BIN (Bank Identification Number) and it’s alleged role in cyber fraud today.


What is a BIN? 

Bank Identification Number or BIN is the first 4–8-digits on any payment card. You can’t only identify the card issuer through BIN but the type of card and it’s features as provided by the financial institution. They are found on all kinds of payment cards such as credit cards, debit cards, prepaid cards, gift cards and so on.  

Why do financial institutions issue BIN for the payment cards? 

BIN is supposed to be an identifier for banks and financial institutions to help identify and stop the credit card fraud as well as help payment gateway merchants to accept multiple payments and help banks or financial institutions have organized system of cards as well as process payments faster. 

How does BIN work? 

This numbering system was developed by American National Standards Institute also known as ANSI and International Standards Organisation popularly known as ISO to help facilitate banks and financial institutions help identify payment cards issued by them. It’s not for the consumers using the payment cards but it’s important that they should know what it is. 

This is a set of first 4-8 digits out of 8-19 digits embossed on a payment card which is used to identify the issuing financial institution or bank by payment processors as well as other important card details. The first digit of BIN is identifier of the industry of the payment card.  

For Example: American Express cards start from 3, Visa cards start from 4, Mastercard starts from 5, Discover or Diners Club starts from 6 and so on. 

The BIN is assigned to every payment card according to industry it belongs to. These Payment Cards can be Credit Cards, Debit Cards, Prepaid Cards, Gift Cards, Charge Cards and so on. The numbers in BIN that follow the very first digit which is a basic industry identifier are used to identify the issuing financial institutions. 

When a customer enters the card details during an eCommerce purchase online on the payment page, The merchant or online retailer can identify the financial institution or bank which issued the card from the first 4-8 digits immediately. They can also identify the card type and level of the card as well as the country of issuing financial institution using your BIN. 

What happens after you click on the pay button on payment page? 

After you click on the payment button upon entering card details, card issuing financial institution receives an authorization request for the said amount to verify if the payment details are valid or not. They also verify your card and account with the bank if the amount you tried to pay for using the payment card is available in your bank account or not.  

Once everything matches, payment goes through, bank allows the merchant to deduct the payment and the amount is credited in account of payment gateway provider’s bank account. This amount is then held up for several days after you made the payment until the merchant ships or does the work you paid them for in case of unverified or new merchants. Once the payment gateway becomes acquired with the reputation of the merchant, they can release the payment same day the payment was made by the cardholder.  

Special Note: Primary use of BIN is to help merchant identify the financial institution that issued the payment card but in other cases they also use it to verify the address of the issuing bank and its country of origin. It also helps them match if the bank belongs to the same country of the merchant in case merchant only accepts domestic payments. Most importantly banks and payment providers as well as merchants can immediately blacklist a particular BIN if there’s a credit card data leak and carders are using the card of that BIN and facilities provided by the financial institution to that card to make unauthorized payments to the online merchants. 

How do cyber frauds commit fraud using a BIN? 

As it is explained above, BIN helps identify payment gateways and merchants identify the card type, issuer bank, it’s country of origin as well as card type, level, industry and so much more. This information is available publicly therefore frauds use this information to their advantage as well. 

Now this BIN itself is not dangerous, but the information it provides and the ways in which it can be used is definitely dangerous if a person with bad intentions and proper knowledge of marketplaces of the confidential credit card data as well as inner workings of online payment services gets their hands on it. 

They get the data from underground credit card marketplaces also known as Credit Card shops or CC Shops in their lingo. Sometimes they also get their data from credit card spammers (CC Spammers) who can be an individual or team of individuals doing something known as credit card spamming or again in short CC spamming.  Also, there is something called Credit Card generator (CC Generator) which they use in some cases.  

Once they identify the BIN in financial card data that’ll allow them to make unauthorized payments online on a certain merchant or payment gateway, they either try to purchase the credit card data of that particular BIN from CC Shops as mentioned earlier or start trying to generate credit card data from CC Generator.  

Since the data that comes out of CC Generator is basically randomly generated numbers if you can specify the BIN or both BIN and Validity of the credit card data that you want to generate, it’s mostly invalid and doesn’t work at all. In some cases, or merchants such as Google ads or Facebook ads which provide threshold amounts for their customers, frauds can attach these generated cards of certain BIN which can manipulate the payment systems of these merchants till, they try to charge the card after their services have been used to a certain limit and fail because the card does not exist at all.  

In case they have purchased the data from a credit card spammer or CC Shop, it’s very possible that they won’t just stick to running ads on Facebook or Google or any other online platform that provides threshold amount for their customers but they’ll try carding other websites as well. The preventive measures we have suggested in our other article in case you have become a victim of such fraud work very well if you follow them. 

Final Word 

  • BIN isn’t dangerous itself because it’s just a string of digits which helps financial institutions identify payment cards. 
  • BIN is unique for a specific category, class and level for certain group of cards issued by a financial institution to certain individuals according to the service they’re opting through that financial institution. 
  • The information obtained through BIN of a card is used by a financial institution to identify and process online payments faster. 
  • Credit Card Frauds can be prevented if you follow certain practices. 

Leave A Reply

Please enter your comment!
Please enter your name here