What BIN Attacks Are & How to Know if You Are a Victim

What are BIN Attacks 

A card’s BIN, (Bank Identification number), is comprised of the first six digits of a credit card number. A BIN attack is when a fraudster takes the first six numbers of a card, which are unique to each card-issuing bank, and then uses software to systematically generate the remaining card numbers. The fraudster then tests these combinations by automatically generating  CVVs and Expiration Dates, to see which of the card numbers they generated are correct and active. Fraudsters can even write programs to test multiple cards a second by making small transactions of less than $1 through an online store—making it difficult for both fraud detection systems and consumers to detect. Once fraudsters determine which card numbers are correct and active, they can then make much larger transactions, hurting both merchants and issuers. 

How to Know if You are the Victim of a BIN Attack

With relative ease fraudsters are capable of accruing card information faster than ever before, however the processes used by fraudsters to acquire this information leave clues. By learning the telltale signs of a BIN attack you can begin to protect yourself from potential fraudulent charges. In addition to reviewing  daily transaction reports carefully in order to spot fraudulent transactions, a spike in one or more of the following categories means that you’re likely experiencing BIN attacks.

#1 - Low Value Transactions

  • Suspicious probing transactions as low as $1
  • Fraudsters keep these test transactions low so that they fly under the radar.
  • Both legitimate and fraudulent merchants are susceptible to false transactions
  • Legitimate Merchants may even be targeted by BIN attack fraudsters as they appear less suspicious
  • Foreign Transactions
  • Similarly to other probing transactions, these transactions will be quite small, but made from unusual locations (Brazil, Japan, Bahrain,...)

#2 - High decline rates

  • Increase in number of denials from a single merchant in a short period of time
  • Increase in number of denials across multiple merchants for small dollar amounts 

#3 - High Volume of Errors

  • Frequently, failed transactions will be reported with specific error numbers associated which provides the reason for the denial. The following error numbers are particularly common in BIN attacks:
  • 014 – Denied invalid cardholder account number information, CVV/CVC or CVV2/CVC2 mismatched. 
  • 054 – Card is expired
  • 077 – Record cannot be located
  • 590 – General denial. When accompanied by message type 120, this indicates the network has stepped in and is denying the transactions.

Rippleshot uses machine learning and automation to detect high risk merchants and fraudulent transactions to help financial institutions protect themselves and proactively stop card fraud.  To learn more about how BIN attacks, contact us at info@rippleshot.com.

Schedule Your Demo

Request a Product Tour

You have fraud frustrations? We have the solutions. Let's discuss what you are dealing with and we can learn more and share how we can help.

Three blue ellipsis's