A BIN attack is a fraudulent scheme where a scammer selects a BIN (Banking Identification Number) and proceeds to systematically test random combinations in an attempt to guess a valid 16-digit credit card number, along with its associated expiration date and CVV number.
To understand the concept better, take a look at your credit card. The first six digits of the 16-digit number on the card face represent the BIN, which uniquely identifies the issuing bank. It’s important to note that not all cards from the same bank will share the exact same BIN. Some larger banks, like Bank of America, may have multiple BINs, but all cards with a matching BIN will originate from that specific bank.
In a BIN attack, scammers employ a “brute force” approach to commit identity theft. They set the chosen BIN as a starting point and then systematically cycle through random numbers until they stumble upon a combination that grants them access.
It’s worth mentioning that BIN attacks share similarities with card testing fraud, though they are not identical. In a BIN attack, the primary goal is to target account numbers and extract the user’s credit card information using automated software. Card testing, on the other hand, typically follows a successful BIN attack and involves assessing whether the stolen card can be used for further fraudulent activities.
The impact of BIN attacks on merchants is significant:
- Strained Relations With Banks: Merchants identified as “soft targets” for testing additional fraudulent cards may face strained relationships with banks, potentially affecting future collaboration.
- Reputational Damage: If a merchant’s business is associated with a BIN attack, cardholders who spot the shop’s name on their bank statements may forever link it with fraudulent activity. This can lead to lasting reputational damage.
- Chargebacks: Depending on the scale and financial impact of the attack, merchants may encounter chargebacks resulting from invalid transactions, which can lead to financial losses and administrative burdens.
BIN attacks are a form of fraudulent activity that exploit the vulnerabilities in credit card systems, and their consequences can be detrimental for both merchants and banks involved.
Written by Andrii Vovk