Your original beef was that you couldn't use Business::CreditCard for Authen::PIN. You accepted that "Authn::PIN probably shouldn't use this module for a general-purpose LUHN implementation."

But then it became a question of whether validate should obey ISO-7812 or follow real-world practices. Do you even have any stake is this? I mean, do you even use the module? It sounds to me you like you found a "problem" in a module you don't even use. I suspect the validate is almost exclusively used to verify a credit card number before initiating a transaction. Anyone using it for that purpose would welcome the cut in false-positives that checking for a minimum length of 13 digits provides.

If you do use this module, and this check is causing a problem, you should be discussing that problem. If problems or false-negatives occur, the author is willing to re-open the issue: "Feel free to re-open this bug if verify() doesn't work with any real-world credit card number."