Need a hand?

Just pop your question below to get an answer.

Topics
Personal · Security and fraud · How do I protect myself from fraudsters

Strange small charges on your card?

"I noticed a transaction for EUR 0.15 from a company abroad. I almost ignored it because it was so small. But then I saw another one for EUR 1.00. I froze my card through the Revolut app and called the fraud team. It turned out my card was part of a 'BIN attack'."

"The scammers were testing thousands of numbers. Because I caught the 'penny test', I stopped them before they could make a EUR 2,000 purchase at an electronics store."

Summary

This situation involves a highly technical and automated form of fraud known as a BIN ('issuer identification number') attack. The BIN refers to the first 6–8 digits of a credit or debit card, which are public and identify the specific issuer and card type.

Criminals use sophisticated software to generate thousands of potential combinations to guess the remaining digits of a card number, along with its expiry date and the 3-digit security code (CVV).

These attacks typically begin with what is known as a 'micro-transaction' or 'penny test'. You might notice a tiny, unrecognised charge from an unrecognised company. Once they confirm a card is live, they authorise much larger purchases before you even realise your details have been compromised.

Common red flags

  • Monitor the 'penny tests': Regularly review your transaction history for small, unrecognised charges. A tiny charge is a definitive warning sign that a criminal has successfully guessed your card details and is testing your account
  • Scrutinise recurring fees: Scammers often hide unauthorised spending as small monthly 'subscriptions' (for example, EUR 4.99). Periodically check your active card subscriptions and cancel anything you did not explicitly authorise
  • Verify website security: Be cautious of where you enter your card details. If a website looks unprofessional or lacks a secure https:// connection, do not enter your card information

Safety best practices

  • Use the 'Freeze' feature immediately: If you see any transaction you do not recognise, no matter how small, do not wait to contact us. Use the 'Freeze card' feature in-app instantly. This stops all further activity while you investigate
  • Use virtual cards for online shopping: For purchases on new or less-familiar websites, use a virtual or disposable card. These have a different number from your physical card. If a virtual card is caught in an attack, you can simply delete it and create a new one without affecting your main card
  • Pay with secure digital wallets: Avoid saving your physical card details on multiple small websites. Use services like Apple Pay or Google Pay, which use tokenisation to process payments without sharing your actual card number with the merchant