‘BIN’ Attacks: Cybercriminals are Using Stolen ‘BIN’ Details for Card Fraud

While cybersecurity networks might be boosting themselves with newer technologies, cybercrime groups are also augmenting their tactics with more sophisticated tools. 

The latest example in cyberspace is the “BIN attacks,” that targeted small businesses. The tactic involved manipulation of the Bank Identification Number (BIN) of credit cards that allowed threat actors to put the stolen card details through trial and error on unsuspecting e-commerce websites. 

Behind the Scenes of the ‘BIN’ Attacks

In 2023 alone, the payment card fraud amounted to a whopping $577 million, which was 16.5% more than in 2022. Among its victims, the Commonwealth Bank was the one that experienced the fraud when a Melbourne wholesaler faced a barrage of 13,500 declined e-commerce transactions in a month. 

The incident, previously noted as a clerical error, turned out to be an event of cybercrime that impacted both businesses and consumers. 

The cybercriminals initially obtained the first six digits of a credit card, called the Bank Identification Number (BIN). This information was then used for trial and error to determine what combinations of card numbers, expiration dates, and security codes work. Subsequently, the card data that were taken are verified through inconspicuous transactions to ascertain their authenticity. Once verified, card numbers that have been compromised are either sold by fraudsters or used in larger-scale fraudulent transactions.

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: