Of course. I didn't say anything to contradict that. My point was that all credit card BINs are widely known--there's no need to examine thousands of cards to find them out. There are lists and databases. How do you think the post office and WM ban certain card issuers? Also, the patterns of credit cards are known too, which is why there are credit card generators and validators. If I had to guess, I'd say most credit card fraud involves compromising physical cards that are on sale and waiting for them to be loaded, or wholesale data mining of stores and other companies that accept credit cards for payment and keep them on file.

I've been a tech guy at a major hospital. Through an error in how my access was set up, I had all the information on all of its patients, past and present--credit card numbers, DOBs, SSNs, current addresses and phone numbers, insurance info. Hundreds of thousands of them. I did nothing with them of course, being honorable. But lots of people in plenty of areas have access to such information.