Card Fraud is on the Rise!


Recently, debit cards at many financial institutions all over the country have been subjected to brute force attacks. This issue is affecting several local institutions. Our fraud monitoring system is doing its job and flagging these attempts, preventing most fraudulent activity from occurring.

Out of an abundance of caution, we are temporarily blocking numerous retailers from accepting our debit cards. We are continually reviewing this list and adding additional merchants as needed.

It is important to note that your account and personal information have not been compromised. If you have any questions on brute force attacks, please read the FAQs below.  

What is happening?
The fraudsters have found a partial number associated with the bank’s debit card batch and they are using this partial number along with random numerical strings to guess at full card numbers, expiration dates, and 3-digit security codes. The fraudsters do not have the cardholder’s name, phone number, address, or PIN. They are simply trying to guess at card numbers and expiration dates to find a match.
It is important to note that some merchants do not require the use of CVV or address verification which could permit certain security measures to be bypassed allowing transaction approvals on debit cards, including fraudulent transactions.
What is a brute force attack?
Brute force attacks are typically small fraudulent transactions, often under $1.00, where the attacker will keep running different card numbers until it comes back approved. Most of these attempts are flagged as fraudulent and are declined before posting to the account. The fraudsters are trying to guess card numbers and expiration dates in addition to the 3-digit security code or the cardholder’s ZIP code. They start with one random card number and keep incrementing the card numbers, looking for a match based on the guesses. The fraudsters perform a flood of thousands of random attempts, looking for just one success.
Why am I getting a phone call or text about possible fraud?
Our fraud monitoring system sees the suspicious attempts, blocks the fraudulent transaction, and follows up with a text or call the cardholder just to be sure it really is not a legitimate transaction. This just means that our fraud monitoring system has done its job to prevent fraudulent activity from occurring. It is not very likely the fraudsters will try again on that card once the transaction has been blocked. They will likely move on to guess other card numbers looking for a successful match.
Do I need to file a Dispute?
No, not unless fraud was posted to your account. If all the attempts of fraud were blocked, no action is needed.
Is a brute force attack a card compromise?
No. The card numbers in the attacks were not obtained from a compromise. The fraudsters are simply guessing card numbers and the card expiration dates. If a fraudulent transaction did post to your account, we would recommend replacing your debit card to avoid further fraud attempts. Otherwise, if you have not seen any fraudulent transaction attempts, there is little risk for you to keep that same card.
What happens when there is a successful fraud transaction hit?
When the fraudsters get a successful hit on a debit card, they try to use that card information to make large internet purchases before the bank and the account owner notice the activity. Thankfully, our processor has been able to block virtually all the “successful hits” from performing any big dollar fraud resulting from these brute force attacks.
Looking for ways to better protect your debit and credit cards? 
Download CardValet to protect and manage your Visa Credit and Debit Card today! Learn More!
Google Play Store    Apple App Store

« Return to "Blogs" Go to main navigation