What is a BIN attack on a credit card? Understanding this type of credit card fraud
Editor's Note
Brian Kelly is a Bilt adviser and investor.
Seeing unauthorized charges on your credit card can be a headache. Removing these charges from your account and getting a replacement card isn't fun, either.
The root cause of why you have unauthorized charges on your credit card can vary, as there are multiple types of credit card fraud.
We've previously seen reports online and received emails from readers with surprise charges on their accounts. In fact, some TPG employees checked their accounts to find surprise charges on their Bilt Mastercard®.
These fraudulent charges are part of what's known as a BIN (bank identification number) attack. But what is that? And is there anything you can do to protect yourself? Let's take a closer look.
The information for the Bilt Mastercard has been collected independently by The Points Guy. The card details on this page have not been reviewed or provided by the card issuer.
Related: How to identify and prevent credit card fraud
What is a BIN attack?
The first six digits of your credit card are the bank identification number. A BIN attack uses brute-force computing to attempt to guess a valid combination of credit card number, expiration date and card verification value, or CVV, number.
While a person can attempt to guess one number at a time, a software program can try thousands of combinations in a matter of seconds. Once it finds a number that works, it can try other (similar) variations and then use those at online merchants — assuming that other cards will have the same initial six digits.
Many of these purchase attempts are blocked without customers seeing any activity on their accounts. However, a spokesperson for Wells Fargo (which issues the Bilt Mastercard) told TPG that purchase "attempts from trusted merchants" have affected some customers.
A statement from Bilt confirmed those unauthorized transactions stemmed from a BIN attack:
We have been made aware of a global fraud ring that has been launching what are called BIN attacks. In short, they use compromised merchants to randomly test millions of potential card numbers to see which ones work, focusing in on one card range at a time. While many of these card attempts get blocked (often invisibly to the customer), occasionally charges make it through. This has been happening across banks and we are aware that a few of Wells Fargo Bilt cardholders have experienced fraudulent charges as part of that.
Which cards does this affect?
From our research, we found that these recent attacks affected more than just the Bilt Mastercard. Ultimately, a BIN attack doesn't care about the type of card you have, nor does it need to get inside a company's software. It's simply trying to find a combination of numbers that will result in a successful transaction. Once it does, the fraudsters hope the affected cardmember won't notice until the fraudsters can make additional purchases or cash withdrawals.
Thus, it doesn't matter what bank issues your credit card or what type of rewards your card earns. BIN attacks also don't require hacking into the bank website or the loyalty program website to succeed.
This reinforces the importance of checking your credit cards regularly for fraudulent charges. This ensures that problems are detected as quickly as possible and prevents further unauthorized transactions.
It's also important to understand who to contact if you do find unauthorized charges on your credit card: the issuing bank. For example, if you detect fraud on your Marriott credit card, you shouldn't call Marriott's customer service team; you should reach out to either Chase or American Express, depending on which company issued your card.
In that same vein, Bilt also isn't a credit card issuer and can't issue a new credit card for you. You need to contact your issuing bank — either Wells Fargo (for those who applied since applications opened to the general public in March 2022) or Evolve (for previous applicants).
How can I protect myself from BIN attacks?
In short, you can't stop computer programs from trying to guess credit card numbers. What you can do, however, is monitor your accounts and guard your personal information to prevent other types of credit card fraud.
If you're worried about someone having your credit card number, you can lock your credit card to prevent any transactions; however, that's not a permanent solution. Some transactions will still go through, including recurring bill payments and refunds — meaning a fraudster could attempt a refund as a means of testing whether your card works. Plus, locking your card doesn't combat the chief problem: that someone else may have your card number.
Thus, it's important to get a new card with a new number if you have unauthorized charges on your account. Call the number on the back of your credit card or use the bank's website — go to the website by typing the address yourself, rather than clicking on links, to avoid phishing scams. Many banks also use email, app, phone and text alerts to verify suspicious charges, and you should make sure you know what these look like to understand which notifications you receive are legitimate.
It's also important to ensure you protect your credit card information by carefully evaluating which websites you grant access to your information and what links you click on, plus using strong passwords to protect your information.
You also should report any suspicious charges on your account. Reporting these quickly ensures you're not held responsible for the charges — yet another reason why you should monitor your credit cards regularly.
Bottom line
Multiple readers contacted TPG to inform us they were affected by fraudulent attacks and unauthorized charges, asking if we knew what happened. This has affected more than just the Bilt Mastercard, unfortunately, so you should check your accounts regularly to watch for fraud. While you can't prevent computer software from trying to guess your credit card number, you can take steps to minimize damage and prevent other problems.
Related: Why a password manager is a critical part of my points and miles strategy
TPG featured card
at American Express's secure site
Terms & restrictions apply. See rates & fees.
| 4X | Earn 4X Membership Rewards® points per dollar spent on purchases at restaurants worldwide, on up to $50,000 in purchases per calendar year, then 1X points for the rest of the year. |
| 4X | Earn 4X Membership Rewards® points per dollar spent at US supermarkets, on up to $25,000 in purchases per calendar year, then 1X points for the rest of the year. |
| 5X | New! Earn 5X Membership Rewards® points on prepaid hotel stays booked through AmexTravel.com or the Amex Travel App. |
| 3X | Earn 3X Membership Rewards® points on flights booked through AmexTravel.com, the Amex Travel App, or purchased directly from airlines. |
| 2X | Earn 2X Membership Rewards® points on prepaid car rentals booked through AmexTravel.com or the Amex Travel App and cruises booked and paid through AmexTravel.com. |
| 1X | Earn 1X Membership Rewards® point per dollar spent on all other eligible purchases. |
Pros
- Valuable dining and food-related credits
- Flexible rewards with airline and hotel transfer partners
- Multiple travel and purchase protections
- No foreign transaction fees
- Access to Amex Offers for additional savings (enrollment required)
Cons
- Not as useful for those living outside the U.S.
- Some may have trouble using Uber and other dining credits
- You may be eligible for as high as 100,000 Membership Rewards® Points after you spend $8,000 in eligible purchases on your new Card in your first 6 months of Card Membership. Welcome offers vary and you may not be eligible for an offer. Apply to know if you’re approved and find out your exact welcome offer amount – all with no credit score impact. If you’re approved and choose to accept the Card, your score may be impacted.
- Earn 4X Membership Rewards® points per dollar spent on purchases at restaurants worldwide, on up to $50,000 in purchases per calendar year, then 1X points for the rest of the year.
- Earn 4X Membership Rewards® points per dollar spent at US supermarkets, on up to $25,000 in purchases per calendar year, then 1X points for the rest of the year.
- New! Earn 5X Membership Rewards® points on prepaid hotel stays booked through AmexTravel.com or the Amex Travel App.
- Earn 3X Membership Rewards® points on flights booked through AmexTravel.com, the Amex Travel App, or purchased directly from airlines.
- Earn 2X Membership Rewards® points on prepaid car rentals booked through AmexTravel.com or the Amex Travel App and cruises booked and paid through AmexTravel.com.
- Earn 1X Membership Rewards® point per dollar spent on all other eligible purchases.
- Pay It® lets you tap in the American Express® App to quickly pay for small purchase amounts throughout the month and still earn rewards the way you usually do. Plan It® gives you the option to split up big purchases into equal monthly payments with a fixed fee. You’ll know upfront exactly how much you’ll pay.
- Updated! $120 Dining Credit: Earn up to a total of $10 in statement credits monthly when you pay with the Gold Card at Grubhub (including Seamless), Buffalo Wild Wings, Five Guys, The Cheesecake Factory, and Wonder. This can be an annual savings of up to $120. Enrollment required.
- $100 Resy Credit: Get up to $100 in statement credits each calendar year at over 10,000 qualifying U.S. Resy restaurants after you pay for eligible purchases with the American Express® Gold Card. That’s up to $50 in statement credits semi-annually. Enrollment required.
- $84 Dunkin' Credit: Earn up to $7 in monthly statement credits after you pay with the American Express® Gold Card at U.S. Dunkin’ locations. Enrollment required.
- $120 Uber Cash on Gold: Enjoy up to $120 in Uber Cash annually with your Gold Card. Just add your Card to your Uber account and you'll get $10 in Uber Cash each month to use on orders and rides in the U.S. when you select an Amex Card for your transaction.
- New! As an American Express® Gold Card Member, you can enjoy complimentary Hertz Five Star® Status. Enjoy benefits like skipping the counter at select locations, adding an additional driver at no additional cost*, and vehicle upgrades**. Benefit enrollment and Hertz Gold+ registration are required. *Additional drivers must meet standard rental qualifications and must be a spouse or domestic partner to qualify as complimentary. Other additional drivers subject to fees. **Benefits are subject to availability and vary by location. Additional Hertz program Terms and Conditions including age restrictions apply.
- Take advantage of a $100 credit towards eligible charges* at over 1,300 upscale hotels worldwide when you book The Hotel Collection through AmexTravel.com or the Amex Travel App **. *Eligible charges vary by property. **The Hotel Collection requires a two-night minimum stay.
- Book your travel through the Amex Travel App with added peace of mind – backed by American Express® service and support. Only for American Express® Card Members.
- Whenever you need us, we're here. Our Member Services team will ensure you are taken care of. From lost Card replacement to statement questions, we are available to help 24/7.
- No Foreign Transaction Fees.
- Annual Fee is $325.
- Terms Apply.