BIN attacks are one of the most common card attacks hurting financial institutions today—and are expected to only continue to get worse. The FTC recently reported that credit card fraud shot up by 107% from Q1 20219 to Q4 2020. In contrast, the number of card fraud reports between Q1 2017 and Q1 2019 grew only by 27%.
But what exactly is a BIN? BIN stands for Bank Identification Number, which is a set of numbers, usually six, that identifies the institution that issued the card. When a card is swiped, the card machine scans the BIN, identifies the associated account, and then puts in a request to withdraw funds from the account in order to complete the transaction.
Now, a BIN attack is when a fraudster takes the first six numbers of a card, the Bank Identification Number or BIN, and uses software to systematically generate and test the remaining numbers. By testing different combinations, oftentimes even writing programs to test multiple cards a second by making small transactions of less than $1 through an online store, attackers are able to determine which card numbers are correct and active. At this point, these fraudsters are able to make much larger transactions with the verified card numbers, hurting financial institutions, merchants, and issuers.
So with this ever-increasing sophistication of fraudsters, how can financial institutions truly protect themselves against BIN attacks? In this blog post, we’ll share exactly how financial institutions can accomplish this.
Financial institutions must absorb the cost of fraudulent charges from BIN attacks —both financially and in terms of operating and business costs. Financial institutions suffer fraud losses from compromised cards harvested during BIN attacks as well as the costs of chargebacks, call centers, and re-issuance. Furthermore, fraud damages a financial institution’s reputation, causes cardholder disruption and inconvenience, and losses in interchange revenues.
The additional cost and resources needed to track and deal with BIN attacks and their aftermath including searching through electronic transaction trails for crucial details such as timestamps, geolocation, IP addresses, in order to take preventative and corrective measures are more than what most financial institutions can afford. .
How can financial institutions protect themselves against BIN attacks?
Oftentimes, financial institutions know that they are under attack from fraudsters but don’t actually know how to stop it. And even after facing an attack, these companies don’t know how many of their cards are compromised. Although some financial institutions try and turn to outside solutions to protect themselves, many of these solutions are manual or purely consultative—leaving few options for banks and credit unions.
So what are the efficient ways to put an end to BIN attacks? First comes prevention:
Although these preventative measures aren’t real-time, they can stop automated BIN attacks in their tracks, letting fraudsters move onto easier targets. Fraud from BIN attacks and compromised cards can take a week or longer to monetize, giving the financial institution time to act and stop the damage. The next step to ending BIN attacks is automated monitoring and surveillance:
Although mitigation doesn’t protect financial institutions from preventing BIN attacks from occurring, it is a crucial component of protection from all of the operating costs associated with a BIN attack. By having an automated system to quickly identify which cards have been compromised, financial institutions can react quickly and minimize as much disruption and loss as possible.
Rippleshot uses machine learning and automation to detect high risk merchants and fraudulent transactions to help financial institutions protect themselves and proactively stop card fraud. Contact us today to learn more and schedule a product tour.