Fraud Attack Hits Redstone FCU, Mitigation Efforts Continue

The Huntsville, Ala.-based Redstone Federal Credit Union said on Tuesday that it has been the victim of a BIN (Bank Identification Number) attack. While it’s unclear when the attack began or exactly how many members have been impacted, the credit union stated that it discovered the attack last week.

According to a statement from Redstone ($7.6 billion in assets, 653,211 members), the attack is ongoing. “A small percentage of Redstone’s members have been affected. Redstone continues to work to mitigate this threat. We evaluate and adjust our fraud detection tactics daily to try and block fraudsters’ continuously changing efforts. Our efforts to stop this fraud is having an impact.”

BIN attacks happen when fraudsters use a known BIN to systematically test and generate the remaining numbers of a credit or debit card. A bot is typically programmed by the fraudsters to make small transactions and that makes the fraud difficult to detect.

The Atlanta-based e-commerce and payment-processing company International Payments Processing said recently that the number of BIN attacks have increased dramatically during the pandemic.

“America accounts for 33.6% of worldwide losses, making it the most e-commerce fraud in the world. However, the COVID pandemic worsens this situation since many businesses have to sell their products online and have quickly become targets for fraudsters,” the company stated.

Redstone stated that many of the BIN attack amounts were less than $10 per transaction. “Our team is reimbursing affected members as quickly as possible.”

The credit union has asked its members to be on alert. “We invite our members to partner with us in this fight by utilizing the debit card tools available through online banking, such as card alerts and card control,” Redstone said in a statement.