When John Papiccio, the general manager of a Melbourne-based wholesaler, received a monthly bill from the Commonwealth Bank for 13,500 declined e-commerce transactions, he initially dismissed it as a clerical error.

However, when the company started receiving calls from strangers who had been billed, it became clear that something was amiss.

'We had people contact us saying, “Hey, we've had a transaction from you taken out of our card, and we don't know who you are,”' Mr Papiccio said.

'We've never dealt with you—what are you, and what's the transaction?'

Between April and May this year, almost 17,000 fraudulent transactions were attempted through the small business's e-commerce site.

Cybercriminals are using small businesses to test if a person’s card is active before engaging in more fraudulent activities. Image: Pexels

This was more transactions than the company would typically see in five years. The culprits? Cybercriminals testing stolen credit card numbers using a practice known in the banking industry as a BIN attack.

Understanding BIN Attacks: A Hidden Threat to Small Businesses

BIN attacks involve fraudsters taking the first six digits of a card, known as the Bank Identification Number (BIN), and using trial and error to guess valid combinations of card numbers, expiration dates, and card security codes.

The card is then tested if it's active through small purchases in online stores, before the criminals either sell the card number or use it for large fraudulent transactions.

Among those who contacted the Melbourne business after seeing the unusual transactions are Commonwealth Bank customers Bob Barrow and John Goodall.

The same transactions amounting to $23.21 have been processed through the company’s online shop and have reflected in both their accounts through their Commonwealth Bank travel cards.

'I had never used the card at all. Not once,' Mr Barrow said.

'I didn't do any withdrawals, I didn't do any transactions. The card had never left my wallet.'

However, while Mr Barrow had only loaded $50 onto his travel card, Mr Goodall ended up losing more than $7,000 through dozens of transactions at various retailers.

Both men were ultimately reimbursed by the Commonwealth Bank, but the experience left them with serious reservations about card security.

'I feel really, really insecure now with any kind of card at all,' Mr Goodall said.

The Reality of Credit Card Security

Cybersecurity expert Troy Hunt explained that card numbers are actually not random or infinite, making cybercriminals guessing the numbers a possible scenario.

'Sixteen digits might sound like a lot, but once you take off the bank identification number, you're left with 10—and then those 10 have to adhere to a pattern, so you're left with a smaller number of different possibilities,' Mr Hunt said.

'You then have machines that can automate at a very, very fast speed. Ten numbers really isn't very much for computers to keep guessing.'

The Impact on Small Businesses

The wholesaler company also suffered financial difficulties, according to Mr Papiccio's employer. The small business was forced to shut down its e-commerce store to prevent further online fraud costing them more than $20,000 in sales.

The business was also required to pay the Commonwealth Bank $4,750 in transaction fees at $0.28 per transaction, plus an additional $1,275 in chargeback fees despite not being involved in the fraudulent activity.

However, the bank has been helpful enough to refund the company of the loss.

'Fraud detection requires multiple lines of defence,' a Commonwealth Bank spokesperson said.

'This includes fraud monitoring through banks and payment processors as well as business owners employing their own precautions, including installing fraud protection tools.'

Mr Hunt said BIN attacks could also cause damage to the merchants’ reputation and put them at risk of losing their ability to process cards if too many fraudulent transactions are seen on their e-commerce sites.

He advised businesses to use payment processors with strong fraud detection on their online stores like Stripe and Square to protect themselves against cybercriminals.

'The attacks are getting more and more sophisticated because there's so much more value for the attackers in having a large number of cards that they can resell,' Mr Hunt said.

'Every time we get a little bit better at making the defences better, the attackers normally either go and find another piece of low-hanging fruit somewhere, or they find a way around those defences.'

Mr Hunt also advises cardholders to monitor for any suspicious, small transactions and report any fraudulent activity immediately.

'We're always going to have this challenge,' he said.

'When we try to make it easy for consumers to enter cards and have products purchased and delivered, it also makes it easy for hackers to do the same thing.'

Protecting Your Business and Customers from BIN Attacks

As a small business owner, it's crucial to understand the risks associated with online transactions and take proactive steps to protect your business and customers.

Here are some strategies to consider:

1. Use a Secure Payment Processor: Choose a payment processor with good fraud detection capabilities and offer advanced security features that can help protect your business from fraudulent transactions.

2. Monitor Transactions: Keep a close eye on your transactions. If you notice a sudden increase in declined transactions or small purchases, it could be a sign that your business is being targeted by cybercriminals.

3. Educate Your Customers: Inform your customers about the risks of online fraud and encourage them to monitor their bank statements regularly. If they notice any suspicious transactions, they should report them to their bank immediately.

4. Install Fraud Protection Tools: Consider investing in fraud protection tools that can help detect and prevent fraudulent transactions. These tools can provide an additional layer of security for your business.

5. Regularly Update Your Security Measures: Cybercriminals are constantly evolving their tactics, so it's important to regularly update your security measures to stay one step ahead.

While it's impossible to completely eliminate the risk of online fraud, taking these steps can significantly reduce your business's vulnerability to BIN attacks and other forms of cybercrime.

Key Takeaways

• A Melbourne wholesaler experienced 17,000 fraudulent transactions on its e-commerce site within two months, in what the banking industry refers to as a BIN attack.
• Criminals use a brute-force method to guess credit card numbers, test them through small online purchases, and then either sell the card number or use it for larger fraudulent transactions.
• Customers who were victims of the scam, along with the affected business, are calling for tighter banking security and prompt responses from banks.
• Cybersecurity expert Troy Hunt says businesses should use payment processors with strong fraud detection, and consumers should keep an eye out for suspicious, small transactions, reporting any fraudulent activity promptly.

Have you or your business ever experienced a BIN attack? Share your experiences and any preventative measures you've taken in the comments below.

 

[Robbo3006]

When John Papiccio, the general manager of a Melbourne-based wholesaler, received a monthly bill from the Commonwealth Bank for 13,500 declined e-commerce transactions, he initially dismissed it as a clerical error.

However, when the company started receiving calls from strangers who had been billed, it became clear that something was amiss.

'We had people contact us saying, “Hey, we've had a transaction from you taken out of our card, and we don't know who you are,”' Mr Papiccio said.

'We've never dealt with you—what are you, and what's the transaction?'

Between April and May this year, almost 17,000 fraudulent transactions were attempted through the small business's e-commerce site.

View attachment 37518

Cybercriminals are using small businesses to test if a person’s card is active before engaging in more fraudulent activities. Image: Pexels

This was more transactions than the company would typically see in five years. The culprits? Cybercriminals testing stolen credit card numbers using a practice known in the banking industry as a BIN attack.

Understanding BIN Attacks: A Hidden Threat to Small Businesses

BIN attacks involve fraudsters taking the first six digits of a card, known as the Bank Identification Number (BIN), and using trial and error to guess valid combinations of card numbers, expiration dates, and card security codes.

The card is then tested if it's active through small purchases in online stores, before the criminals either sell the card number or use it for large fraudulent transactions.

Among those who contacted the Melbourne business after seeing the unusual transactions are Commonwealth Bank customers Bob Barrow and John Goodall.

The same transactions amounting to $23.21 have been processed through the company’s online shop and have reflected in both their accounts through their Commonwealth Bank travel cards.

'I had never used the card at all. Not once,' Mr Barrow said.

'I didn't do any withdrawals, I didn't do any transactions. The card had never left my wallet.'

However, while Mr Barrow had only loaded $50 onto his travel card, Mr Goodall ended up losing more than $7,000 through dozens of transactions at various retailers.

Both men were ultimately reimbursed by the Commonwealth Bank, but the experience left them with serious reservations about card security.

'I feel really, really insecure now with any kind of card at all,' Mr Goodall said.

The Reality of Credit Card Security

Cybersecurity expert Troy Hunt explained that card numbers are actually not random or infinite, making cybercriminals guessing the numbers a possible scenario.

'Sixteen digits might sound like a lot, but once you take off the bank identification number, you're left with 10—and then those 10 have to adhere to a pattern, so you're left with a smaller number of different possibilities,' Mr Hunt said.

'You then have machines that can automate at a very, very fast speed. Ten numbers really isn't very much for computers to keep guessing.'

The Impact on Small Businesses

The wholesaler company also suffered financial difficulties, according to Mr Papiccio's employer. The small business was forced to shut down its e-commerce store to prevent further online fraud costing them more than $20,000 in sales.

The business was also required to pay the Commonwealth Bank $4,750 in transaction fees at $0.28 per transaction, plus an additional $1,275 in chargeback fees despite not being involved in the fraudulent activity.

However, the bank has been helpful enough to refund the company of the loss.

'Fraud detection requires multiple lines of defence,' a Commonwealth Bank spokesperson said.

'This includes fraud monitoring through banks and payment processors as well as business owners employing their own precautions, including installing fraud protection tools.'

Mr Hunt said BIN attacks could also cause damage to the merchants’ reputation and put them at risk of losing their ability to process cards if too many fraudulent transactions are seen on their e-commerce sites.

He advised businesses to use payment processors with strong fraud detection on their online stores like Stripe and Square to protect themselves against cybercriminals.

'The attacks are getting more and more sophisticated because there's so much more value for the attackers in having a large number of cards that they can resell,' Mr Hunt said.

'Every time we get a little bit better at making the defences better, the attackers normally either go and find another piece of low-hanging fruit somewhere, or they find a way around those defences.'

Mr Hunt also advises cardholders to monitor for any suspicious, small transactions and report any fraudulent activity immediately.

'We're always going to have this challenge,' he said.

'When we try to make it easy for consumers to enter cards and have products purchased and delivered, it also makes it easy for hackers to do the same thing.'

Protecting Your Business and Customers from BIN Attacks

As a small business owner, it's crucial to understand the risks associated with online transactions and take proactive steps to protect your business and customers.

Here are some strategies to consider:

1. Use a Secure Payment Processor: Choose a payment processor with good fraud detection capabilities and offer advanced security features that can help protect your business from fraudulent transactions.

2. Monitor Transactions: Keep a close eye on your transactions. If you notice a sudden increase in declined transactions or small purchases, it could be a sign that your business is being targeted by cybercriminals.

3. Educate Your Customers: Inform your customers about the risks of online fraud and encourage them to monitor their bank statements regularly. If they notice any suspicious transactions, they should report them to their bank immediately.

4. Install Fraud Protection Tools: Consider investing in fraud protection tools that can help detect and prevent fraudulent transactions. These tools can provide an additional layer of security for your business.

5. Regularly Update Your Security Measures: Cybercriminals are constantly evolving their tactics, so it's important to regularly update your security measures to stay one step ahead.

While it's impossible to completely eliminate the risk of online fraud, taking these steps can significantly reduce your business's vulnerability to BIN attacks and other forms of cybercrime.

Key Takeaways

• A Melbourne wholesaler experienced 17,000 fraudulent transactions on its e-commerce site within two months, in what the banking industry refers to as a BIN attack.
• Criminals use a brute-force method to guess credit card numbers, test them through small online purchases, and then either sell the card number or use it for larger fraudulent transactions.
• Customers who were victims of the scam, along with the affected business, are calling for tighter banking security and prompt responses from banks.
• Cybersecurity expert Troy Hunt says businesses should use payment processors with strong fraud detection, and consumers should keep an eye out for suspicious, small transactions, reporting any fraudulent activity promptly.

Have you or your business ever experienced a BIN attack? Share your experiences and any preventative measures you've taken in the comments below.

Not rough being done to stop credit card fraud.

 

[Macarj]

I still don't understand why Governments around the world can't get on top of these scammers there are individuals who can do more to exposing these scammers than Governments

 

[Mrtnst]

I still don't understand why Governments around the world can't get on top of these scammers there are individuals who can do more to exposing these scammers than Governments

Knowing the way governments work, they are probably getting tax revenue from every transaction, including the fraudulent ones.

Certainly there are some governments that actively sponsor cyber crime, it's one of the major sources of income and employment in some places.

 

[Squizzy1]

When John Papiccio, the general manager of a Melbourne-based wholesaler, received a monthly bill from the Commonwealth Bank for 13,500 declined e-commerce transactions, he initially dismissed it as a clerical error.

However, when the company started receiving calls from strangers who had been billed, it became clear that something was amiss.

'We had people contact us saying, “Hey, we've had a transaction from you taken out of our card, and we don't know who you are,”' Mr Papiccio said.

'We've never dealt with you—what are you, and what's the transaction?'

Between April and May this year, almost 17,000 fraudulent transactions were attempted through the small business's e-commerce site.

View attachment 37518

Cybercriminals are using small businesses to test if a person’s card is active before engaging in more fraudulent activities. Image: Pexels

This was more transactions than the company would typically see in five years. The culprits? Cybercriminals testing stolen credit card numbers using a practice known in the banking industry as a BIN attack.

Understanding BIN Attacks: A Hidden Threat to Small Businesses

BIN attacks involve fraudsters taking the first six digits of a card, known as the Bank Identification Number (BIN), and using trial and error to guess valid combinations of card numbers, expiration dates, and card security codes.

The card is then tested if it's active through small purchases in online stores, before the criminals either sell the card number or use it for large fraudulent transactions.

Among those who contacted the Melbourne business after seeing the unusual transactions are Commonwealth Bank customers Bob Barrow and John Goodall.

The same transactions amounting to $23.21 have been processed through the company’s online shop and have reflected in both their accounts through their Commonwealth Bank travel cards.

'I had never used the card at all. Not once,' Mr Barrow said.

'I didn't do any withdrawals, I didn't do any transactions. The card had never left my wallet.'

However, while Mr Barrow had only loaded $50 onto his travel card, Mr Goodall ended up losing more than $7,000 through dozens of transactions at various retailers.

Both men were ultimately reimbursed by the Commonwealth Bank, but the experience left them with serious reservations about card security.

'I feel really, really insecure now with any kind of card at all,' Mr Goodall said.

The Reality of Credit Card Security

Cybersecurity expert Troy Hunt explained that card numbers are actually not random or infinite, making cybercriminals guessing the numbers a possible scenario.

'Sixteen digits might sound like a lot, but once you take off the bank identification number, you're left with 10—and then those 10 have to adhere to a pattern, so you're left with a smaller number of different possibilities,' Mr Hunt said.

'You then have machines that can automate at a very, very fast speed. Ten numbers really isn't very much for computers to keep guessing.'

The Impact on Small Businesses

The wholesaler company also suffered financial difficulties, according to Mr Papiccio's employer. The small business was forced to shut down its e-commerce store to prevent further online fraud costing them more than $20,000 in sales.

The business was also required to pay the Commonwealth Bank $4,750 in transaction fees at $0.28 per transaction, plus an additional $1,275 in chargeback fees despite not being involved in the fraudulent activity.

However, the bank has been helpful enough to refund the company of the loss.

'Fraud detection requires multiple lines of defence,' a Commonwealth Bank spokesperson said.

'This includes fraud monitoring through banks and payment processors as well as business owners employing their own precautions, including installing fraud protection tools.'

Mr Hunt said BIN attacks could also cause damage to the merchants’ reputation and put them at risk of losing their ability to process cards if too many fraudulent transactions are seen on their e-commerce sites.

He advised businesses to use payment processors with strong fraud detection on their online stores like Stripe and Square to protect themselves against cybercriminals.

'The attacks are getting more and more sophisticated because there's so much more value for the attackers in having a large number of cards that they can resell,' Mr Hunt said.

'Every time we get a little bit better at making the defences better, the attackers normally either go and find another piece of low-hanging fruit somewhere, or they find a way around those defences.'

Mr Hunt also advises cardholders to monitor for any suspicious, small transactions and report any fraudulent activity immediately.

'We're always going to have this challenge,' he said.

'When we try to make it easy for consumers to enter cards and have products purchased and delivered, it also makes it easy for hackers to do the same thing.'

Protecting Your Business and Customers from BIN Attacks

As a small business owner, it's crucial to understand the risks associated with online transactions and take proactive steps to protect your business and customers.

Here are some strategies to consider:

1. Use a Secure Payment Processor: Choose a payment processor with good fraud detection capabilities and offer advanced security features that can help protect your business from fraudulent transactions.

2. Monitor Transactions: Keep a close eye on your transactions. If you notice a sudden increase in declined transactions or small purchases, it could be a sign that your business is being targeted by cybercriminals.

3. Educate Your Customers: Inform your customers about the risks of online fraud and encourage them to monitor their bank statements regularly. If they notice any suspicious transactions, they should report them to their bank immediately.

4. Install Fraud Protection Tools: Consider investing in fraud protection tools that can help detect and prevent fraudulent transactions. These tools can provide an additional layer of security for your business.

5. Regularly Update Your Security Measures: Cybercriminals are constantly evolving their tactics, so it's important to regularly update your security measures to stay one step ahead.

While it's impossible to completely eliminate the risk of online fraud, taking these steps can significantly reduce your business's vulnerability to BIN attacks and other forms of cybercrime.

Key Takeaways

• A Melbourne wholesaler experienced 17,000 fraudulent transactions on its e-commerce site within two months, in what the banking industry refers to as a BIN attack.
• Criminals use a brute-force method to guess credit card numbers, test them through small online purchases, and then either sell the card number or use it for larger fraudulent transactions.
• Customers who were victims of the scam, along with the affected business, are calling for tighter banking security and prompt responses from banks.
• Cybersecurity expert Troy Hunt says businesses should use payment processors with strong fraud detection, and consumers should keep an eye out for suspicious, small transactions, reporting any fraudulent activity promptly.

Have you or your business ever experienced a BIN attack? Share your experiences and any preventative measures you've taken in the comments below.

Of course, it's everybody's responsibility to protect themselves from this flawed banking industry sponsored transaction system, and if you falter, too bad, because the banks had to make it easy for consumers to use, it's not their fault.

 

[Annna]

Banks are responsible for the drive toward cashless, online transactions.

They are the organisations forcing customers to use tech/cashless methods over several decades.

Banks have the absolute duty to introduce mechanisms that will thwart the theft of money from accounts like the BIN Attacks discussed above.

OK Banks, you've achieved your goal. Now keep our money safe.

 

[midgemills]

Keep using your cash everyone. I do markets and car boot sales and will only do cash.

 

[Pommyoz]

CASH IS SAFE.

 

[Leenie]

CASH IS SAFE.

Last week the RBA governor mentioned that business will start charging you to use cash ,it was on news. This can’t be allowed to happen. Another way to stop us using cash.

 

[Annna]

Keep using your cash everyone. I do markets and car boot sales and will only do cash.

They're going to keep bringing in ways to get rid of it.

 

[Luckyus]

When John Papiccio, the general manager of a Melbourne-based wholesaler, received a monthly bill from the Commonwealth Bank for 13,500 declined e-commerce transactions, he initially dismissed it as a clerical error.

However, when the company started receiving calls from strangers who had been billed, it became clear that something was amiss.

'We had people contact us saying, “Hey, we've had a transaction from you taken out of our card, and we don't know who you are,”' Mr Papiccio said.

'We've never dealt with you—what are you, and what's the transaction?'

Between April and May this year, almost 17,000 fraudulent transactions were attempted through the small business's e-commerce site.

View attachment 37518

Cybercriminals are using small businesses to test if a person’s card is active before engaging in more fraudulent activities. Image: Pexels

This was more transactions than the company would typically see in five years. The culprits? Cybercriminals testing stolen credit card numbers using a practice known in the banking industry as a BIN attack.

Understanding BIN Attacks: A Hidden Threat to Small Businesses

BIN attacks involve fraudsters taking the first six digits of a card, known as the Bank Identification Number (BIN), and using trial and error to guess valid combinations of card numbers, expiration dates, and card security codes.

The card is then tested if it's active through small purchases in online stores, before the criminals either sell the card number or use it for large fraudulent transactions.

Among those who contacted the Melbourne business after seeing the unusual transactions are Commonwealth Bank customers Bob Barrow and John Goodall.

The same transactions amounting to $23.21 have been processed through the company’s online shop and have reflected in both their accounts through their Commonwealth Bank travel cards.

'I had never used the card at all. Not once,' Mr Barrow said.

'I didn't do any withdrawals, I didn't do any transactions. The card had never left my wallet.'

However, while Mr Barrow had only loaded $50 onto his travel card, Mr Goodall ended up losing more than $7,000 through dozens of transactions at various retailers.

Both men were ultimately reimbursed by the Commonwealth Bank, but the experience left them with serious reservations about card security.

'I feel really, really insecure now with any kind of card at all,' Mr Goodall said.

The Reality of Credit Card Security

Cybersecurity expert Troy Hunt explained that card numbers are actually not random or infinite, making cybercriminals guessing the numbers a possible scenario.

'Sixteen digits might sound like a lot, but once you take off the bank identification number, you're left with 10—and then those 10 have to adhere to a pattern, so you're left with a smaller number of different possibilities,' Mr Hunt said.

'You then have machines that can automate at a very, very fast speed. Ten numbers really isn't very much for computers to keep guessing.'

The Impact on Small Businesses

The wholesaler company also suffered financial difficulties, according to Mr Papiccio's employer. The small business was forced to shut down its e-commerce store to prevent further online fraud costing them more than $20,000 in sales.

The business was also required to pay the Commonwealth Bank $4,750 in transaction fees at $0.28 per transaction, plus an additional $1,275 in chargeback fees despite not being involved in the fraudulent activity.

However, the bank has been helpful enough to refund the company of the loss.

'Fraud detection requires multiple lines of defence,' a Commonwealth Bank spokesperson said.

'This includes fraud monitoring through banks and payment processors as well as business owners employing their own precautions, including installing fraud protection tools.'

Mr Hunt said BIN attacks could also cause damage to the merchants’ reputation and put them at risk of losing their ability to process cards if too many fraudulent transactions are seen on their e-commerce sites.

He advised businesses to use payment processors with strong fraud detection on their online stores like Stripe and Square to protect themselves against cybercriminals.

'The attacks are getting more and more sophisticated because there's so much more value for the attackers in having a large number of cards that they can resell,' Mr Hunt said.

'Every time we get a little bit better at making the defences better, the attackers normally either go and find another piece of low-hanging fruit somewhere, or they find a way around those defences.'

Mr Hunt also advises cardholders to monitor for any suspicious, small transactions and report any fraudulent activity immediately.

'We're always going to have this challenge,' he said.

'When we try to make it easy for consumers to enter cards and have products purchased and delivered, it also makes it easy for hackers to do the same thing.'

Protecting Your Business and Customers from BIN Attacks

As a small business owner, it's crucial to understand the risks associated with online transactions and take proactive steps to protect your business and customers.

Here are some strategies to consider:

1. Use a Secure Payment Processor: Choose a payment processor with good fraud detection capabilities and offer advanced security features that can help protect your business from fraudulent transactions.

2. Monitor Transactions: Keep a close eye on your transactions. If you notice a sudden increase in declined transactions or small purchases, it could be a sign that your business is being targeted by cybercriminals.

3. Educate Your Customers: Inform your customers about the risks of online fraud and encourage them to monitor their bank statements regularly. If they notice any suspicious transactions, they should report them to their bank immediately.

4. Install Fraud Protection Tools: Consider investing in fraud protection tools that can help detect and prevent fraudulent transactions. These tools can provide an additional layer of security for your business.

5. Regularly Update Your Security Measures: Cybercriminals are constantly evolving their tactics, so it's important to regularly update your security measures to stay one step ahead.

While it's impossible to completely eliminate the risk of online fraud, taking these steps can significantly reduce your business's vulnerability to BIN attacks and other forms of cybercrime.

Key Takeaways

• A Melbourne wholesaler experienced 17,000 fraudulent transactions on its e-commerce site within two months, in what the banking industry refers to as a BIN attack.
• Criminals use a brute-force method to guess credit card numbers, test them through small online purchases, and then either sell the card number or use it for larger fraudulent transactions.
• Customers who were victims of the scam, along with the affected business, are calling for tighter banking security and prompt responses from banks.
• Cybersecurity expert Troy Hunt says businesses should use payment processors with strong fraud detection, and consumers should keep an eye out for suspicious, small transactions, reporting any fraudulent activity promptly.

Have you or your business ever experienced a BIN attack? Share your experiences and any preventative measures you've taken in the comments below.

f I can't pay cash for a service then I don't need it it?.

 

[Leenie]

f I can't py cash for a service then I don't need it it?.

I am the same ,if you want my. Business then it’s cash or I go elsewhere

 

[Leenie]

Last week the RBA governor mentioned that business will start charging you to use cash ,it was on news. This can’t be allowed to happen. Another way to stop us using cash.

Last night on sky news Chris Kenny brought this up and said there would be a backlash if business tried to do this. Be prepared this is going to happen ,everyone needs to push back ,we are losing enough of our rights