{"id":4405,"date":"2023-06-01T06:44:00","date_gmt":"2023-06-01T06:44:00","guid":{"rendered":"https:\/\/wibmo.com\/bin-attack-fraud\/"},"modified":"2024-06-04T06:00:19","modified_gmt":"2024-06-04T06:00:19","slug":"bin-attack-fraud","status":"publish","type":"post","link":"https:\/\/wibmo.com\/blogs\/bin-attack-fraud\/","title":{"rendered":"BIN Attack Fraud"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCard not present (CNP) transactions are those where the purchase is made without presenting the physical card to the merchant at the point of sale. As more and more physical stores are using EMV-compliant terminals, Javelin Strategy & Research credit card fraud statistics report that card-not-present fraud is now 81% more likely to happen than card-present fraud. Card-not-present transactions can be done via online merchants, telephone orders, or mail. There are various modus operandi to commit CNP fraud, such as account takeover using phishing scams, malware infection to capture keystrokes, or friendly fraud. In such scenarios, the cardholder is involved in the fraud, and it is kind of a personalised attack. However, today we will talk about an impersonal attack where a fraudster exploits a BIN (bank identification number) and uses distributed computing power to automatically generate the remaining numbers and test these combinations to see which card numbers are correct and if the cards are active. This kind of attack is called BIN attack fraud. The subtlety of BIN Attack fraud is that it does not involve any data breach or ID theft; it is just a pure random coincidence that a victim\u2019s card number is chosen.\n\nThe compromised cards can have a significant impact on issuing banks in terms of chargebacks, call c entre volume spikes, and re-issuance expenses. Furthermore, any cardholder disruption or friction during this tenure leads to a loss of interchange revenues. The damage to the bank\u2019s reputation could lead to cardholders switching the bank\u2019s services to another, more secure bank.\n\nA merchant involved in BIN attack fraud faces increased disputes or chargebacks, additional fees, and regulatory fines. Depending on the nature of the attack and risk profile, the acquiring bank may choose to suspend support for the merchant\u2019s site. The cardholder\u2019s bank may restrict purchases from your site, resulting in further financial losses. Refunding any fraudulent transactions is an operational challenge, not to mention the reputational loss.\n\nThus, BIN attack fraud is a problem both for issuers and merchants.\n

Preventing a BIN Attack Fraud<\/h4>\n

To prevent BIN attack fraud, the merchant or the issuing bank can deploy a few techniques:<\/p>\n\n

    \n \t
  1. Enable 3D security. The latest version of EMV 3DS 2.x is an additional security layer for online credit and debit card transactions that aims to achieve a balance between security and user convenience.<\/li>\n \t
  2. As a merchant, enable a CAPTCHA test to tell humans and bots apart. While this may create friction for genuine customers, it\u2019s an effective deterrent against BOT scripts.<\/li>\n \t
  3. Deploy an anti-fraud solution that can look at many aspects and block transactions or alert your fraud analyst. A good anti-fraud solution should have:<\/li>\n<\/ol>\n