Okay Craig, let's look at it from the flip side. Say he implements your requested change. There may be people out there who are using this module on real, actual credit card numbers which are always at least 13 digits. Now, are you going to deal with all of the bug reports about how upgrading to the latest version of Business::CreditCard broke some applications because it suddenly started accepting 10 digit numbers when before it did not?
Ivan's approach is conservative and correct.
As an alternative suggestion maybe you can convince Ivan to add a verifyISO() routine that acts as you desire. (No one is likely to be depending on something that doesn't exist :-) But if he doesn't want to do that, you still have other options--"subclass" his module (I don't know if it's OO or not but a similar idea holds even if it's not), create your own module, use his module, but write your own routine that you inject into his namespace for your own nefarious purposes, etc. :)