This article misses quite a few important details.
Most importantly, the first 6 digits of a Visa numer constitute a "BIN" (Bank Identification Number). I have heard that MasterCard uses variable number of digits for BIN, but I don't have proof. Some places will have lists of BINs (there's really not that many) and reject "card numbers" that don't have a correct BIN.
Secondarily, MasterCard numbers start with "51", "52", "53", "54" or "55". AmEx starts with "34" or "37", and Discover Cards start with "6011" or "650".
Generating a good "fake" CC number is a bit more complex than the first digit, and getting the Luhn checksum correct.
One of the other commentors is correct in having a huge number of checks around the format of a "credit card number". In practice, all kinds of rubbish ends up in the card number field, and every once in a while, it will pass the Luhn checksum and cause problems down stream.
Absolutely. The article glosses over the other security features that are required to create a card number that would pass the extensive authorization process in the card networks. The information in the article is already in the public domain, so the 'exposure' doesn't increase fraud risk to anyone other than the companies offering 'free trials' for merely providing a number that passes a checksum test.
The amount of security in a particular system is typically proportional to the value of what is being secured. If the companies using a mere checksum test thought the process needed to be more secure they could do a real authorization against the number.
There was a time in the past when some services online wouldn't immediately authorize the card - it would only check if the value was a "valid" number.
So, you could, hypothetically, get 1-3 hours of shell internet access based on a generated number.
Most importantly, the first 6 digits of a Visa numer constitute a "BIN" (Bank Identification Number). I have heard that MasterCard uses variable number of digits for BIN, but I don't have proof. Some places will have lists of BINs (there's really not that many) and reject "card numbers" that don't have a correct BIN.
Secondarily, MasterCard numbers start with "51", "52", "53", "54" or "55". AmEx starts with "34" or "37", and Discover Cards start with "6011" or "650".
Generating a good "fake" CC number is a bit more complex than the first digit, and getting the Luhn checksum correct.
One of the other commentors is correct in having a huge number of checks around the format of a "credit card number". In practice, all kinds of rubbish ends up in the card number field, and every once in a while, it will pass the Luhn checksum and cause problems down stream.