A hot, and unfortunate, topic in plastics circles is the prevalence of brute force BIN attacks. These attacks use the assumed predictability of card numbers to find combinations of valid cards to commit fraud. While no process or enhancement can truly eliminate a bad actor, introducing randomized card numbers and expiration dates to the plastic creation process can help to mitigate brute force attacks.
In an effort to make it more difficult to find valid card numbers for a brute force attack, credit union staff can elect to activate randomization methods that were included in the CU*BASE 21.20 fall release.
With these options, users can elect to randomize a card’s expiration date at card creation, selecting a random month throughout the configured year of expiration. Users can also choose to randomize either the full PAN or the card increment, leading to generation of card numbers that are more difficult to predict.
Credit unions interested in turning on these mitigation options are encouraged to contact SettleMINT EFT for more information about the solution that is right for them. Options are available in the CU*Answers Store to request card randomization for credit cards, as well as for ATM/debit cards. This service is currently free to credit unions, and makes a great tool to add to your plastics department’s fraud mitigation arsenal.