Card fraud is on the rise. As sophisticated fraudsters continue to find new and creative ways to attack unsuspecting account holders, it’s more important than ever to protect your financial institution and cardholders from potential losses. One of the newer forms of fraud that is increasingly on the rise is called enumeration attacks.
Enumeration attacks are mass assaults on your financial institution’s card prefix, or BIN. Fraudsters use robots to send through a large number of transaction attempts using your BIN, with robots guessing at the remainder of the values, including full card number, expiration date, and CVV2. The robots continue to send attempted transactions until they get a hit on the right combination of card values. To facilitate the attacks, fraudsters use synthetic credentials to set up fake ecommerce websites to process the transactions, or they may target valid ecommerce merchant websites that lack security controls.
How it Works:
- Fraudster obtains good card number
- Ecommerce website hijacked
- Bots initiate transactions to guess valid card elements
- Low dollar transactions test for valid cards
- Financial institutions see large increase in denials across card base
- Cards are used in account takeovers or sold on dark web
RESULT: Financial institution experiences substantial losses and reputational damage.
Unfortunately, these are not isolated incidents. Looking at the numbers shows just how rampant enumeration fraud has become. According to Visa,
- 270 institutions per day are facing enumeration attacks
- 4 million enumerated transactions are identified daily
- 700 merchants involved in enumeration attacks daily
It may seem daunting for a financial institution to protect itself and its cardholders from these attacks and potential loss. However, fraudsters are not the only ones who have upped their game. “When a financial institution is hit by fraud, they can experience not only monetary losses, but also reputational damage. That’s why it’s vital to add additional layers of protection with advanced fraud tools like Defender to battle today’s sophisticated fraudsters” says Ryan Hatch, risk manager for TransFund. Through comprehensive solutions involving analysts, detection tools, cardholder communications, artificial intelligence and more, your institution can put safeguards in place to reduce your risk of enumeration fraud.
Investing in the right tools to fight fraud can mean the difference in significant dollar amounts to an institution’s bottom line and reputation. Whether you’re just beginning to understand the risks of fraud or looking to implement more advanced solutions to your existing program, it’s important to stay vigilant and aware of the newest solutions available. If you’d like to learn more about the powerful fraud solutions available at TransFund, you can email marketing@transfund.com for a free analysis of your risks and the solutions that can help.