BIN Attacks: The Tiny Charges That Can Lead to Big Trouble
Keisha noticed two strange charges in her banking app: one for US1.00 labelled “TEST” and another for US0.50 labelled “VERIFY.” She immediately got concerned!
What’s happening to Keisha?
Keisha was getting caught in a BIN ATTACK.
Some scammers “guess” card numbers using the first few digits, called the BIN. They then try tiny, almost unnoticeable payments to see if the card works. If it does, they go in for bigger purchases. Here’s how to spot this type of fraud and how to stop it.
What Is a BIN?
The BIN, or Bank Identification Number, is the first 6–8 digits of your credit or debit card number. It’s like a secret code that identifies your bank and the type of card you have. While the BIN isn’t a secret, scammers use it as a starting point to guess the rest of your card number.
What Is a BIN Attack?
In a BIN attack, fraudsters use computers to generate and test thousands of full card numbers. They then try to make very small charges – like a few cents or a couple of dollars – to see if the card is real and active.
Think of it like this: a thief is trying to break into a house. Instead of immediately smashing a window, they gently push on the front door to see if it’s unlocked. If it opens, they know the coast is clear and can then break in.
It’s the same with a BIN attack: once the tiny charge works, they’ll either make a much larger purchase or sell your card details on the dark web.
Why Jamaicans Should Care
Fraud is a global issue, but it’s particularly important for us to be aware of here in Jamaica.
- More and more of us are shopping and subscribing to services online. These are easy places for tiny charges to hide
- Small US-dollar charges can be easy to miss until your bank statement arrives.
- The Bank of Jamaica has noted a surge in internet banking fraud since 2020.
- Jamaican financial institutions have publicly confirmed BIN attacks, and local media
outlets report that these attacks are on the rise across the region.
Signs to Look For
- Here’s what you should watch out for in your banking app and or mobile wallet:
- Small charges you don’t recognize, often between US0.01– US2.00.
- One-time password (OTP) texts arriving on your phone when you haven’t tried to make a purchase.
- Notifications from your bank about declined payments that you didn’t initiate.
- Messages about a new phone or wallet, like Apple Pay or Google Pay, being added to your card.
If You See Something Strange, Do This Immediately
Don’t ignore a tiny mystery charge. Treat it as a red flag and act fast.
- Lock your card using your bank’s app or mobile wallet or call your bank to have it blocked.
- Report the charges and replace your card.
- Dispute any payments you didn’t make. Keep a record of the dates, amounts, and any business names.
- Change your passwords for any online shopping sites where your card details might be saved.
- Check your banking app or mobile wallet weekly for the next few months—fraud often comes in waves.
Easy Ways to Protect Yourself
Being proactive is the best defence.
- Turn on alerts in your banking app for every card payment.
- Monitor your mobile wallet or banking app
- Use a virtual card or a low-limit card for online shopping.
- Don’t save your card on every website.
- Keep your phone and apps updated and use strong, unique passwords.
A Real-Life Example
So back to Keisha. As we shared earlier, Keisha noticed two strange charges on her banking app: one for US1.00 labelled “TEST” and another for US0.50 labelled “VERIFY.”
She immediately locked her card through her bank’s app, called the bank to report the charges, and requested a new card. Because she acted quickly, the scammers were stopped before they could make a big purchase.
Don’t wait until it’s too late. Be like Keisha! Scan Regularly and Act Quickly.
A regular quick scan of your banking app can save you a lot of stress and money.