Magento has recently released Security Patch SUPEE-8967 which fixes an important issue with the new MasterCard BIN Credit Card Numbers.
What does SUPEE-8967 do?
BIN stands for Bank Identification Numbers. They essentially identify the issuing institution for the payment account, and ensure that each transaction is routed correctly.
Starting from June 1st, MasterCard will introduce its second series of BIN numbers which will start in the 22-27 range (like 2251-0052-4454-3236). In the past, MasterCard BIN numbers started with a 5 (5987-0000-0000-0015 for example), but this is about to change.
All merchants who accept MasterCard as a payment method are officially required to accept the new numbers, because of the global online shopping network MasterCard wants to offer to its customers.
All merchant POS (Point of Sale) terminals, online checkouts and related systems are required to be 2-series ready before it’s launch on June 1st. This is also why it is extremely important that all Magento stores install patch SUPEE-8967 as soon as possible on their store. Merchants who’d like to request a 2 series test or production cards can send an email to firstname.lastname@example.org and they’ll sort you out.
Mastercard will actively start testing merchants if they accept the new BIN numbers, and you can expect a fine (up to $25,000 per month) if you don’t accept them. Furthermore, if you don’t accept the new 2-series cards, the transaction where the card is used will be declined which will result in a loss of sale for the store owner. The problem is, that Magento by default doesn’t accept these new BIN numbers.
That’s why Magento has released security patch SUPEE-8967, which makes stores compatible with the new BIN numbers in a few seconds. It updates Magento’s core credit card validation, which almost all payment extensions/methods use. Recent Magento versions have had these CC numbers updated automatically, but older versions need to install the patch. The patch is available for the following Magento versions.
- All Magento 1 versions below CE 220.127.116.11 and EE 18.104.22.168
- All Magento 2 versions below 2.1.3 (2.0.0 – 2.0.13, and 2.1.0-2.1.2)
Versions older than CE 22.214.171.124 need to install SUPEE-2725 before this one as well to apply all the changes.
How to download SUPEE-8967
You can download this patch from the official Magento Release archive. Hit the “Release Archive” tab on that page and scroll down till you get to the Patches section of the page. The SUPEE-8967 patch should be the one of the first ones on the list. Installing the patch is fairly simple, but if you do need help check out this guide that teaches you how to install a Magento security patch.