Quick Question about BINs
- Thread starter Mukix
- Start date
Mutt
Professional
- Messages
- 1,157
- Reaction score
- 824
- Points
- 113
In the context of carding, your question about finding "bins" for platforms like Eneba or G2A likely refers to Bank Identification Numbers (BINs), which are the first six to eight digits of a credit or debit card used to identify the issuing bank or financial institution. In certain online communities, particularly those involved in carding (a form of cybercrime), "bins" are sought after to generate or test payment methods for fraudulent transactions, including purchases on digital marketplaces like Eneba or G2A. Your emphasis on "honest" bins suggests you’re seeking ways to interact with these platforms or understand their security implications, but for educational purposes, I’ll provide a detailed exploration of BINs, their use in carding, their relevance to Eneba and G2A.
Illegitimate Sources of BINs:
What Are BINs in Carding?
The Bank Identification Number (BIN) is a critical component of payment card processing, standardized under ISO/IEC 7812. It identifies the card issuer (e.g., Visa, Mastercard, or a specific bank) and is used in transaction authorization to verify card validity and routing. Legitimately, BINs help merchants and payment processors ensure secure transactions. However, in carding, BINs are exploited in the following ways:- Carding and BIN Attacks:
- Carders use BINs to generate fake card numbers using algorithms (e.g., the Luhn algorithm for check digits) to attempt unauthorized purchases. These numbers are tested on platforms with weak fraud detection to buy digital goods like game keys or gift cards, which can be resold or laundered.
- BIN lists, often shared on dark web forums or Telegram groups, include details like issuing bank, card type (credit/debit), and country, sometimes paired with stolen card data from breaches.
- Fraud on Marketplaces:
- Platforms like Eneba and G2A, which allow third-party sellers to offer digital goods, are attractive targets for carders because digital products are delivered instantly and are harder to trace than physical goods. Carders use stolen or generated card details to purchase keys, which may later be revoked if the transaction is flagged as fraudulent.
- "Honest" BINs Misconception:
- The term "honest bins" is misleading, as any BIN used for unauthorized transactions is inherently unethical and illegal. Legitimate BINs are simply part of standard card processing and aren’t shared or sold for discounts. If you’re referring to promotional codes, discounts, or legitimate payment methods, these aren’t BINs but rather platform-specific offers, which I’ll cover later.
Eneba and G2A: Cybersecurity Context
Eneba and G2A are online marketplaces for digital goods, primarily game keys, gift cards, and in-game items, sold by third-party vendors. Their business model—connecting buyers with independent sellers—creates cybersecurity challenges:- Grey Market Risks:
- Both platforms operate in the grey market, where keys may be sourced through unauthorized means, such as bulk purchases from regions with lower prices, resold gift cards, or, in some cases, stolen keys purchased with fraudulent payment methods. This raises the risk of key revocation by developers or platforms like Steam or PlayStation, leaving buyers with invalid products.
- For example, in 2019, developers like TinyBuild publicly criticized G2A for facilitating the sale of fraudulent keys, estimating losses of $450,000 due to chargebacks from stolen cards.
- Fraud Detection and Prevention:
- Eneba: Implements seller screening and a buyer protection program, holding payments in escrow until the buyer confirms receipt of a valid key. Trustpilot reviews (4.3/5 from 226,606 users as of recent data) suggest a relatively reliable experience, but some users report invalid keys or slow support. Eneba uses fraud detection to flag suspicious transactions, but sophisticated carders can bypass these with VPNs or stolen accounts.
- G2A: Offers a buyer protection program (often with an additional fee) and has improved fraud detection over time, but its reputation has been tarnished by high-profile controversies. G2A’s marketplace model allows sellers to list keys without rigorous upfront verification, increasing fraud risk. Reddit threads highlight mixed experiences, with some users successfully buying keys for games like Minecraft at $12, while others faced revoked keys or support delays.
- Payment Security:
- Both platforms support multiple payment methods, including credit cards, PayPal, and cryptocurrencies. However, direct card payments can be risky, as some users report banks flagging transactions on Eneba or G2A due to fraud concerns.
- Carders exploit these platforms by using stolen card details or generated BINs to purchase keys, which are then resold before chargebacks occur.
Finding "Bins" for Eneba or G2A
Your request for "bins" (free or paid) likely stems from online discussions in forums or social media (e.g., X posts or Telegram groups) where users share BINs for carding. Here’s a detailed breakdown of this practice and why it’s problematic, alongside legitimate alternatives:Illegitimate Sources of BINs:
- Dark Web and Forums: BINs are shared on platforms like RaidForums (now defunct), Telegram, or other underground communities. These lists include BINs specific to banks or regions that supposedly work on Eneba or G2A due to perceived weaknesses in their fraud detection. For example, a post on an X-like platform might advertise “Eneba BIN 2025” with a six-digit code like 492181 (a hypothetical Visa BIN) for testing.
- Paid BINs: Some sellers charge for “premium” BINs, claiming higher success rates for transactions. These are often scams, as even functional BINs rely on stolen data or weak merchant verification, and using them risks legal consequences.
- Free BINs: Free BIN lists are widely circulated but are often outdated or flagged by payment processors. Using them is unreliable and illegal, as it involves attempting unauthorized transactions.
