HUNTSVILLE, Ala.— Redstone Federal Credit Union is offering an update to members whose accounts had fraudulent charges from Walmart.com.

As the CU Daily originally reported here, Redstone Credit Union and Walmart had issued a statement in early March that they were aware  of members having “fraudulent Walmart.com charges pending on their accounts,” and further said it is taking action to reverse any charges members believe to be fraudulent.

According to the updated statement, Redstone Federal Credit Union’s systems were not hacked or breached. Instead, Walmart.com was used to “push through fraudulent charges.”

BIN Attack Cited

Redstone FCU said in the new statement by saying that the charges on some Redstone member accounts from Walmart.com are part of a Bank Identification Number (BIN) attack.

“A BIN attack, which is faced by all financial institutions, is a type of fraud perpetrated by cybercriminals who try to access credit and debit card systems using a method
that involves randomly guessing numerous combinations of card numbers until the correct information works, allowing for unauthorized charges,” WHNT explained. 

Big Retailers Vulnerable

Large retailers are particularly vulnerable to BIN attacks because they process a vast number of transactions daily, providing attackers with a wealth of data to exploit, the report added.

Officials told WHNT that Walmart.com has automatically refunded more that 77% of the fraudulent charges.