Latin American “Bineros” Ramping Up Fraudulent Activity

May 17, 2018

Fraudulent activity among Latin American cybercriminals, known as bineros, continues to plague online streaming services and retailers operating in the region. The source of this death-by-a-thousand-cuts type of fraud is an undetermined issue with the validation of BINs.

Bineros operate in Spanish-language (and some Portuguese-language) Latin-American underground communities and focus on the hunt for security flaws related to bank identification numbers (BINs). BINs that are improperly validated during online checkout processes can then be abused by the bineros, who subsequently generate false payment card numbers beginning with the vulnerable BIN in order to carry out fraudulent purchases.

Flashpoint analysts said they have observed a rising number of discussions about this type of fraud in Spanish-language forums and on the encrypted messaging app Telegram, with mentions of binero-styled card numbers peaking in April 2017 and again in November 2017.

BINs are four- to six-digit numbers that identify the issuing bank in a payment card purchase. BINs have a purpose in limiting fraud and speeding up payments by matching transactions to an issuing institution, which receives the authorization request related to a transaction.

The improper validation likely arises from the bank behind the BIN not supporting the type of card validation that the online retailers perform, thereby approving a card even if it is not valid.

Tutorials hosted on some Deep & Dark Web (DDW) websites put a great deal of emphasis on the importance of a specific BIN susceptible to this type of fraud because most of the remaining card details can be generated with a specialized tool. A number of these tools are available in Spanish-, Portuguese-, and English-language forums and they can generate card details including CVV codes and expiration dates that are purportedly capable of bypassing security measures. Most bineros seem to prefer inventing a fraudulent card rather than stealing or buying existing card numbers; the vulnerabilities in the respective checkout systems can be exploited to trick the bank into processing a payment, even on a card that likely doesn’t exist.

A worrisome aspect to this type of fraud is that it’s carried out with fabricated information, save for the BINs, meaning there’s no need to purchase or steal compromised payment card data anywhere else on the Deep & Dark Web (DDW). This activity is hitting the retail and entertainment services industries—in particular, music and video streaming services—in addition to the fraudulent purchase of products online. In fact, the underground tutorials supplement BIN-related retail fraud with advice on shipping fraudulent purchases and the use of reshipping services to serve as a drop site.

Targeting online entertainment services appears to be quite popular within binero communities. Flashpoint analysts assess that bineros likely target online entertainment services more frequently than online retailers due in part to the immediate delivery of such services, as opposed to the more complicated logistics surrounding shipping and receiving online goods.

Adding to the tension is the fact that bineros seem content to share techniques in order to boost credibility and reputation on Spanish-language forums, seemingly without fear of oversaturating their market or burning their methods. They also use social media and messaging platforms to share information publicly and collaborate to the benefit of all bineros.

Flashpoint analysts believe the bineros’ attitude toward widespread sharing of techniques may be due to either affected entities’ slow responses to this type of fraud or to the ease of finding new BINs for targeting online retailers and entertainment services.

Flashpoint analysts assess that binero-related fraud will likely persist. The low levels of effort and technical sophistication needed to conduct binero fraud may indicate that this method will continue to attract new fraudsters.