Do you know how the card numbers within your card BINs are issued? Are you vulnerable to fraud attacks because of sequential card number issuances within you BINs?
Cybercriminals have recently identified cards numbers within your card BINs being issued sequentially as an easy entry point for performing systematic, sophisticated attacks known as “Brute Force Attacks,” or previously known as “Credit Master Attacks.” Many financial institutions reporting these attacks say they were not even aware that their card numbers were being issued sequentially until the fraud hit!
We strongly encourage you to check and ensure none of your cards - debit or credit, EMV or non-EMV, consumer or business – card or card numbers are being issued in sequential order when issued within each BIN , in order to help prevent or a “Brute-Force Attack.”
What is a Brute-Force Attack?
Generally speaking, a brute-force attack start with the bad guy using an auto-dialer to attempt to get your card numbers issued within your BIN. They will be attempting authorizations and trying to find out if the card numbers have been issued yet. If your card numbers are in sequential order this starts the attack and then the fraudster will attempt to get the card expiration date and other card security data to obtain an approved authorization.
The attacks we are seeing today involve the fraudsters going after internet merchants with variations of the card security data to see if they can get an authorization. Testing of the cards are usually performed at one merchant with hundreds of authorization attempts being made on the card information until an approval is obtained. With the card number, the fraudster can perform unlimited guesses to find the card expiration date and other card security layers.
How Do You Know If You Are Experiencing a Brute-Force Attack?
Work with your card vendors and processors to look for and report any significant increase in the number of denials from one or multiple merchants in a short window of time, paying special attention to a response code of 077 which means a card number has not yet been issued. This indicates the hacker is using card numbers within your BIN range of card numbers. Incorrect card expiration date responses are also a key indication of these attacks, and should also be taken note of.
How Can You Prevent a Brute-Force Attack?
First and foremost, find out if your card numbers within each BIN are being issued in sequential order. If they are, get this changed immediately and confirm it with your vendor.
Your financial institution should also work with your card vendor(s) to proactively uncover and prevent this type of attack.
- Confirm all of your card numbers are issued randomly, not sequentially.
- Watch for card attempts against a particular merchant with many transactions attempted. Pay special attention to repeated transaction attempts with card numbers in sequential order, especially those that attempt to use cards with incorrect or expired card expiration dates. Alert your card vendor immediately if you see these attempts come in, as these are key indicators of a card BIN attack where your card numbers are being auto-populated robotically in an attempt to find valid card numbers.
- Watch your card response codes and card denied reason codes very closely.
- Watch for a denial for non-matching account on your master card file.
- Watch for the brute force attacks on fraudulent card-not-present transactions, card-not present mail order, and telephone order transactions.
- Watch for the brute force attacks on card present transactions.
- Confirm you blocked key-entered authorizations on card-present transactions. These could be a part of a brute force attack involving PIN attempts or authorizations at a POS or ATM after a counterfeit card has been created.
Allied Solutions is continuing to monitor the card BIN attacks and are staying in touch with the card associations to let them know what we are hearing and seeing.
If you think you think you are experiencing a card BIN attack, please reach out for consultation to help prevent this exposure.
Click here to sign-up for our Fraud & Security Risk Alerts and receive ongoing education about top-of-mind fraud & security risks.