February 4, 2023
Payment card issuers around the world have witnessed a dramatic increase in card testing fraud events, otherwise known as velocity BIN attacks. Some HHSB customers have been directly affected by this type of fraud in recent weeks. It is important to know that BIN attacks are not breaches, hacks, or attacks on a financial institution’s networks, systems, or on customers’ personal identities or private information. They are automated scripts that computer-generate and attempt fraudulent transactions on tens of millions of possible card number profiles in quick succession.
Since 2019, BIN attacks have become the fastest growing type of payment card fraud, because they are automated and do not require skimmed or stolen card information or any information about banks or customers to be effective. No bank, credit union, or their customers are immune to experiencing them. This fraud can be effective without the scammers knowing bank and customer details thanks to sophisticated software and fast computers that automatically generate millions of possible card profiles by exploiting the numeric system with which payment cards have been issued for decades.
The bank and your personal information are not compromised in any way as a result of this type of fraud. However, your payment card may need to be replaced if you have a fraudulent transaction post to your account. A portion of affected cardholders may experience multiple card re-issues in a short time. This is unavoidable due to the nature of this type fraud, but our practice of proactively monitoring, notifying, and reissuing affected cards is still the best way to protect your account.
We understand how disruptive it is to our cardholding customers when they experience fraud and apologize to all who have been affected. Please be assured that we have been diligently monitoring these events and are adjusting our strategies in real time. We’ve implemented additional controls over the past weeks to enhance detection and prevention. We’ve also been working closely with our card issuing and fraud monitoring partners to minimize the impact to our customers as much as possible.
As always, we at HHSB are here to help you through the process of reporting and reimbursing any fraudulent charges and related fees. We appreciate your patience while we ensure every customer is served, which can take a little longer than usual during these events. To report potential fraud on your account at any time, message us in HHSB Digital Banking or call us at 765-364-0784 and we will help you as quickly as possible.
Thank you for your continued business, patience, and understanding.
More information about BIN attacks:
A BIN attack is carried out by a fraudster who takes the first six digits of a card, also known as the Bank Identification Number (BIN), and uses software to generate the remaining numbers, CCVs, and expiration dates that fall within that BIN until they find valid combinations that can successfully make fraudulent purchases. This software can generate and test thousands of card profiles per minute. The small percentage of working card details that result from this effort are then sold to other fraudsters for later use or used immediately to defraud the cardholder of funds. They use weakly secured or compromised online merchants who do not require CVVs, ZIP codes, or other verifying details to make fraudulent transactions. As a result, individual banks and credit unions can experience larger waves of fraud, because the software focuses on generating millions of possible card profiles in one card BIN at a time before moving on to the next one.