Catching Spikes Before They Burn You: Monitoring BINs to Stay Ahead of Carding Attacks

The modern fraudster sure seems to love a carding attack and AI makes that easier than ever to pull off. Here’s how it works: a bad actor takes a batch of stolen payment cards—typically all with the same BIN—and attempts rapid-fire transactions to test which ones are still valid. Should any transactions succeed, they’ll know which cards to use for bigger and more damaging fraudulent charges. 

From your side, a carding attack looks like a sudden, unnatural spike in transaction volume on a single BIN, most of which are (hopefully) declined. Such an attack can really put financial strain on your business—in terms of both the processing cost associated with each attempted transaction and the inevitable wave of chargebacks issued against any that succeed.

When it comes to responding to this type of fraud, speed matters. You don’t want to find out about a carding attack after the chargebacks have already piled up; you need to know what’s happening immediately so you can respond appropriately. That’s why the Pagos team built a new feature into Alerts, our automated data monitoring and anomaly detection service: transaction spike detection by BIN.

Now, when we detect that kind of surge, Alerts will let you know!

Why This Matters

Not every spike in attempted transaction volume is a carding attack. That being said, a sudden, narrow-volume increase on a single BIN is suspicious and always worth investigating. With Pagos’ new BIN-level transaction count anomaly detection, you can:

• Catch issues early - Give your Fraud and Operations teams a headstart in identifying a carding attack before it triggers downstream chargebacks, authorization issues, or fraud losses

• Reduce noise - Monitor segments of your transaction volume down to the BIN level, meaning you’ll only see anomalies for transactions made by a single BIN

• Avoid reputational risk - Adjust fraud rules or block traffic from a BIN associated with excessive fraud to minimize impact on approval rates and customer trust

How it Works

Powered by machine learning AI, our anomaly-detection model now tracks the daily count of transactions coming into your business from each individual BIN. If a BIN starts behaving abnormally and transaction counts deviate significantly from your typical benchmarks, we flag it.

The logic adjusts for natural variation in typical transaction counts by BIN—high-volume BINs aren’t treated the same as low-volume ones. Our model also learns from your historical patterns of transaction volume, and takes expected daily, weekly, and seasonal fluctuations into account. It’s not just a hard threshold — it’s dynamic, and built to adapt to your data.

What You’ll See

When the count of attempted transactions for any segment of your business spikes above expected levels, it triggers an alert in the Alerts page of your Pagos Service Panel. Now that we segment your volume by BIN, you’ll receive such an alert when transaction count spikes from any given BIN in a single day! 

In this example, the sample BIN of 12345678 saw an extreme volume spike on June 21st. With zero work on your part, you have a clear visualization of what happened, when, and through which processor. Even more, if you configured alert notifications, you’ll receive a notification of this anomaly in the application, via email, or even in a designated Slack channel. No carding attack will ever slip past you again.

Stay Ahead, Not Reactive

We know that detecting issues isn’t enough—you need timely and specific guidance on what went wrong in your payments setup and how to mitigate the issue moving forward. Transaction spike detection by BIN adds another layer of insight to your payments data observability toolkit, helping you stay one step ahead of bad actors and keeping your payment systems running clean and secure. Contact Pagos today to get started!