BIN Credit Card Attack?

Posted on March 17, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

BANK IDENTIFICATION NUMBER – DEFINED

By Staff Reporters

***

***

What Is a BIN Attack?

The BIN, or the Bank Identification Number, is the first six digits on a credit card. These are always tied to its issuing institution – usually a bank. In a BIN attack, fraudsters use these six numbers to algorithmically try to generate all the other legitimate numbers, in the hopes of generating a usable card number.  

How Does a BIN Attack Work?

Fraudsters conduct BIN attacks by generating hundreds of thousands of possible credit card numbers and testing them out.

  1. A fraudster looks up the BIN of the bank they will target. Ranging from four to six digits, this information is in the public domain and is thus easy to source.
  2. Using dedicated software such as an auto-dialer, they generate thousands, often tens of thousands, combinations of possible existing card numbers by this issuer.
  3. At this point, these credentials need to be tested. The fraudster identifies a suitable online shop or donation page.
  4. They start card testing by attempting a small payment with each generated card number.
  5. They keep track of the small percentage of card details that worked, which they are ready to use in earnest for their fraudulent pursuits. 

***

***

Remember that the fraudster will start off with only six digits, yet there are many more card details required for a successful transaction. If those are entered erroneously, the transaction will decline. This includes the CVV number, the expiration date, as well as likely address verification service (AVS) failures. Card testing transactions are executed remotely in a fast fashion, so distance checks should also be a hint as well as velocity alerts. 

Fraudsters may use bad merchant accounts directly for this purpose, or more frequently involve multiple online stores and services during a BIN attack, as their attempts keep getting blocked at most outlets.

MORE: https://seon.io/resources/dictionary/bin-attack/

COMMENTS APPRECIATED

Subscribe, Refer and Like

***

***

Filed under: "Ask-an-Advisor", Accounting, Glossary Terms, Marcinko Associates, Risk Management | Tagged: , , , , , , , , , , , , , , , | Leave a comment »

Content Exchange and Vocabulary Standards for eMRs

Posted on October 14, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Understanding Terms and Definitions

By Shahid N. Shah MS

As per the HHS rules, vocabulary standards are standardized nomenclatures and e-code sets used to describe clinical problems and procedures, medications, and allergies for eMRs. Some commons terms and definitions are listed below:

Terms and Definitions

  • ASTM’s CCR – for most of your basic patient summary exchange needs the CCR will meet your needs. If you’re moving from low or no interoperability today to some interoperable capabilities then CCR is your best starting place.
  • International Classification of Diseases, 9th Revision, Clinical Modifications (ICD-9- CM) or SNOMED CT® should populate a problem list. If you’re not familiar with both standards and are unsure where to start, go with ICD-9 for problem lists. SNOMED is not commonly supported in the broad EMR industry but ICD-9 support is quite common so start there.
  • Health Level Seven (HL7) Clinical Document Architecture (CDA) Release 2 (R2) Level 2 CCD – for more advanced patient summary exchange needs the HL7 CDA is recommended. If you’re already supporting CCR exchange and it’s not meeting your needs then HL7 CDA is the next logical place to go.
  • For patient summary exchanges, HHS expect the following fields to be populated: problem list; medication list; medication allergy list; procedures; vital signs; units of measure; lab orders and results; and, where appropriate, discharge summary.
  • ICD-9-CM [ACD-10] or American Medical Association (AMA) Current Procedural Terminology (CPT®) Fourth Edition (CPT–4) to populate information related to procedures. Both of these standards are support broadly by most existing vendors so going with either or both is good.
  • For medication lists, HHS requires the use of codes from a drug vocabulary the National Library of Medicine has identified as an RxNorm drug data source provider with a complete data set integrated within RxNorm.
  • For lab results, HHS requires the use of LOINC® to populate information in a patient summary record related to lab orders and results when LOINC® codes have been received from a laboratory and are retained and subsequently available in your EMR. HHS states that in instances where LOINC® codes have not been received from a laboratory, the use of any local or proprietary code is permitted. HHS does not require these local or proprietary codes to be converted to LOINC® codes in order to populate a patient summary record.
  • For the purposes of electronic prescribing, your vendor must be capable of using NCPDP SCRIPT 8.1 or NCPDP SCRIPT 8.1 and 10.6. With respect to a vocabulary standard, your vendor must use codes from a drug vocabulary currently integrated into the NLM’s RxNorm. For the purposes of performing a drug formulary check, your vendor must be capable of using NCPDP Formulary & Benefits Standard 1.0 adopted by HHS (73 FR 18918).
  • There are standards required for insurance data like eligibility checking and submissions of claims. ASC X12N and NCPDP standards (Versions 4010/4010A and 5010 and Versions 5.1 and D.0, respectively) should be used for these transactions. It’s important to realize that Version 4010 is being phased out in favor of Version 5010 so your vendors need to support both at this time and must be able to move exclusively to Version 5010 in the future.
  • For the purposes of electronically submitting calculated quality measures required by CMS or by States, your vendor must be capable of using the CMS PQRI 2008 Registry XML Specification. Going forward, HL7 Quality Reporting Document Architecture (QRDA) Implementation Guide based on HL7 CDA Release 2 may be allowed but for now focus on the CMS PQRI requirements until HHS provides more guidance in the future.
  • For the purposes of submitting lab results to public health agencies, your vendor must be capable of using HL7 2.5.1.
  • For the purposes of electronically submitting information to public health agencies for surveillance and reporting, your vendor must be capable of using HL7 2.3.1 or HL7 2.5.1 as a content exchange standard. At this time HHS not required adverse event reporting nor have they adopted a specific vocabulary standard for submitting information to public health agencies for surveillance and reporting.
  • For the purposes of electronically submitting information to immunization registries your vendor must be capable of using HL7 2.3.1 or HL7 2.5.1 as a content exchange standard and the CDC maintained HL7 standard code set CVX -Vaccines Administered18 as the vocabulary standard.

Assessment

www.BusinessofMedicalPractice.com

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.  

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko 

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Filed under: CMP Program, Information Technology, Practice Management | Tagged: , , , , , , , , , , , , , , , | 3 Comments »