Print this Page

Brute Force Attacks


Brute Force Attacks

Recently, a small percentage of our debit cards have been subjected to brute force attacks. This issue is affecting multiple institutions. Our fraud monitoring system is doing its job and flagging these attempts, preventing any fraudulent activity from occurring.


As a precaution, we temporarily blocked a selected group of retailers from accepting our debit cards until this situation is resolved. 


It is important to note that your account and personal information have not been compromised, please know that MIT Federal Credit Union is working hard to keep your financial information secure. If you have questions about brute force attacks, please read the FAQs below or call us during regular business hours at (617) 253-2854 to speak with a representative. 


Brute Force FAQs


What is a brute force attack?

Brute force attacks are typically small fraudulent transactions, often under $1.00, where the attacker will keep running different card numbers until it is approved. Most of these attempts are flagged as fraudulent and are declined before posting to the account. The fraudsters do not have the cardholder’s name, phone number, address, or PIN. They start with one random card number and keep incrementing the card numbers, looking for a match based on the guesses. The fraudsters perform a flood of thousands of random attempts, looking for just one success. 


Why am I getting a text, email, or phone call about possible fraud?

Our automated fraud monitoring system sees the suspicious attempts, blocks the fraudulent transaction, and follows up with an automated text, email or call to the cardholder to ensure it is not a legitimate transaction. This means that our automated fraud monitoring system has done its job of preventing fraudulent activity from occurring. It is not very likely the fraudsters will try again on that card once the transaction has been blocked, and they will probably move on to guess other card numbers looking for a successful match. Your information has not been compromised, but you may decide to close your existing debit card and request a new one for peace of mind. It is very important to keep your contact information up to date, if you need to update your contact information you can do so through your online banking account under 'Secure Forms'. 


Do I need to file a fraud report with MIT FCU?

No, not unless fraud was posted to your account. If all the attempts of fraud were blocked, no action is needed. 


Is a brute force attack a card compromise?

No. The card numbers in the attacks were not obtained from a compromise, and the fraudsters are simply guessing card numbers and the card expiration dates. If a fraudulent transaction did post to your account, please contact MIT FCU to replace your debit card to avoid further fraud attempts. Otherwise, if you have not seen any fraudulent transaction attempts, there is little risk for you to keep that same card.


What happens when there is a successful fraud transaction hit?

When the fraudsters get a successful hit on a debit card, they try to use that card information to make large internet purchases before the credit union and the account owner notices the activity. Thankfully, our processor has blocked virtually all the “successful hits” from performing any big dollar fraud resulting from these brute-force attacks. 


« Return to "Fraud Information" Go to main navigation