BIN Attack Fraud
What Is a BIN Attack Fraud?
The BIN, or the Bank Identification Number, is the first six digits on a credit card. These are always tied to its issuing institution – usually a bank. In a BIN attack, fraudsters use these six numbers to algorithmically try to generate all the other legitimate numbers, in the hopes of generating a usable card number.
They then use them at various merchants to filter that list down to, essentially, whatever works. A brute force type of attack, it typically involves a large number of small transactions – as is typical in card testing.
These small transactions show up as various types of declines before they ultimately find any correct combinations – and potentially use them to discover even more. Because they only use card numbers, BIN attacks constitute card not present fraud.
How Can You Detect a BIN Attack?
There are a number of ways to identify a BIN attack, including:
- Multiple low dollar value transactions (the amounts may be unusual for your type of business).
- Multiple declines.
- Unusually high volumes of international cards.
- Large number of transactions being processed or attempted in a short period of time. These transactions tend to be within a few seconds of each other.
- Card numbers being used repeatedly with variations in the security features (e.g. expiration date, card security code, and postal codes).
- The time of transaction may be unusual for your business, eg. early in the morning.
How a BIN attack could impact your business:
A BIN attack may mean the following for your business:
- increased disputes or chargebacks
- higher decline rates
- additional fees
- reputational impacts
- regulatory fines.
Protect your business from BIN Attack Fraud:
- Enable 3D secure. This is an additional security layer for online credit and debit card transactions.
- Enable a CAPTCHA test to tell humans and bots apart. It’s easy for humans to solve, but not bots and other malicious software. See your gateway provider on how to enable this.
- Use an e-Commerce gateway solution that’s PCI Compliant and a vendor that’s approved by your merchant bank.
- Enable card security code verification. The transaction won’t proceed until the three digit security code on the back of the card has been entered into the merchant facility.
- Use a hosted e-commerce solution. This means the payment page is not hosted by the merchant and the payment page is redirected to gateway provider.
- Talk to your gateway provider or merchant bank for more fraud prevention options, and tips to keep your business safe.
Keep your contact details up to date with your merchant bank and gateway provider.
Need BIN Attack Fraud help?
If so we can help. Our WordPress specialists will fix your hacked WordPress site and get your business back up and running.
Now Technology Systems offers immediate help to stop the fraud and repair your website including malware detection, malware removal services, website backup, and other expert services.