Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BIN Attack. Show all posts

‘BIN’ Attacks: Cybercriminals are Using Stolen ‘BIN’ Details for Card Fraud


While cybersecurity networks might be boosting themselves with newer technologies, cybercrime groups are also augmenting their tactics with more sophisticated tools. 

The latest example in cyberspace is the “BIN attacks,” that targeted small businesses. The tactic involved manipulation of the Bank Identification Number (BIN) of credit cards that allowed threat actors to put the stolen card details through trial and error on unsuspecting e-commerce websites. 

Behind the Scenes of the 'BIN' Attacks

In 2023 alone, the payment card fraud amounted to a whopping $577 million, which was 16.5% more than in 2022. Among its victims, the Commonwealth Bank was the one that experienced the fraud when a Melbourne wholesaler faced a barrage of 13,500 declined e-commerce transactions in a month. 

The incident, previously noted as a clerical error, turned out to be an event of cybercrime that impacted both businesses and consumers. 

The cybercriminals initially obtained the first six digits of a credit card, called the Bank Identification Number (BIN). This information was then used for trial and error to determine what combinations of card numbers, expiration dates, and security codes work. Subsequently, the card data that were taken are verified through inconspicuous transactions to ascertain their authenticity. Once verified, card numbers that have been compromised are either sold by fraudsters or used in larger-scale fraudulent transactions.

Customer Accounts Compromised

Commonwealth Bank account holders, Bob Barrow and John Goodall, discovered that they were the targets of fraudulent activities. Despite having no online activity with their cards, they were astonished when they found out about the transactions made on their accounts. This made them question the security of their financial information.

Credit card numbers are more random and limitless than one might believe. Out of the sixteen digits on a card, the six-digit BIN leaves just ten that follow a pattern. Because there are comparatively fewer options, cybercriminals can leverage automated methods to quickly guess valid combinations, which presents a serious threat to conventional security measures. 

While the affected entities are expected to come up with more stringent safety measures, the responsibility does not solely lay on the banks. Financial institutions do not always conduct the transactions; they are often the victims themselves who issue the cards. The attacks emphasize the necessity of a multi-layered safeguard, with companies utilizing strong fraud prevention systems and online shop security-focused payment processors like Stripe and Square. This is necessary since a BIN attack's aftermath might cause firms to go bankrupt.