Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
BANK IDENTIFICATION NUMBER – DEFINED
By Staff Reporters
***
***
What Is a BIN Attack?
The BIN, or the Bank Identification Number, is the first six digits on a credit card. These are always tied to its issuing institution – usually a bank. In a BIN attack, fraudsters use these six numbers to algorithmically try to generate all the other legitimate numbers, in the hopes of generating a usable card number.
How Does a BIN Attack Work?
Fraudsters conduct BIN attacks by generating hundreds of thousands of possible credit card numbers and testing them out.
- A fraudster looks up the BIN of the bank they will target. Ranging from four to six digits, this information is in the public domain and is thus easy to source.
- Using dedicated software such as an auto-dialer, they generate thousands, often tens of thousands, combinations of possible existing card numbers by this issuer.
- At this point, these credentials need to be tested. The fraudster identifies a suitable online shop or donation page.
- They start card testing by attempting a small payment with each generated card number.
- They keep track of the small percentage of card details that worked, which they are ready to use in earnest for their fraudulent pursuits.
***
***
Remember that the fraudster will start off with only six digits, yet there are many more card details required for a successful transaction. If those are entered erroneously, the transaction will decline. This includes the CVV number, the expiration date, as well as likely address verification service (AVS) failures. Card testing transactions are executed remotely in a fast fashion, so distance checks should also be a hint as well as velocity alerts.
Fraudsters may use bad merchant accounts directly for this purpose, or more frequently involve multiple online stores and services during a BIN attack, as their attempts keep getting blocked at most outlets.
MORE: https://seon.io/resources/dictionary/bin-attack/
COMMENTS APPRECIATED
Subscribe, Refer and Like
***
***
Share this:
Filed under: "Ask-an-Advisor", Accounting, Glossary Terms, Marcinko Associates, Risk Management | Tagged: auto dialer, AVS, bank identification card, BIN, BIN Attack, card testing, CC, cc testing, credit card, credit card number, CVV, finance, fraudsters, Investing, Marcinko, personal-finance | Leave a comment »
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 