No one could have anticipated the widespread impact of COVID-19 around the world—from the ways we work, learn, socialize, shop, and more. Moving to the front of retail, e-commerce is one of several areas that have significantly changed since the pandemic. Digital Commerce 360 found that consumers spent $861.12 billion online with U.S. retailers in 2020, up 44.0% from $598.02 billion in 2019. Online spending represented 21.3% of total retail sales last year, compared with 15.8% the year prior.
However, with the explosive growth of e-commerce, successful e-commerce fraud attacks are on the rise as well. Digital Commerce 360 reported that e-commerce retailers across business sizes experienced more successful fraud attacks in 2020 than in 2019: small businesses experienced an average of 7 more successful fraud attacks per month; mid/large businesses with digital goods experienced an average of 76 more per month; and mid/large businesses with physical goods experienced an average of 51 more per month. Digital Commerce 360 also reported an overall 3% increase in sophisticated attacks versus basic attacks on ecommerce retailers in 2020 than in 2019.
A BIN attack is when a fraudster takes the first six numbers of a card, which is the Bank Identification Number or BIN, and then uses software to systematically generate and test the remaining numbers. The fraudster then tests these combinations to see which card numbers they have are correct and active. Fraudsters can even write programs to test multiple cards a second by making small transactions of less than $1 through an online store—making it difficult for both fraud detection systems and consumers to detect. Once fraudsters determine which card numbers are correct and active, they can then make much larger transactions, hurting both merchants and issuers.
Previous industry data estimates that globally 300 banks are targeted every month and with Covid-19, this will only accelerate. “It’s an industry-wide problem,” says one payment processor executive.
Although consumers and retailers are impacted by BIN attacks, they’re not the ones who are typically left footing the bill. Credit card networks, such as Mastercard and Discover, are clearinghouses for transactions and usually aren’t responsible for unauthorized charges. Most credit card networks have zero-liability policies that guarantee consumers won’t be liable for unauthorized charges. According to the federal Fair Credit Billing Act, if a consumer’s card number is stolen—such as in a BIN attack—the consumer is not responsible for any fraudulent charges.
Credit card networks don’t actually issue credit cards to consumers, instead working with financial institutions like banks or credit unions in order to do so. These are the companies that end up shouldering the majority of the financial burden when it comes to fraudulent charges. All major credit card issuers offer consumers zero liability policies if they dispute the charges within 30 days, with many small credit card issuers beginning to offer zero liability policies as well in order to stay competitive. The issuer then has 30 days to respond to the dispute and 90 days to investigate the complaint, during which they are not allowed to collect payment, charge interest, or report it to the credit bureaus as late.
Although financial institutions typically absorb the cost of fraudulent charges by reimbursing the merchant, the cost to financial institutions doesn’t stop there. Banks have to spend internal resources and time in order to substantiate that fraud has truly occurred. This involves combing through electronic transaction trails for crucial details such as timestamps, geolocation, IP addresses, and more.
There are a few steps that financial institutions can take to protect themselves from BIN attacks:
As the number of fraudulent attacks and their level of sophistication continue to rise, it’s crucial for financial institutions to get ahead of them. Rippleshot uses machine learning and automation to detect high risk merchants and fraudulent transactions to help financial institutions protect themselves and proactively stop card fraud.
Contact us today to learn more and schedule a product tour.
You have fraud frustrations? We have the solutions. Let's discuss what you are dealing with and we can learn more and share how we can help.