Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Malatsi comes out swinging in Starlink lobbying row - Solly Malatsi

      Malatsi comes out swinging in Starlink lobbying row

      6 July 2026
      'Functioning but limping': PSC lays bare the rot at Sita - State IT Agency

      ‘Functioning but limping’: PSC lays bare the rot at Sita

      6 July 2026
      Bookmakers to ISPs: stop debating, start blocking

      Bookmakers to ISPs: stop debating, start blocking

      6 July 2026
      MTN's Ralph Mupita named to new UN AI commission - Ralph Mupita

      MTN’s Ralph Mupita named to new UN AI commission

      6 July 2026
      British TV giants merge to take on Netflix

      British TV giants merge to take on Netflix

      6 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
      TCS | Charge's R1.8-billion bet on an off-grid EV future - Charge chairman Joubert Roux

      TCS | Charge’s R1.8-billion bet on an off-grid EV future

      18 May 2026
    • Opinion
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
      Finish the job Mandela started - Farzam Ehsani

      Finish the job Mandela started

      18 June 2026
      The author, Fanie van Rooyen

      The US just showed it can switch off our AI

      17 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Information security » BIN scans, DDoS and the next cybercrime wave hitting South Africa’s banks

    BIN scans, DDoS and the next cybercrime wave hitting South Africa’s banks

    As banks beef up their security perimeters, criminals are now devising methods to beat banks’ own authentication protocols.
    By Gerhard Oosthuizen3 December 2025
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    BIN scans, DDoS and the next cybercrime wave hitting South Africa's banks

    As banks beef up their security perimeters, criminals are now devising methods to beat banks’ own authentication protocols, quickly and effectively exfiltrating funds.

    Two particularly concerning modes of attack have emerged: bank identity number (BIN) scan attacks and distributed denial of service (DDoS) assaults orchestrated to hide targeted attacks.

    BIN scan attacks represent a strategy where fraudsters use the 3D Secure protocol to steal card information by guessing card numbers to see which ones are active.

    BIN scan attacks represent a strategy where fraudsters use the 3D Secure protocol to steal card information…

    The rate of this fraud is growing as other protections make card-stealing more complicated. Mastercard reports that fraud as a service (FaaS) has also added to the problem, boosting BIN attacks by 80% since 2020.

    By using made-up card ranges and submitting this against the 3D Secure network to look for signals of success, fraudsters know that if the system returns “card not found”, it’s a miss. However, if the response suggests a valid card, they have a match.

    Fraudsters are hitting issuers across different markets, building databases of usable cards that can later be sold or exploited in other attacks. Where these BIN scan patterns are detected, issuers usually block and reissue cards, thereby protecting customers, but at the same time they are adding both operational cost and inconvenience.

    To address this requires diligently scanning for these patterns. If detected, banks can then return false responses to the attackers, giving them incorrect answers and stopping them from getting useful information. What’s more, consortiums that work across multiple banks can offer a wider perspective, allowing software to track the attack waves and how they evolve, thereby protecting the wider ecosystem and stopping attacks earlier in the cycle.

    DDoS attacks

    Another favoured method is deploying DDoS attacks to overwhelm the access control service during payment authentication. Systems like 3D Secure, which is positioned earlier in the process to protect consumers, is a particular favourite. In fact, the number of DDoS attacks increased by 137% in the first quarter of 2025 compared to the prior year, with financial institutions being prime targets.

    When syndicates know they have active cards, they will flood transaction systems with incredibly high volumes of traffic that cannot easily be separated from good transactions. When the 3D Secure system fails to handle these massive volumes, and response times drop below acceptable thresholds, the system gets bypassed. With that protection gone, the fraudsters get an easier, unprotected path into the payment network.

    Read: Africa bears the brunt of global ransomware attacks

    This subtle undermining of the fraud barrier allows criminals to slip through fraudulent payments without detection, turning banks’ own resilience mechanisms into potential liabilities.

    While financial institutions are investing heavily in layered protections to mitigate against these disruptions and protect 3D Secure availability, the rate of attacks will continue to grow, threatening the availability of authentication systems.

    The author, Entersekt's Gerhard Oosthuizen
    The author, Entersekt’s Gerhard Oosthuizen

    To address these attacks, banks need to have systems that constantly monitor for any sudden changes in normal levels of activity (such as a rising number of card declines or an increase in card challenges that are never completed) and can dynamically trigger defences that prevent attacks from being successful. For example, limiting multiple invalid payment requests on the same card from different websites.

    As with all evolving threats, the solution is multifaceted but relies heavily on the ability to spot patterns, having access to enough data for a complete picture and automating responses.

    By aggregating data and sharing insights across a consortium, it becomes possible to identify suspicious patterns that might be invisible to a single institution. When a new fraud pattern, such as a particular BIN scan technique is detected, rules and protections can be adapted not just for the affected bank, but across the entire consortium. This rapid-response capability is amplified by SaaS delivery models, which allow for swift updating and fine-tuning of fraud detection logic as new threats emerge.

    Ongoing collaboration between banks and their authentication partners is paramount

    Consortiums that have global reach and local understanding can help tailor defences to the nuances of each market so they are both effective and contextually relevant. This will become all the more important as new standards such as passkeys and digital identity are rolled out.

    Ongoing collaboration between banks and their authentication partners is paramount. Rules must be continuously reviewed, updated and validated against the shifting tactics of cybercriminals. These two particular attack modes prove collaborative vigilance is what will keep banks agile and protected, allowing them to anticipate, not just react to, the next wave of fraud.

    • The author, Gerhard Oosthuizen, is the chief technology officer at Entersekt

    Get breaking news from TechCentral on WhatsApp. Sign up here.

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    BIN scans Entersekt Gerhard Oosthuizen
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleBusiness confidence rebounds, but economists warn it’s too early to celebrate
    Next Article South Africa launches probe into Shein and Temu

    Related Posts

    South Africa's fraud surge runs on trust, not hacking

    South African fraud surge runs on trust, not hacking

    29 May 2026
    The gaps in South Africa's digital ID plan

    The gaps in South Africa’s digital ID plan

    7 May 2026
    The AI fraud crisis your bank is not ready for - Andries Maritz

    The AI fraud crisis your bank is not ready for

    18 February 2026
    Company News
    Finding focus: a strategic approach to cybersecurity for SMBs - Kaspersky

    Finding focus: a strategic approach to cybersecurity for SMBs

    6 July 2026
    Why voice-first communication matters more in the AI era - Mitel

    Why voice-first communication matters more in the AI era

    6 July 2026
    Friendship was the hard part of online school - until now - CambriLearn

    Friendship was the hard part of online school – until now

    6 July 2026
    Opinion
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026
    The author, Pambos Soteriades

    The pivot South Africa’s MVNOs cannot afford to miss

    23 June 2026
    Brazil's online gambling crackdown is a lesson for South Africa

    Brazil’s online gambling crackdown is a lesson for South Africa

    22 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Malatsi comes out swinging in Starlink lobbying row - Solly Malatsi

    Malatsi comes out swinging in Starlink lobbying row

    6 July 2026
    'Functioning but limping': PSC lays bare the rot at Sita - State IT Agency

    ‘Functioning but limping’: PSC lays bare the rot at Sita

    6 July 2026
    Bookmakers to ISPs: stop debating, start blocking

    Bookmakers to ISPs: stop debating, start blocking

    6 July 2026
    MTN's Ralph Mupita named to new UN AI commission - Ralph Mupita

    MTN’s Ralph Mupita named to new UN AI commission

    6 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}