The competition between cybercriminals and the fraud and security teams at banks, tasked with stopping their attacks, is incredibly lopsided. The fraud and security teams have to get it right 100 percent of the time to maintain their position of trust across the financial services ecosystem. The cybercrime gang, on the other hand, only has to get it right once; one crack, one mistake, one piece of spaghetti code that doesn’t do its job right and they are in — and in to wreak havoc.
The cybercriminals — Johan Gerber, executive vice president of security and cyber innovation at Mastercard, told Karen Webster — are working 24 hours a day, seven days a week, hammering away at those systems until a crack makes itself known. Particularly popular as of late (and a good stand-in for the problem as a whole, he noted) is the sharp increase in BIN attacks. BIN attacks rely on combining a single, valid card number and a piece of number-generating software to create many potential card numbers. The attack relies on probing card-authorization systems to see which ones are valid numbers. From there, Gerber said, once they know that, it’s all a matter of automating attacks on the valid card numbers until they are shut down.