Credit Card BINs
K&U logo- white green

Credit Card BINs

Audience: Financial Security Teams: Fraud, CTI


The Fraud Department at a multinational financial institution asked their analyst team to determine whether any company Banking Identification Numbers (BIN’s) are being discussed or targeted by malicious cyber actors within the Deep and Dark Web (DDW). The analyst team uses Avalon and available Marketplace threat data for proactive fraud analysis and investigation.

Avalon Collaboration

  • The analyst team imports BINs belonging to their organization, or manually adds them as TEXT nodes within Avalon. Avalon is able to instantly identify and highlight any existing data within Avalon from previous investigations built by or shared to the Fraud analyst team, as well as data from Avalon’s integrated enrichments. The analyst team can easily add this data to the investigation, saving them from re-creating work that has already been done by teammates.
  • The analyst team can then leverage additional enrichments to bring in DDW data from Intel471, Flashpoint, and SixGill to surface discussions by malicious actors on the DDW that contain their BINs. From this initial enrichment, the analyst team can see content of DDW forum posts mentioning the BINs along with metadata about the forums and actors themselves that can be used as leads to find additional information.
  • In a short timeframe, the analyst team was able to use Avalon and multiple partner data sources to find conversations about financial institution BIN’s and potentially fraudulent access to credit cards, threat actors involved in the discussion, and in some cases, affected institutional card numbers.


  • The analyst was able to build on existing organizational knowledge, enriched with data from multiple DDW intelligence providers, to develop a complete picture of company data present within the DDW.
  • Because previous analysis was preserved and brought into the investigative workspace and added to the Avalon graph, the analyst team saved research hours and was able to quickly piece together a comprehensive analysis of the threat.
  • This analysis resulted in a list of possiblycompromised accounts and threat actor aliases that could easily be exported for operational use and for further investigative processes.
  • A report on the findings was created and saved inside Avalon and the analysis conducted was also saved making it readily available to contribute in future investigations.

About Us

King & Union is a cybersecurity company that has built and designed Avalon, the industry’s first cyber analysis platform. The Avalon Cyber Analysis Platform helps analysts streamline threat investigations by providing the intelligence, tools and collaboration security analysts need in a seamless, integrated workspace.