Put BIN attacks in the trash


BIN attacks continue to be a serious problem for card issuers and merchants.   Financial institutions struggle to find solutions.

In Spain, police recently arrested 35 people in an international credit card fraud case, where the fraudsters used phishing, skimming, and BIN attacks to acquire card numbers. With these numbers, they made purchases and laundered money using bitcoin.  

In July this year, KB Card, one of the largest credit card companies in South Korea, was targeted with a BIN attack when over 2,000 fraudulent transactions were made on Amazon.  Several other credit card companies also suffered from similar BIN attacks around the same time.  

Just last month, a massive breach of America’s fifth largest credit card company resulted in the leak of 100 million credit card customers.

Credit Card fraud is a $30B a year problem, and that figure continues to grow. Industry officials are concerned about the potential financial damages caused by BIN Attacks and continue to search for solutions using fintech technologies.

 What is a BIN?

The BIN, or Bank Identification number is the first 6 digits of a card number that uniquely identifies the institution issuing the card. The numbering system, which was jointly developed by the ISO and the American National Standards Institute, allows merchants to identify the bank’s name, address, and phone number.

What is a BIN attack?

A BIN attack involves using a known BIN number, and systematically generating and testing the remaining numbers of a credit card number. These numbers are usually tested by making small transactions (<$1) on known merchant sites such as Amazon. Because of the small amounts, these transactions are hard to be detected by fraud detection systems, and most consumers don’t even notice them. The valid numbers are then later used to make much larger transactions, with merchants and issuers bearing these losses.

Fighting Credit Card Fraud

Chang-Hun Yoo, the founder and CEO of SwIDch, a technology company that uses their patented authentication algorithms to fight card fraud, decided to establish their HQ in London, the world’s leading Fintech location, to solve this global problem.

According to Chang: “The biggest vulnerability to online transactions is the static 16-digit credit card number. Through swIDch, our clients can generate a one-time dynamic card number, CVC and expiry date for each online transaction. A credit card number is not displayed anywhere on the card, so it is impossible to steal your account number. The dynamic card numbers are generated when the card is touched to your smartphone, and can be generated even without a network connection, ensuring the ultimate security.”

This innovative technology provides an elegant and easy solution for card issuers to deploy quickly and efficiently. They have a unique approach to tackle card not present fraud, by targeting not the “fraud,” but the “not present.”

 Tony Hughes, a serial tech entrepreneur and a Dealmaker for the Department for International Trade’s Global Entrepreneur Programme (GEP) added: “swIDch are taking away a crucial part of the fraudsters toolkit.   This is essential and proven technology for payment providers to keep their customers safe and ensure banking institutions retain the trust of their clientele as we encounter ever more sophisticated fraud.”

Leave a reply

Please enter your comment!
Please enter your name here