Is Your Financial Institution Protected from a BIN Attack?
BIN Attacks are on the rise.
BIN attacks are one of the most common credit card fraud threats negatively impacting financial institutions today. This is a type of fraud most commonly associated with Card-Not-Present (CNP) transactions. CNP transactions are online purchases where there isn’t a physical card to swipe. According to eMarketer, CNP fraud will account for $9.49 billion in loss, up 8.5% over last year. Overall, BIN attacks will make up 73% of card payment fraud loss this year, up from 57% in 2019.
If you’re not familiar with the term “BIN attack,” BIN stands for Bank Identification Number and it is a set of numbers, usually six, that identifies the institution that issued the card. When a card is swiped, the card machine scans the BIN, identifies the associated account, and then puts in a request to withdraw funds from the account in order to complete the transaction.
Learn More About BIN Attacks
To learn more about the various types of BIN attacks and how to mitigate the damage for each one, click here.
Total Cost of BIN Attacks
Financial institutions absorb the cost of fraudulent charges stemming from BIN attacks which include both financial and operational expenses:
- Fraud losses from compromised cards
- Chargeback refunds
- Call center costs
- Card re-issuance events
- FI reputational damage
- Cardholder disruption
- Interchange revenue losses
BIN attacks can also place a serious strain on a financial institution's resources, as well. The fraud team is responsible for the aftermath which includes, searching through electronic transaction trails for crucial details such as timestamps, geolocation and IP addresses. This painstaking process is necessary and expensive.
How to Protect Your Financial Institution
When a financial institution sees a spike in transactions, that’s a strong indicator that they are under attack. Since the attack has already commenced, they can best react by declining the appropriate transactions. However, this reactionary stance still leaves the financial institution open to fraud losses and member disruption.
“The advantage of working with a fraud detection partner like Rippleshot is that we have the insights and data to proactively avoid fraud attacks.” said CEO Canh Tran. “By leveraging the fraud intelligence gathered from our data consortium from more than 5,000 banks and credit unions, we provide a summary of high risk merchants to our customers. Internal fraud teams leverage this information to write new rules that block fraudulent merchants before the first transaction hits.”
The following steps are designed to help you enhance your BIN attack protection strategy:
- Processing vendors are limited in the protection they can provide. Once you understand what tools they are using, you can explore partnering with a fraud detection platform like Rippleshot to complete your protection.
- Consider transaction limits on foreign countries. Many BIN attacks come from tested transactions outside of the United States. (FinCEN regularly published advisories regarding what countries to consider blocking to avoid financial crimes.)
- Some BIN attacks focus on finding active cards that are most likely to have funds that can be withdrawn from. Fraudsters will try to validate this by testing the cards with low amount transactions. To prevent these approvals, you should implement a rule that blocks transactions at fraudulent merchants that are involved in BIN attacks.
- Identify fraudulent merchants by analyzing patterns in their transactional data similar to our High Risk Merchant list. You can claim your free copy by filling out this form.
- For legitimate merchants, set up a rule to monitor transaction velocity per hour and block transactions when the threshold is reached. This will allow time for your team to investigate the situation.
Although these preventative measures aren’t real-time, they can stop automated BIN attacks in their tracks, forcing fraudsters to move onto easier targets. Fraud from BIN attacks and compromised cards can take a week or longer to monetize, giving the financial institution time to act and stop the damage.
How Rippleshot Can Help
BIN attacks are a serious threat to your financial institution and its members. Dealing with them internally is costly, time consuming and still lacks the coverage you require to effectively fight off these fraud events.
Rippleshot’s solution identifies the high risk merchants that cause BIN attacks and stops them before they strike. Our product is powered by fraud prevention experts whose sole job is to provide financial institutions like yours the card fraud protection you deserve.
About Rippleshot and Rules Assist
Since 2013, Rippleshot has been leveraging the power of AI, machine learning and automation to protect your customers from card fraud.
Rules Assist is the perfect blend of these tools. Together, they help your institution avoid falling behind the competition by providing the insights and data you need to implement effective rule writing strategies.
To learn more about how we can reduce cost, increase efficiency, and keep your fraud strategies up to date, please click the button below.