The (likely) demise of Quick BIN Lookup

Posted by Matt Birchler
— 6 min read

Back in 2016 I was working in a support role at a payments company and found myself regularly using a BIN lookup tool to get basic information about card issuers. Basic stuff like what country the issuing bank was from or if the card was credit or debit…nothing crazy, but these details can be helpful in troubleshooting issues.

There were several sites out there that did this, and to be frank, they all kinda sucked. They were a mess of ads, pop ups, CAPTCHAs, and rate limits, and they were all wrapped in some pretty ugly CSS to boot.

The best of the bunch was binlist, and while it wasn't great, it was decent and had a free API anyone could use however they wanted. I fancy myself an amateur developer, so I decided to take a swing at building my own site, so on April 7, 2016 I launched Quick BIN Lookup which aimed to be a 100% user-centric BIN lookup tool. Here's what it looked like at the time:

Quick BIN Lookup, 2016

Now look, I don't stand by the whole design today, but it was clean and easy to use, and way nicer than the rest of the options out there. It even had a mobile layout, which literally no one else on the first page of Google results had at the time.

It started slow, but that was fine because it was the sort of tool I built for myself and it was useful to me even if no one else used it. And to be fair, I didn't do any marketing or SEO to make it a success.

But eventually it did start to pick up steam, with more and more people coming across it. I've had coworkers use it and I've even seen clients use it on video calls I've been on, completely oblivious that they were using a site made by someone on the Zoom call. I've made a mess of my analytics so I don’t have perfect numbers, but the site got well north of 1 million page hits across at least 75,000 unique users in 2023. Depending on the day and your personalized results, it was often the #1 result on Google when searching for "BIN lookup", although it seems binlist has retaken the lead at some point in the last year.

What I love about this is that I tried to disrupt the incumbents by making something better…and I did it!

Now I didn't get rich on this project, as I only ever ran a single ad on the page, but it was enough to make it worth my while. Without sharing all numbers, I will say that I currently make less than $100/month on the site, although that's down a considerable amount from its peak before the ad market crashed this year.

The turn

I'll be the first to admit that this situation may have been too good to be true. I was using a free API to replicate the behavior of the company who made the API, and I was neck and neck with them in search ranking…of course they wouldn't be thrilled about this. But hey, the site lived a very successful life for almost 8 years without issue, so maybe they were cool with it?

Maybe not, as I got a report of my site not working today, so I sprung into action, confirming the issue, posting a status alert on the site, and looking into what was going on. Apparently they announced on December 14 that they were going to start rate-limiting their free API to 10 requests per minute. That's totally reasonable and its their free API, so they can do what they want, but during business hours my site averages somewhere around 20 requests per minute, which assuming they let me constantly go over the limit, half of my users are going to get errors when using the site. That isn't the great experience I want to deliver: would you use a website where its only function worked half the time you used it? I wouldn't.

binlist does have a new premium API that sounds like it would fit my needs, but one look at the pricing page crushes that idea. Remember how it's earning well under $100/month today? Adopting their new API would cost me somewhere around $700/month to keep doing what I'm doing right now. A quick shop around for other APIs don't return anything much better: I saw $900 one place, $300 another, and most of them give me the old "contact us" for my request volume requirements, which as far as I'm concerned is code for "the number is going to shock you."

The plan

As far as I see it, there are 3 go-forward options:

  1. Let the site be partially broken due to the rate limit
  2. Start paying for a premium BIN lookup API and start losing hundreds of dollars a month on the site
  3. Take the site down

Option 1 is not great, and I don't see how it can be a long term solution. The product is broken for many users, and that's not something I can stand to have out there attached to my name.

Option 2 is just nuts, and you should question my sanity if I chose this path down the road. I'm okay losing a little money per month on a website if I love it (see this blog), but hundreds of dollars every month? Nah.

Option 3 is a sad one for me since this has been such a cool thing to work on all these years, and I am genuinely proud of its success, but it's the most likely option long term.

Update: a few kind people have suggested potential workarounds for the new restrictions, which as creating multiple free accounts and cycling through keys or caching the results so I don’t have the re-submit the same BIN multiple times. I will explore these alternative options, but I’m not super optimistic. Accounts are manually created on their side with basically a Google Form, which means I’d have to apply as numerous different people, hope they believe me, and hope they don’t notice a single IP address is sending in all these requests. Caching results could lessen the load, but I don’t see many duplicate checks in my analytics, so I’m a bit skeptical this would lessen the load that much (not to mention caching or creating a local database levels up the complexity of this beyond my decidedly amateur skills. I will try to see if more clever fixes are possible.

I'm going with option 1 for now, leaving the site up even though it's partially broken. There is an alert at the top of the page explaining the situation, but a partially-functioning product can't be the end state.

Final thoughts

I got into this game to make a good website for looking up BINs, and I succeeded more than I ever expected I would. I was a non-developer who knew a tiny amount of PHP and was able to make something people enjoyed and found useful. I'm super proud of that and always will be.

I'd love to find a new solution here that manages to give me what I need to keep the site up at a reasonable price, but that's looking unlikely right now.

Also here at the end I'd like to clearly say I don't hold any ill will towards binlist for this change. I'm sad that it's likely going to kill my site, but I was using their API that they built and maintained to build a direct competitor to their site. If the site got 10 hits per day then who cares, but I can see why this use case at this scale is not something they would want to support anymore. We didn’t have any legal agreements, nor did we have any communication at all over these 8 years. I don’t search for BINs much anymore myself, but I do feel bummed for the many people who had come to rely on the site over the years.