Enumeration Fraud Awareness

July 28, 2023 08:33

Enumeration fraud attacks are attempted payments that are submitted for the purpose of testing card account numbers, or credentials. Enumeration fraud is also referred to as card testing attacks (attempts to test sequential card numbers that are randomly generated), or BIN attacks (attempts to test multiple compromised card numbers that are issued on the same BIN).

Enumeration attack characteristics may include, but are not limited to the following patterns:

  • $0 or low authorization amount

  • High issuer and / or RevenueProtect refusal rate

  • Increase in authorization attempts utilizing the same issuer BIN

  • Randomly generated cardholder information

  • High number of authorization attempts within a short amount of time

Please note that such patterns may not be 100% indicative of a fraud attack, and we would recommend a review of transactional activity before taking steps to implement risk controls.

Impact of enumeration fraud on merchants

  • Reduction in authorization rates, due to high issuer decline rates

  • High transaction fees stemming from declined transactions

  • Visa or Mastercard excessive retry fees

Steps to prevent or alleviate the risk from enumeration fraud

  • Investigate unusual activities such as increases in issuer refusal rate, or in the number of payment attempts with a $0 amount

  • Using the Risk & Dispute management report in the Customer Area, be aware of increases in issuer or risk refusals that can denote a fraud attack

  • Implement CAPTCHA test on your checkout page or a similar solution

  • Consider temporarily blocking the BINs utilized by the fraud actors

  • Enable and assign risk scores to the following RevenueProtect risk rules:

    • Card number chunk used more than X times within Y minutes

    • Mastercard or Visa card number used more than X times within Y days

    • Card/bank account number used more than X times within Y hours

    • Shopper email used more than X times within Y minutes

    • Shopper IP used more than X times within Y minutes

    • Shopper initiated a transaction more than X times within Y days

  • Utilize custom rules targeting the trend you identified in RevenueProtect (a RevenueProtect Premium feature)

For more information on how to utilize RevenueProtect in order to mitigate fraud, please visit the risk management page.

If you have further questions, please reach out to your regional risk team or Adyen Help.