a month ago
Advanced Rule Added: Track Suspicious BIN, IP & Card Activity 🔍
We’re excited to introduce a new fraud detection rule designed to identify coordinated transaction patterns involving BINs, IPs, and card usage. This rule enhances our ability to detect and prevent fraud schemes such as card testing, account takeovers, and money laundering.
🔍 What the Rule Does
This rule tracks the number of transactions associated with:
- A single IP address
- Multiple cards sharing the same BIN
- Transactions that exceed a defined amount threshold
- Within a specified timeframe
📌 Trigger Example
The rule will trigger if the following conditions are met:
- Transactions originate from a single IP address
- Involve 5 different cards sharing the same BIN
- A total of 10 or more transactions occur
- Each transaction exceeds 100 EUR
- Transactions happen within a 1 day
🎯 Objectives
1. Suspicious Activity Detection:
- Flags behavior that suggests possible card testing or fraudulent transaction attempts.
- Fraudsters often use multiple stolen credit card details to test their validity.
2. BIN Monitoring:
- A shared BIN often indicates cards issued by the same bank or financial institution.
- Fraudsters may acquire batches of stolen cards from specific BINs, making this pattern a red flag.
3. IP Address Tracking:
- Monitoring IP addresses helps identify attempts to bypass security by repeatedly transacting from the same location.
4. High-Value Transactions:
- Each transaction exceeding 100 EUR targets significant financial risk scenarios, ensuring smaller, benign transactions are less likely to trigger false alarms.
5. Time Window (30 Days):
- The 30-day timeframe targets persistent fraudulent behavior rather than isolated incidents.
💡 Potential Use Cases:
- Card Testing Attacks: Fraudsters systematically test stolen cards to find valid ones.
- Account Takeover (ATO): If multiple cards linked to one account or BIN are used repeatedly from a single IP, it may indicate a compromised account.
- Money Laundering Patterns: Unusually high transaction volumes from a single IP across multiple cards may point to laundering attempts.