Payment Issues in Facebook Ads

The platform of Facebook Ads never discloses how it works. Affiliates all over the world build their understanding of the ad platform on the basis of tests and experiments. That is why there exist millions of myths about Facebook algorithms delivered by the affiliates of different types. Most of them are far from reality indeed. Let us agree, discussions/chats/masterminds about Facebook ads are often full of fairy-tales. It may spoil newbies attempts.

One of the most mythological parts of Facebook Ads is “payments”. I have seen hundreds of affiliates being sure that Facebook can easily recognize a virtual credit card, or that the name of a cardholder must coincide with the name of a social profile and other crazy tips. Lots of publishers believe such facts to be true, while at least half of such tips have no connection to the real facts.

This time I would love to disclose some absolutely evident facts about payment and anti-fraud services in Facebook ads. Please, consider this information not to be a direct guide to somehow violate terms and policies of the Facebook Ads platform.

I do not encourage anyone to use the contents below for illegal purposes. And I disclaim, that all the illegal issues made by you are your personal intentions.

Actually, only two key points matter:

• What data is provided by a credit card itself;
• How the payment and risk-management services deal with the data;

Observing the points in both will make it rather long read. So, It was decided to make it two parts.

Ok, let us discuss how any credit card works. I just want to give a warning, that some pieces of the article will definitely be boring, but these contents are necessary to make the things clear. First of all, let us understand what data a credit card itself can provide.

1. The first digit always corresponds to both the payment system (Visa, MasterCard) and the branch of industry the card belongs to. Most of VISA cards have the first digit - 4, while all the MasterCard CCs have - 5.
2. Second-fourth digits denote the city and the bank which emitted the credit card. For instance, popular payment solution for affiliates “Epayments” has 283, while Russian “Sberbank” has 276 and so on. Fifth and Sixth digits corresponds to the card type and category. They reveal if the card is debit/credit/prepaid/overdraft as well as the category: classic/silver/gold/platinum . No combination of these digits can show if the card is virtual or a real plastic one. The first 6-digits are the so-called BIN (Bank Identification Number). All the data about credit cards hidden in a BIN is public. You can easily check any card using such services like Binlist.
3. Digits from 7 to 15 are the special cipher of a bank. Each bank encrypts these numbers as they prefer, that is why this data is not public. Only the payment systems can have the access. 7-15 can contain any information the bank wants. Usually, these are the currency, local/international, date of expiry and other data. This information is the issue of every particular bank, so nobody can have the access to a cardholder name including Facebook, Google and any other third party.
4. The last digit is the so-called checksum number that is counted according to the Luhn algorithm. It is just needed to check if all the digits submitted are a true credit card (if all the 15 digits are correct).

Also, credit cards are not emitted by the banks themselves. There are special digital security companies, the direct card manufacturer. Each CC must contain the information about a manufacturer. For instance, lots of European cards are emitted by Gemalto, while most CCs in Russia are manufactured by ROSAN company. You can check the name of  manufacturer, as it is stated on a card. Of course Security Agencies have some secret information about a card, but they NEVER provide such data to any parties, except the Payment Systems.

Now it’s time to recap what we discussed. The conclusion is:

Under no circumstances can Facebook obtain the information about the cardholder and the data, about if the card is virtual or not. So, using virtual cards rather than plastic does not mean you are somehow suspicious to Facebook.

Ok, but why do people think the other way? Many affiliates are assured that Facebook trust varies from card to card. Everybody knows that some CCs trigger ad account to ban at once (as soon as you submit a CC), while the other cards do not cause troubles. Does that mean every payment inventory has concrete risk-rate onin Facebook or Google? I can definitely say: no ! It is quite false that some risk-payment score is used by Facebook (but who knows, by the way).  Success while submitting a credit card depends on a combination of Facebook Big Data experience, hardware and software configurations, social profile behavior (everything that is called account “farming”). Such content is usually forbidden to post on most websites, but if you wish - i will also prepare several articles about how Quality Score on Facebook works.

That is it for today. The second part of this material will be dedicated to the Facebook payment system, PCI SDD standard and Facebook anti-fraud (risk management) service. I will also try to put down the tips on what one should do in order to submit a CC without being banned, but again it can be used for illegal purposes (that’s why a release may never happen). Hope you enjoyed the article. You are welcome to submit your questions and comments here.