Basil Jarrett | Putting bank fraud in the BIN

THE 2024 Olympics begin in just over two weeks’ time and, even though track and field’s one true king, Usain St Leo Bolt, has been retired for the better part of the last seven years, the games still feel empty and lacking without him.

From 2008 to 2016, Bolt had captured the imagination of the entire world, using his status as the fastest human being ever to elevate himself into something more than an athlete. An icon, a philanthropist and one of the most captivating human beings of all time, we are all fortunate to have lived in and witnessed this era of greatness. But, this story isn’t about Bolt. Nor is it about track and field and this month’s Olympics. Bolt may have dominated sprinting for eight years before he retired to private life in 2017 but, last January, he re-introduced himself to us as the face of another type of competitive sport – the ongoing cat-and-mouse game between law enforcement and bank fraudsters.

Since Bolt’s missing $2 billion and the SSL fraud were first discovered and announced early last year, Jamaica has been inundated with an explosion of fraud, cyber and cyber-related financial crimes, ransomware incidents, phishing scams and distributed denial of services attacks. To this alphabet soup of criminal activity we can now add another three letters to this growing list of threats to our banking systems – BIN attacks.

BIN attacks are an increasingly common method used by fraudsters to access persons’ bank accounts to make fraudulent purchases or transactions. The BIN – Banking Identification Number – is the first set of numbers, usually six digits, of a person’s debit or credit card. Once criminals have these numbers, they are able to then guess a valid combination of the card number, expiration date and card verification value (CCV), all of which are necessary for executing a card transaction.

“Now, hold on a second”, I hear you saying. “Credit and debit cards typically have 15-16 numbers. How on earth is anyone able to guess the remaining 10 digits, not to mention the expiry dates and CCV numbers?” Simple. The massive computing power of generative AI capabilities that are available today can output these complex calculations and computations in mere minutes, possibly seconds.

Last year, industry experts noted that e-commerce fraud rates continued to climb as fraudsters made greater use of generative AI to carry out more sophisticated cybercrimes. Credit card giants Mastercard said that US e-commerce-based fraud for 2023 approached US$50 million, while analysts Juniper Research estimated total global online payment fraud to exceed $340 billion. I think it’s a safe bet to say that 2024 will see these threats continue as the landscape increasingly shifts to reflect the impact of mainstream generative AI such as ChatGPT and others.

Needless to say, Jamaica is not immune to these threats. BIN attacks, like the many other forms of cyber and cyber-enabled financial crimes, are a common problem for all banks in Jamaica and, indeed, the world.

The solution, therefore, and I can’t stress this enough, is greater education and greater adherence to strict online banking security protocols and practices. Protecting against BIN attacks involves, at its lowest level, the protection of your personal information. Persons should avoid sharing sensitive financial details such as credit card numbers, expiration dates, CVV codes, and BIN ranges, with unauthorised individuals or websites. Caution should also be exercised when providing personal details online. If offered by your bank, you should also opt for secure payment methods, such as credit cards with built-in fraud protection and zero-liability policies. It’s also a good idea to regularly monitor your debit and credit card statements for any unauthorised transactions or suspicious activity.

You should also strive to keep your devices, including smartphones, tablets, and computers, up to date with the latest security patches and antivirus software, which can help to protect against malware, phishing, and other cyber-threats. You should also be very careful when clicking on links or downloading attachments from unsolicited emails, text messages, or social media posts. It’s a good idea, too, to be sceptical of messages requesting sensitive information or requiring urgent action, as they may be nothing more than elaborate phishing attempts.

Now, amid these tricks and tips to help stave off fraudsters, one particular recommendation that I had never considered was to simply minimise the amount of cash in your card-linked bank accounts and to try to spread your cash around different bank accounts. This helps to minimise loss if one of your accounts is hacked or compromised. Genius. Outside of the aforementioned cybersecurity tricks and tips, this was exactly the kind of useful, practical information that I think will help persons to take impactful action in safeguarding their money.

The truth is, cyberattacks, BIN attacks and other forms of online bank fraud are here to stay, and no one and no bank, is immune. Part of the solution, therefore, is for banks to continue to come up with these kinds of simple and useful tactics that persons can adopt and implement with relative ease, and to communicate them widely to the public.

Major Basil Jarrett is a communications strategist and CEO of Artemis Consulting, a communications consulting firm specialising in crisis communications and reputation management. Visit him at www.thecrisismajor.com or send feedback to columns@gleanerjm.com