True Fraud Stories: BIN Runs

Transcript of the conversation can be found below.

Katie:

So Nicci, I understand you recently discovered an attempt at fraud in progress related to debit cards. Can you give us a little explanation as to what you saw first?

Nicci:

So yeah, well, we were going over possible fraud cases, we discovered there was a pattern to them, there were [similar] dollar amounts [at the same] merchants that were being attempted. This looked like what we call a BIN run.

Katie:
Can you tell us what a BIN run is?

Nicci:

Every card debit or credit has a BIN, which is a bank identification number. This lets you know what bank owns that certain card. Criminals will take that information, either by guessing or by buying legitimate cards off the dark web. And they just run a computer program at a merchant in sequence. So you might have card number one, card number two…  they just keep trying until they get a valid card.

Katie

Is a BIN run the same as a data breach?

Nicci:

It is not. It has nothing to do with a network being breached [at] the bank or merchant. It’s just criminals guessing at card numbers.

Katie:
So when you first notice the BIN run, what are the steps you take? And what is the first steps the bank takes?

Nicci:
The first steps that we would take is to pull a report to try to find how many people are affected. How many cards are affected? After that we would restrict those affected cards and then have customer outreach reach out to those customers.

Katie:

For customers: What should they know about BIN runs to best protect themselves?

Nicci:
One thing I would definitely recommend is keeping an eye on their account. If they use our mobile app, I would definitely suggest using the card controls where they could set up transaction limits [for] certain merchant types, or they could block International [transactions]. And then, the notifications — so if any attempts happen, they would get a notification from the app.

Stay informed about best practices to fight fraud!