Fraud Dictionary
BIN Attack

BIN Attack

A Bank Identification Number attack is an attempt to exploit a bank's online banking service by gaining access to the victim's personal information. 

The attacker will often try to find out the victim's personal details, such as their name and address, as well as their account numbers. Once the attacker has this information, they will be able to transfer money from your account or deposit counterfeit bills into your account.

In order for a Bank Identification Number attack to succeed, the attacker needs to have access to your personal information. This can be done in a number of ways. 

For example, they could gain access to your login details when you log into your bank account online or they could trick you into giving them this information by phishing you.

How Does a BIN Attack Work?

The BIN attack works by testing various combinations of credit card numbers at various merchants. The fraudster will purchase an item at a retailer and then use the credit card number to process a chargeback. 

If the credit card number has a BIN number that has not been issued, then the card number is invalid and the chargeback will be accepted. 

For example, say you are a fraudster and you have a credit card that has a valid BIN number and a credit card number with a valid BIN. The first thing you will do is to test the credit card number at various merchants. 

If the charge is declined, then the credit card number that was used is incorrect. If the charge is accepted, then the credit card number is valid. The fraudster will now process a chargeback on the transaction that was accepted.


How does a BIN attack impact ecommerce merchants?

BIN attacks can negatively impact merchants in a few ways. First, the volume of declined transactions can impact your relationship with the payment gateway. 

If a high number of declined transactions indicate fraud, your merchant account provider might place you on a limited or restricted plan. Such limits can impact your business significantly. 

Second, the actual costs of the transaction attempts themselves can negatively affect your bottom line. Each transaction attempt costs money, so the more of them, the more money you’ll spend. 

Third, if any of these attacks use false information, it can affect your business’s ability to accept payments entirely. Depending on the severity of the situation, this could mean fines and a loss of your ability to accept any payments at all.

Using a tool like Spotrisk can help to mitigate the impacts of BIN attacks on Ecommerce merchants.

How does a BIN attack impact banks?

The way BIN attacks affect banks is an interesting conundrum. On one hand, they are a way for fraudsters to generate free credit cards. 

On the other hand, every BIN attack uses incorrect information in an attempt to find a balance that works with a given card. In other words, the bad guys are trying to use the stolen data on these cards and failing every single time. 

This means the banks don’t lose any money at all. In fact, the whole purpose of BIN testing is to make sure the stolen account numbers don’t work. This means that banks are alerted to the potential fraud without being financially impacted. BIN attacks don’t cause banks any financial harm.

How does a BIN attack impact payment gateways?

BIN attacks negatively impact payment gateways in a few ways. First, they add more loads to an already stressed system. The more transactions a given payment gateway handles, the more likely it is to experience a delay or an error. 

Second, payment gateways are in the business of managing risk. By definition, payment gateways are responsible for managing risk by preventing fraudulent transactions. BIN attacks are an extremely high-risk type of transaction. 

Payment gateways are built to identify and stop BIN attacks before they ever get anywhere, but the sheer volume of data makes this an impossible task. BIN attacks can negatively impact payment gateways by overwhelming the system and causing transaction declines.

How does a BIN attack impact customers?

BIN attacks negatively impact customers in two ways. First, BIN attacks are a form of card not present fraud. Because the fraudster never actually sees the card and the info is entirely automated, customers can be wrongfully declined when a BIN attack hits the merchant account. While this is an understandable reaction, it is an unfortunate consequence of an attack on the merchant’s end. 

Second, BIN attacks can cause customers to experience a longer wait time when they expect their transaction to be approved and it’s not. BIN attacks can cause a delay of payment as the merchant processes the transaction manually and waits for the card network to manually approve the transaction – if it does at all.

Are BIN attacks still a threat in 2023?

Yes, BIN attacks are still a threat in 2023. BIN attacks are not a new type of attack, but they are still a very useful tool for fraudsters who want to get credit card numbers. With BIN attacks, fraudsters get real credit card numbers, which is something that other attacks cannot accomplish.  

BIN attacks are one of the most costly types of credit card fraud. It is estimated that BIN attacks cost credit card issuers approximately $8 billion a year and merchants $7 billion. BIN attacks are so costly because they result in chargebacks, and chargebacks are costly for both sides. 

For all the trouble and expense, BIN attacks are not the most effective way to get credit card numbers. As a brute force method, BIN attacks can take a long time and the fraudster may not even succeed. Using other, more targeted methods, such as social engineering and skimming, is often a more effective way to get credit card numbers.

Ready to protect your business?

Connect your ecommerce store free, in just a few clicks.
© Copyright Spotrisk 2023