Cyber-security experts have warned that hackers are using online stores to test out stolen credit cards and make fraudulent transactions in what's called a bin attack. More than half a billion dollars was lost to card fraud in Australia last year and it's costing both customers and businesses.
Category
📺
TVTranscript
00:00 This Melbourne wholesaler did pretty good business online.
00:06 We supply probably 98% of Australia of all the binder screws.
00:12 But when the company received a bill from the Commonwealth Bank for thousands of declined
00:16 transactions on its e-commerce store, John Perpiccio knew something was wrong.
00:21 It ended up being something like nearly 17,000 transactions, which we wouldn't do in five
00:26 years worth of business.
00:27 The transactions meant the small business was slugged with banking fees.
00:32 Transaction fees and chargeback fees close to 7,000.
00:37 And then the call started, from strangers who'd been fraudulently billed and saw the
00:41 business listed on their transactions.
00:43 I did not use the card at all, not once.
00:46 It never left my wallet.
00:48 It's called a bin attack, where fraudsters take the first six digits of a credit card,
00:53 the bank identification number, then use trial and error to guess working combinations of
00:57 card numbers, expiration dates and card security codes.
01:02 Once they've found the right combination, the cards are tested to see if they're active
01:05 through small transactions on online stores, before the card numbers are either sold or
01:10 used for larger fraudulent transactions.
01:13 16 digits might sound like a lot, but once you take off the bank identification number,
01:17 you're left with 10.
01:18 And then those 10 have to adhere to a pattern, so you're left with a smaller number of different
01:22 possibilities.
01:24 And then you have machines that can automate at a very, very fast speed.
01:27 Ten numbers really isn't very much for computers to keep guessing.
01:30 One Commonwealth Bank customer told the ABC he ultimately lost more than $7,000 as part
01:36 of the same attack.
01:37 The cardholders and John's business have since been reimbursed by the bank.
01:42 The banks are very much the victims of these crimes as well.
01:45 Last year, card protection fraud in Australia totaled $577 million.
01:50 Merchants are recommended to use card payment processes with strong fraud protection, while
01:55 cardholders have been warned to keep an eye out for small, suspicious transactions.
02:00 When we try to make it easy for consumers to just enter cards and have products purchased
02:04 and delivered, it also makes it easy for hackers to do the same thing.
02:08 That's of little comfort for some.
02:09 It's left me much, much more circumspect about the security of the banking system.
02:14 [BLANK_AUDIO]