We generally know how to avoid online scams, and that sometimes we shouldn’t use our credit card, but it’s important to stay aware and informed because credit card hackers are always looking for the next scam. Cybercrimes are becoming more common than ever before, and knowing these signs you’re about to be hacked is one way to protect yourself. A BIN attack is a new type of credit card fraud, and it works a little differently than you may be familiar with.
Here’s everything you need to know about BIN numbers, BIN attacks and how to protect yourself.
What does BIN mean?
BIN stands for Bank Identification Number, and it is the first four to eight numbers of a credit card, debit card or gift card. “The BIN identifies the issuing bank,” explains Paul Bischoff, privacy advocate at Comparitech.
“Many consumers think that their card numbers are completely random, but that’s actually not the case,” explains Monica Eaton, owner and founder of Chargebacks911. “If you take a credit card out of your wallet and look at it, the first number is probably 3 to 6, which are the numbers usually reserved for personal banking, payments and finances.”
What is a BIN attack?
In a BIN attack, a fraudster first makes a small purchase. “A BIN attack is part of a larger threat vector called carding,” explains Tami Hudson, EVP & Cybersecurity Client Officer at Wells Fargo. “Cards is a web threat in which threat actors use parallel and multiple attempts to authorize stolen credit card credentials.”
BINs help issuing banks track their cards. “Ideally, this also helps reduce financial crimes and fraudulent activity, such as identity theft, stolen cards and unauthorized charges, but the fraudsters are very smart,” says Eaton. “Because the BIN follows a certain numerical format, it necessarily means that some numbers will be more likely to appear in certain places than others.” Once a fraudster has figured out the BIN, he is halfway there and just needs to figure out the final numbers, expiration date and CVV number.
“They just keep generating card numbers until they find one that works,” Bischoff explains. “From there, the attacker will check if the card is active and has any fraud protection by making small purchases, which is called card testing. If they find a vulnerable card, they can sell it on the dark web or use it to make fraudulent purchases.”
Don’t forget to check out what Zoom scam experts warn about.
What should I do if I notice these fraudulent charges?
To spot fraudulent charges, you need to pay attention to your statements. We all know we should, but most of us don’t take the time to do this essential exercise. A BIN attack starts with a small charge that can be easily missed, so you need to look at each transaction.
“Monitor, monitor, monitor,” says Hudson. “Many threat actors will begin an attack by making small purchase amounts as a teaser, and if that goes unnoticed, they will graduate to more significant amount levels.”
Eaton says it’s important to notify your bank right away, and it’s critical to have a sense of urgency about it, even if the fraudulent charge was just for five cents. “Once the fraudsters discover they have a valid, usable card, they’re going to come back,” Eaton says. “There is blood in the water. It’s going to escalate and it’s going to get worse.”
How can I protect myself from a BIN attack?
Hudson recommends setting up transaction alerts and notifications so you can identify suspicious activity as soon as possible. She also recommends setting up multi-factor authentication on your accounts, which will require users to sign in with something they know (eg password) and something they have (eg mobile phone).
“Turn on transaction notifications, even for small purchases of more than one cent,” says Bischoff, “And try to only use merchants that use the Verified by Visa (VBV) or Mastercard SecureCode (MCSC) features, which ask the cardholder for ‘ a one-time password when using their card at participating stores.”
If you’re shopping at stores you don’t fully trust, Bischoff recommends using temporary virtual credit card numbers that you can request from your issuing bank.
Sources:
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
