Some chargeback terms need more explication and analysis than can be provided through a simple definition. One such term is “BIN number”. In this article, we will answer the question of what is a BIN number, explore the purpose of BIN numbers and take a peek at what is BIN attack fraud.
A little bit like ATM machine (automatic teller machine machine) or DC Comics (Detective Comics Comics), BIN number (bank identification number number) is a redundant but oft-used term. Our payment industry glossary offers the following definition: “The bank identification number (BIN) is the first four to six digits on a payment card. They identify the bank or financial institution that issued the card, the issuer's location, and the type of card.”
A payment account number includes a number of identifying numbers within the larger number. The first numeral is the major industry identifier (MII). This identifies the specific category of payment card, with some examples being numeral 1 identifying that it is an airline card, numeral 4 or 5 identifying banking and financial cards, and numeral 7 identifying a gas card. The BIN includes the MII and the following 3-5 numerals. Most of the numerals following the BIN constitute the specific account number.
As can be inferred from the name, the primary purpose of a BIN is to provide identifying information about the issuing bank and payment card account. It allows the various stakeholders in the transaction process to quickly understand what kind of payment card it is and which bank issued it.
As with any other kind of transaction information, BINs provide valuable information for merchants that have a variety of uses. They can allow merchants to confirm the general geographic location of a cardholder based on the country of origin associated with the BIN. This is useful for preventing fraud in card-not-present (CNP) transactions. If the BIN number indicates a different country from the shipping or billing address provided, it may be evidence of fraud.
Another potentially valuable use of BINs is practicing BIN suppression to prevent duplicate alerts. Sometimes, due to the difference in how different alerts providers operate, two chargeback alerts are sent for a single payment dispute. This can result in double refunds and fees or other complications. If a merchant has the proper software and tools, they can prevent this from recurring by setting their alerts system to suppress alerts from certain BINs that are frequently associated with double alerts.
BIN attack fraud is a technique in which a criminal has obtained access to a BIN and uses software to generate the remaining numerals for full card numbers. Fraudsters usually take these fraudulently generated numbers and employ a technique known as card testing, which involves running large numbers of quick transactions to see which numbers are vulnerable to larger fraudulent transactions. This is usually the stage in which merchants can detect BIN attack fraud. In particular, if a merchant notices large amounts of small dollar transactions, many of which are declined by the banks or card brands, coming from BINs from foreign countries or with geographical mismatches between BINs and shipping or IP addresses, that is a strong indicator of BIN attack fraud. Fraud prevention and identity verification tools can help merchants from being used as a part of these schemes.