Mumbai: Axis Bank said on Thursday that the fraudulent credit card transactions reported by some of its customers appeared to be a `BIN attack’. The bank said there was no indication of any breach anywhere, and as the frauds were undertaken with basic card information, the debited amounts were recoverable.
Several bank customers have reported either attempted fraudulent transactions or transactions that have gone through with international merchants. Axis Bank did not disclose the number of complaints received but said they were `very small’. The bank said it had no specific advisory for cardholders but would act on specific complaints that were received.
A BIN attack, also known as a Bank Identification Number attack, is a type of credit card fraud where cybercriminals attempt to generate valid credit card numbers by systematically testing different combinations of card numbers with a specific bank identification number (BIN). The BIN is the first six digits of a credit or debit card number and identifies the issuing bank or financial institution.
Speaking to TOI, Sanjeev Moghe, President and head of cards and payments at Axis Bank, said, “This is a malicious attempt from certain merchants, and we have seen a few transactions hitting our system, affecting only a few cards. We have taken the due steps to block these merchants and reported them to the associations. Since these are international e-commerce transactions and are not authenticated through the two-factor authentication process, our customers have full chargeback rights, and the amounts are fully recoverable. We will work with our customers on the same and ensure they are not disadvantaged,” said Moghe.
“If a fraudster has a couple of card numbers, they can try guessing the sequence to generate other card numbers, and some of the transactions have gone through because the merchants do not have additional factor authentication. ‘Given the small numbers, we feel it has emanated from fraudsters from certain international merchants,” said Moghe. The frauds have not gone through for cards where the customers have not activated international transactions.
Although Axis Bank has acquired Citibank’s card portfolio, these currently run on a separate platform and the frauds were seen were only on the Axis Bank platform cards, Moghe said. He added that the bank has reported the incident to the Reserve Bank of India and the card networks.