Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely as possible.

A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely and as often as possible.

Cybercriminals in the region are making use of problems in the validation process for bank identification numbers (BINs) to generate fake payment card numbers; they then use the fake cards for online transactions. The perpetrators are accordingly dubbed “biñeros” by researchers at Flashpoint, who analyzed the phenomenon.

BINs are four- to six-digit numbers that identify the issuing bank in a payment card purchase. The crooks are gathering on the Dark Web to discuss hunting for BINs that will work on online streaming and e-commerce sites that improperly authorize them during online checkout processes.

“BINs have a purpose in limiting fraud and speeding up payments by matching transactions to an issuing institution, which receives the authorization request related to a transaction,” Flashpoint researchers said, in an analysis. “The improper validation likely arises from the bank behind the BIN not supporting the type of card validation that the online retailers perform, thereby approving a card even if it is not valid.”

Armed with a BIN that can bypass the security of the checkout system, they simply create the other card details out of whole cloth, like CVV codes and expiration dates. “Most of the remaining card details can be generated with a specialized tool,” the researchers explained, adding that these handy generators are available in Spanish-, Portuguese- and English-language forums.

They added, “Most biñeros seem to prefer inventing a fraudulent card rather than stealing or buying existing card numbers; the vulnerabilities in the respective checkout systems can be exploited to trick the bank into processing a payment, even on a card that likely doesn’t exist.”

Thus, the fraudsters simply bank on the BIN (so to speak) on these sites to be approved without being tied to real card details, so they can buy or subscribe to music and video streaming content or carry out fraudulent purchases. Underground tutorials even offer advice on shipping the ill-gotten goods and the use of reshipping services to serve as a drop site.

An interesting aspect of the phenomenon is the communal spirit of the biñero ecosystem. Any number of Spanish- and Portuguese-language forums play host to groups of biñeros, who seem willing to share their tips and tactics wide and far. They also use social media and messaging platforms to share information publicly and collaborate to the “benefit” of all likeminded fraudsters.

The researchers speculated that this kumbaya effect could be because the players want to boost their credibility and reputation by publicizing their knowledge and latest shenanigans, or it could be that impacted entities are just so slow to respond – and vulnerable BINs so easy to find – that they’re not worried about oversaturation or burning their attack surface.

In any event, Flashpoint analysts said they have observed a rising number of discussions about this type of fraud in Spanish-language forums and on the encrypted messaging app Telegram.

“A worrisome aspect to this type of fraud is that it’s carried out with fabricated information, save for the BINs, meaning there’s no need to purchase or steal compromised payment card data anywhere else on the Deep & Dark Web (DDW),” Flashpoint analysts said. “The low levels of effort and technical sophistication needed to conduct biñero fraud may indicate that this method will continue to attract new fraudsters.”

Suggested articles

Discussion

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.