How Can Banks Ensure Payment Cards Are Kept Secure? An Interview with G+D Netcetera

February 2026

Fintech & Payments

Lorien Carter

Senior Research Analyst

Last year, G+D Netcetera's BIN Attack Score triumphed at the Future Digital Awards for Fintech & Payments 2025; winning the Platinum Prize for Banking Fraud Prevention.

G+D Netcetera’s BIN Attack Score is part of an end-to-end strategy spanning security, operations, and customer experience. As part of G+D Netcetera’s holistic fraud prevention approach, Bank Identification Number (BIN) attack protection is embedded directly into the fraudulent 3DS transaction itself; meaning attacks are identified and stopped in real-time, even before authentication messages reach the cardholder. Meanwhile, banks benefit from consistent decline strategies that remove attacker feedback loops, reduce downstream fraud, and prevent operational overload. To learn more, we sat down with Tanja Steinhoff, Senior Product Manager, Payment Security, and Business Owner of the G+D Netcetera 3-D Secure Issuer Service, to understand how banks can protect their customers from fraud while delivering seamless customer experiences.

What are the most pressing challenges faced by banks today?

One of the most impactful challenges banks are facing is the rapid growth of card-not-present fraud, which is accelerating faster than the overall growth of eCommerce. This imbalance puts increasing pressure on fraud prevention teams, as existing controls struggle to keep pace with both transaction volume and attack sophistication.

Banks are also seeing a rise in BIN attacks linked to the misuse of 3-D Secure (3DS) protocols. In these scenarios, fraudsters generate large lists of card numbers and exploit 3DS authentication flows, using Access Control Servers (ACS) responses to identify which cards are valid. Once validated, these cards are either used on online merchants that are not protected by 3DS, or sold on the dark web for further exploitation.

The downstream impact is significant. These attacks increase exposure to non-3DS fraud, drive higher call centre volumes as cardholders report suspicious activity, and lead to costly card reissuance programmes.
 

Beyond the immediate financial losses, how do BIN attacks threaten a bank's operations and customer trust?

In one recent case, a large-scale BIN attack exploited a trusted public transport provider as a front; making the fraudulent activity difficult for customers to immediately recognise. As a result, customers were left confused and concerned about the legitimacy of the authentication notifications on their smartphones. The incident triggered a surge in inbound calls, with some customers waiting up to two hours to reach the call centre.

The operational impact was significant. The bank was forced to divert substantial resources to manage the incident, including staffing the call centre and implementing large-scale customer communications at short notice. Thousands of affected customers had to be issued new credit cards; adding further cost and complexity to the recovery process.

Beyond the strain on internal operations, the attack eroded customer confidence. When customers cannot easily access support or understand what is happening to their accounts, they lose trust in their bank quickly. 

By investing in a BIN attack prevention solution, banks can significantly reduce the likelihood and impact of such attacks. More importantly, it helps protect long-term brand value and customer trust.
 

How do BIN attack solutions prevent this type of fraud from occurring? 

BIN attack solutions address a critical vulnerability in the 3DS ecosystem by enabling real-time detection and prevention of card testing activity directly within the authentication flow. 

The BIN Attack Score mitigates the risk of large-scale attacks by applying a consistent decline strategy that removes the feedback loop on which attackers rely. Whether a card is valid, inactive, or not issued, the system presents the same authentication response; preventing fraudsters from confirming card validity.

Another key strength of the solution is its speed. Attack patterns are identified within very short timeframes while the fraudulent 3DS transaction is taking place. This allows banks to intervene early, before an attack can scale into a large, costly card testing campaign. And centrally, all of this happens without sending OTPs or push notifications to the cardholder; preventing call centre overload and loss of trust.

Has the effectiveness of these solutions been proven in real-world scenarios?

Yes. Shortly after its launch, the BIN Attack Score demonstrated strong real-world performance during pilot deployments. Within just 72 hours, the solution detected more than 25 distinct BIN and card testing attacks across a medium-sized card portfolio. This immediate impact drove rapid adoption, with five financial institutions onboarded within the first three months; each reporting similarly positive results.

Furthermore, we are continuing to ensure that our fraud prevention solutions continue to operate optimally in the payments landscape as it evolves. Beyond its technical effectiveness, G+D Netcetera also plays an active role in advancing payment security at an industry level. As EMVCo Technical Associates, we contribute to the development of global standards for secure digital transactions. This involvement ensures that solutions like the BIN Attack Score meet current regulatory and industry requirements, as well as helping shape best practices to address emerging fraud threats.
 

How does G+D Netcetera help future-proof banks against fraud?

A key part of future-proofing our solution is understanding where banks experience the most friction today, which we determine by working closely with risk and fraud experts to identify new fraud patterns and inefficiencies surrounding how fraud cases are handled internally. We anticipate changes in fraud patterns, and together with our customers, we shape our 3DS risk roadmap.

By improving case management capabilities, G+D Netcetera enables banks to capture richer insights from fraud investigations and feed that intelligence back into their risk management systems. In many cases, this reduces the need for time-consuming manual processes, such as analysts spending hours each week updating risk rules by hand. To support this, G+D Netcetera builds APIs that connect different risk and fraud systems; creating a more holistic defence against fraud across the customer journey.

We continuously evolve our machine-learning–based rules and risk models in close partnership with customers. Alongside this, G+D Netcetera actively experiments with emerging AI technologies; testing them in parallel before integrating them into the core solution. This allows the platform to evolve alongside new attack methods and helps banks stay ahead of fraud threats five to ten years into the future. Importantly, we recognise that a purely AI-based risk scorer is not always the most effective approach. Combining AI with proven machine-learning techniques delivers better performance, particularly by reducing false positives while maintaining strong fraud detection.

Rather than treating fraud as a standalone risk function, G+D Netcetera supports banks with a holistic fraud prevention model that combines real time transaction level protection, advanced risk scoring, and improved case management. By connecting fraud and risk systems through APIs and continuously evolving machine learning–based models in close collaboration with banks, institutions gain a more coordinated and sustainable defence across the full customer journey.

G+D Netcetera is a leading European software company with Swiss roots; delivering seamless user journeys within highly secure and privacy-driven environments, for the financial industry.

To learn more about its BIN Attack Score and 3-D Secure Issuer Service, please visit the website. You can also connect with Tanja on LinkedIn.