eNews: May 2023
May 26, 2023
How we fight debit and credit card fraud.
Unfortunately, fraud happens. Whether it is stealing checks from mailboxes or using computers and advanced technologies to obtain card credentials, fraudsters are always looking for the next big score, adding new tactics to their bag of tricks.
One common scheme involves fraudsters trying to guess valid combinations of card numbers. Once they find a working combination, they move on to card testing, where they make small purchases to determine if the card is active and vulnerable to fraud. This is sometimes called a “BIN” attack.
There is a BIG difference between a "BIN attack" and a "data breach".
In a BIN attack, fraudsters use six numbers (from your card) to algorithmically try to generate all the other legitimate numbers, in the hopes of generating a usable card number. A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.
How does a fraudster conduct a BIN attack?
The fraudsters deploy a software algorithm to perform test runs on a single merchant at high velocity—as many as 5,000 attempts in just a few hours. The algorithm typically uses the same purchase amounts, expiration dates, and CVV codes in various combinations. The first six digits on your card are known as the bank identification number, or BIN. The BIN identifies the financial that issues the card. Because these numbers will be the same for all cards issued by a particular financial institution, the computer algorithm will try many combinations using this same BIN.
How are these attacks stopped?
Debit card fraud has been on a significant rise since early 2020 and affects nearly every financial institution at one time or another. Unison deploys anti-fraud detection software that can help to spot the early stages of a fraudster attempting this type of activity, which is why we may have to re-issue you a new card if we find that your card has been compromised.
One important thing to note – These attacks are on debit or credit card numbers and merchant internet-facing systems and not on any Credit Union owned system or network. Unlike some merchants, Unison’s systems are encrypted.
How can YOU protect yourself?
- Set up transaction alerts for purchases of more than one cent, to detect and identify suspicious activity as soon as possible.
- Opt for multifactor authentication (MFA) that requires users to sign in with something they know (such as a password) and something they have (such as a mobile device).
- Shop online only with merchants that use the Visa 3D Secure/Verified by VISA or Mastercard SecureCode (MCSC) features, which prompt the cardholder for a one-time password whenever their card is used at participating stores.
Please call us at 920-766-6000 if you have any questions or follow these 5 steps to protect yourself from fraud!
Spring into Savings!
Let your cash flourish with our limited-time Certificate promotion. Whether you prefer to visit us in person, give us a call, or browse our website, our Member Advisors are here to help get you started!
View our current rates any time and start saving today!