Skip to main content


Home BIN attack

BIN attack

(also BIN-based Fraud)

BIN attack definition

In cybersecurity, the “Bank identification number attack” or “BIN attack” refers to when cybercriminals exploit the first six digits of a credit or debit card, also known as BIN, to identify the issuing bank and the card type. After gathering this information, cybercriminals can target specific card types or banks for further personal data exploitation.

See also: catfishing

Common BIN attack applications

  • Card generation: Hackers and attackers generate fake debit/credit card numbers with valid BINSs in various fraud scenarios.
  • E-commerce fraud: Criminals use valid BIN numbers and test them with stolen credit card details on various e-commerce platforms in order to achieve successful transactions.
  • Phishing: Cybercriminals and scammers generate legitimately looking messages using examples of specific banks with the gathered BIN information to increase the chances of luring and exploiting users.
  • Social engineering: Using the issuing bank’s BIN, scammers attempt to impersonate bank personnel using social engineering techniques to gather sensitive information.
  • Subscription services: Attackers use stolen BINs to create various accounts for subscription services in order to obtain free service without payment.
  • Fraudulent transactions: Cybercriminals Exploit payment weaknesses by using valid BINs to perform unauthorized transactions.