda (selling “working” BINs and tools), which biases selection toward whatever BINs currently succeed in illicit workflows; they do not demonstrate that issuers intentionally “make” non‑VBV BINs broadly available [2] [11]. Independent merchant‑security commentary cautions that what carders call “non‑VBV” is often the issuer’s risk‑based frictionless path, embedded in modern 3DS flows, not a permanent issuer setting [6].
3. Countries: the U.S. dominates lists but many European and Commonwealth countries appear
The compiled lists repeatedly emphasize U.S. BINs and U.S. issuers, and many country‑by‑country lists and marketplace posts focus on the United States, UK, Germany, Australia, Switzerland and other EU members as common origins for non‑VBV entries [4] [3] [12] [9]. Swiss private‑bank references and European BIN entries appear as particularly coveted in underground chatter, which frames some countries as “low‑fraud” or high‑value targets [7] [1]. That said, payments researchers quoted in the materials note a functional explanation: domestic rails and local authentication implementations vary by country — some rails simply do not trigger 3DS the same way — creating apparent country patterns in the lists [6].
4. What the reporting cannot prove: prevalence, causation, or legitimate industry patterns
All cited sources are dominated by carding forums, BIN lists, and sellers whose incentive is to advertise “working” non‑VBV BINs; they therefore document what criminals test and market, not a representative picture of issuer policy or global prevalence [2] [9] [11]. Security‑oriented commentary explains that modern 3DS risk engines allow issuers to accept transactions without a challenge (frictionless pass) based on device and transaction signals — so the same BIN can behave differently over time or by merchant/gateway, complicating any claim that a BIN is inherently “non‑VBV” [6]. No neutral acquirer or card network research is present in the sources to validate that particular card types, issuers, or countries systematically issue non‑VBV BINs at scale in 2025 beyond the patterns visible in illicit marketplaces [6] [2].
Conclusion
The documentary evidence from BIN lists and underground forums shows recurring patterns — premium credit and some digital debit/prepaid types, major U.S. issuers and a handful of countries appear frequently in non‑VBV compilations — but those sources are self‑selected and operationally motivated, and payments‑security analysis warns that “non‑VBV” often reflects risk‑based, context‑dependent flows rather than a fixed issuer attribute; therefore, while non‑VBV BINs appear more common in certain card types, issuers, and countries within the carding ecosystem, neutral confirmation of systematic prevalence or intentional issuer policy is not present in the reporting [1] [7] [6] [2].