Levelling Up: Why BIN Mismatch Data Shouldn’t Be Your Only Fraud-Fighting Tool

At this point, it shouldn’t be a surprise -the pandemic has accelerated the move to a more digital world. This year’s tidal wave of new online shoppers not only accelerated ecommerce growth by 5+ years, but also created more opportunities for fraudulent activity.

Brands do everything they can to mitigate fraudulent transactions but often miss the mark. What we’ve noticed here at Reach is that many merchants think they’re doing a great job fighting fraud with a tried and true tool – BIN mismatch.

rupixen-com-Q59HmzK38eQ-unsplash (1)

BINs, or Bank Identification Numbers (those first 6 numbers on a credit card), show where a card is issued, and when that information doesn’t match the shipping address, or doesn’t make sense when looking at a customer IP address, a merchant often feels confident saying “no” to a customer or transaction. While BIN mismatch is a great tool, it’s just one of many – merchants should be careful not to ignore other, far more prevalent payment processing concerns.

Where BIN Mismatches Fall Short

BIN mismatches aren’t the fraudster “catch-all” they’re made out to be, but first – let’s explore what it means to have a bank identification number (BIN mismatch: A BIN mismatch occurs when the purchaser’s country of origin, and the country where his/her bank is located may not match up for a variety of good (and valid) reasons.

In the European market specifically, merchants are likely to see transactions from all over the continent, resulting in a BIN mismatch. This is primarily due to the high volume of air traffic as international travelers often make their connections via European airports, as well as the “borderless” nature of the continent, with people moving from country to country in search of new opportunities., Here are a couple of practical examples:

An expat could make a purchase using a card issued in his/her home country, and have that order shipped to a temporary residence.
A “digital nomad” with a home base that rarely matches his/her current location won’t have a consistent IP *or* address.

So, why then is there an overreliance on the BIN mismatch method?

Keeping track of fraudster trends is a full-time job, and many merchants are administratively and technologically lean, with “fraud specialist” functions either built into another role or outsourced to an “expert” who may or may not have their finger on the pulse of the global fraud market. Keeping a constant, watchful eye on global fraudsters requires a fair amount of time, and the right resources.

Keeping Global Fraudsters Front & Center

Global fraud comprises an incredibly extensive network, making it hard to keep up with, even for those monitoring it full time. Members of these fraud networks are also known to “give back” to their criminal community by sharing their winning exploits with others, making it possible to learn from one another and thereby, improve their skills.

Merchants, on the other hand, aren’t known for openly sharing their fraud prevention expertise (or their challenges in general!) with other merchants. And unless that dynamic ever changes, which it likely won’t, merchants as a whole will continue to be at a pretty significant disadvantage against this highly networked and technologically advanced, group of fraudsters. However, thanks to historical data gathered on cross-border fraud patterns and trends, merchants are armed with the knowledge that certain countries, typically characterized by challenging economic conditions and adequate internet facilities, such as South Africa, Romania, and Mexico, are fraud hot-spots that should be monitored carefully.

Knowing When Cross-border Activity is Valid

When payment processors think about fraud in Latin America, it’s likely that they will choose to only focus on fraud in major markets like Brazil and Mexico, and understandably so. But this is a mistake, as placing less importance on countries like Peru, Colombia, and Argentina (where we have seen an increase in fraudulent activity). Of course, this will leave merchants vulnerable to attack.

For example, although merchants can expect to see some cross-border card use with odd combinations (for example, a Northern Argentina location with a Bolivian or Brazilian card), others are not as common and could go “either way,” such as in the case of an Italian credit card being used with a Peruvian IP address or Device Location.

The big question: Is your payment processing software sophisticated enough to catch common vs. not-so-common cross-border distinctions, or would it dismiss both as potentially fraudulent? Or maybe would it accept both as valid?

You can see why fraudsters love this market: the combinations to watch out for are constantly changing, and keeping track of these trends is not easy if one is not in touch with the right fraud prevention specialists.

So you probably want to know the best ways one can weed out fraudsters. Well, it really depends on where in the world the fraud is happening.

The Many Methods of Mayhem

Since accelerated digital transformation is the name of the game, ecommerce has become a fraudster’s paradise, and their attacks have become more common, and more aggressive.

Here’s a brief introduction to the most common fraud types taking place *right now* and threatening brands around the world every day.

Since the dawn of ecommerce, phishing emails have been a problem for consumers, and by extension, merchants. These emails have become increasingly sophisticated, making it harder for consumers to realize they’re being duped. When they fall victim to these attempts (which are being sent via text messages these days, too), the stolen credentials are immediately used to steal money and identities, and create purchase chains that inevitably result in chargebacks.

Fraud Fact: There are often duplicate letters in the fraudster email format: i.e. carloos@domain.com instead of carlos@domain.com. Does that mean every email with a duplicate letter is fraudulent? No, but it’s a good way for them to test your defenses and see if you’re watching!

Gone are the days when Porch Piracy was just an inconvenience of a digital-first era. Today, the annoying trend with the funny name has not only become a bigger problem in itself, but it’s helped create a new fraud monster: Refund fraud.

Refund Fraud involves chargebacks made by consumers falsely claiming to have not received a product. With much of the world experiencing financial strain, this is becoming increasingly common. Consumers double-dipping? Ouch.

When fraudsters create accounts that mix fact and fiction – providing accurate consumer intel alongside other fake data, that’s Synthetic Fraud. Merchants should be able to detect these instances easily, but with to-do lists that never end, they’re overwhelmed, and these fraud attempts can sneak by relatively stealthily.

If you want to learn about fraud that contains a pretty “next level” degree of sophistication, well that’s Triangulation Fraud.

Hold on, because this one can get complex.

While these steps are taking place, the cardholder of the stolen credit card disputes the transaction with the issuing bank, resulting in a chargeback against the retailer.

The fraudster in the meantime has received the money from the unsuspecting consumer! The retailer may blacklist the address, making future ordering for that consumer difficult, and the worst part? The fraudster usually gets away with the money.”

These are just a handful of the more well-known strategies in the fraudster community, so be sure to partner with a payment processor who is equipped to monitor key trends for you and prevent damage to your brand and your bottom line!

We know a place. Reach out to have a conversation with our fraud experts!