var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Funshine's Carding Course CH.1-5
#1
 
Chapter 1: PRELUDE

By reading through the HackTown fraud courses you'll join me on a journey as I dive deep into the realm of credit card and bank account fraud. The information and knowledge we've collectively obtained throughout all of our cybercriminal careers here at HackTown will be of great benefit to you when looking to learn the topics discussed. I've made my profits and are looking at creating something new with all the bullshit nonsense out there so time to pass the tradecraft down to the next.
What a fucking time to be alive. Enjoy!
This course has been written by me, Funshine. However, to ensure this course was up to date and relevant it has been collaborated on from individuals I know personally and professionally over quite a long period of time. I've had to re-write some things as language barriers can be an issue for everyone so this course is written in my writing style but co-authored by friends whom I know are successful and through my own experience. Moving forward when you're reading this the course will be a combination of that. If that makes any sense.
First off there is no one way of doing things. These courses are not the word of law when it comes to fraud but they are told from our perspective so if you have something to add, have a better way of explaining things, or anything you think that I don't know that pertains to the topics in these courses send me a god damn email and let me know what is WAT. That way we can keep it all updated for everyone to enjoy and cause a fuck show against companies. Fuck yes.
Looking back when I was starting out with fraud I probably spent roughly $3000 - 4000 USD on various items for my initial fraud operation including spending money on useless shit. To be honest most of that budget was blown on every "decent" fraud guide I came across within a (6) year period which ranged from $40 - $500 USD per guide and the ID printer I purchased wasn't cheap. I went through every carding guide that I purchased to determine if the information was valid, was I successful with what I learned, was the risk worth it, was there any information I was missing out on, and whether it was up to date.
When you gain experience in fraud and you look back on the guides you purchased you realize just how terrible they truly were and the people writing them didn't know fuck all just like you. The more experience in fraud I obtained the more I realized almost all of the guides I purchased were complete garbage and really didn't give me the confidence in what the fuck I was doing.
Maybe you've also purchased guides and realized the same but all these cybercriminal courses I'm releasing are as relevant as you'll ever come across with the experience behind them.
Trust me, this is what you've been looking for.
Everything at HackTown is up to date and relevant for you so don't spend any more money on useless shit until you've finished this course because it will save you a lot of money and headache this I can assure you. This course is written factual, from experience, from success, and with a story line vibe for helping you understand credit card fraud a little easier.
Make no mistake that you will need some sort of starting budget to get your fraud operation off the ground and running. A realistic budget is important because you're going to be purchasing things such as stolen credit card information, bank accounts, burner cell phones, credit card reading and writing equipment, printing equipment, embosser machines, VPNs, RDPs, socks, other equipment's, etc.
Just like any other business it takes some investment of your own money to get things going so if you're reading this right now thinking everything will be handed to you for free I want you to go out and buy an orange construction pylon, take pants and underwear off, spread ass cheeks and do a cannonball as if you were jumping into a pool right onto the pylon with DAT ASS.
Don't be so naive thinking everything in this world is free. Things in life are not free friends. Information is power don't you know?
I decided to take a fun journalistic approach when writing the fraud course series so you can learn how to commit fraud with modern day methods and tactics in an enjoyable way. Just like the HackTown hacking courses the fraud courses are designed in a way to get you up to date with proper information along with focusing efforts in order to be successful in 2020.
People should be wondering why am I releasing this information? Why do this? If I'm making millions of dollars cash bills money why even try to create a place like HackTown? I know some may doubt this but believe it or not I've made quite a large sum of money mostly in the hacking world but some with fraud and have been coasting for a long time. Any hacker that has been in the game in the past 5-10 years with RATs, ransomware, and infecting everyone and everything has made a significant amount of crypto you can trust that. Plus, while making BTC during the time it went through the roof in price was a fun ride. amirite?
Honestly the reason I'm quitting the fraud game is because of the fuck faces at ClearView AI. I'm an instore carder and have been since I realized online carding was too time consuming for the amounts I was profiting and just sick of my eBay accounts getting shut down lol. ClearView AI has completely spooked me because no doubt they have my face someone on a security footage and some fuck face cop is going to plug it into the big data machine and out comes my Facebook linked to me. Fucking awesome. See ya in 20 guys. You get what I mean so I'm retiring from my carding life given the nature in how I operate. This is my gift to people wanting to learn carding so fuck it. Enjoy this shit.


I'm looking at moving forward in my retirement and create a wicked side project and putting the information, knowledge, and my experience for people to learn from here at HackTown. This is not a hand out, but a hand up.
Truth be told most companies are actually getting more cyber secure while operating on the internet. Wow! No shit! Mother fuckers like us are getting a little out of control so this makes sense. The window of opportunity is closing so let's maximize this together! You don't have to go full tits out right away with carding but the amount of online fraud that happens is fucking mind blowing. Why miss the boat?

Also, before you unleash into the wild have a listen to podcast below.

I know what it was like to pay for bullshit guides, be scammed by vendors, come across misinformation, lose money to exit scam after exit scam, and just getting lost down the rabbit hole trying to find reputable people and knowledge. I was 12 too once but as an adult you know people are making money from fraud and you just want that knowledge too. It's fucking frustrating ya? Like where do I click to make a million dollars?! Well luckily you're here now. The reality is, as you'll come to learn, once you're at a certain level with hacking or fraud (intermediate ish level to superman level) you really don't need anyone else. Once people learn how to perform fraud, hacking, carding, etc. successfully they just vanish because they've figured it out, or at least think they've figured it out. It's just getting that knowledge can be tricky. HackTown is designed in a way to give you this knowledge you seek.
I've taken the time to do all the leg work for you and have put together this fraud guide series to rocket ship your knowledge ahead of the rest so you're in a position to make money. The year is 2020 and it's time to get up to date information and caught up with everything fraud related.
I hope you enjoy part one of the fraud courses and if you've read the HackTown hacking series then I know you will enjoy this. Stop wasting your time learning shit from 2011 so sit back, smoke crack, relax, and enjoy.
Part 1 of the HackTown fraud courses will focus on credit card fraud.
Before we begin please read the PDF below to get your level of knowledge surrounding fraud up to where it should be before you continue on with this course.



Welcome to the Carding course you fucking animals. And away we go...


Chapter 2: MINDSET AND REALITY

This chapter is meant to get you into the mindset of a carder and fraudster. Reading this chapter will help you succeed and make you understand fraud much better in order to commit it properly. Don't skip through this course and read through it chapter by chapter as it was designed to be read.


First things first. Don't aim for a 1,000,000 USD a year because that's fantasy land friends. When you're starting out in carding or hacking for profit you should be aiming for a few hundred dollars a month and then work your way up to a few thousand a month before aiming your sights bigger once you have a handle on the horse. This should be your goal when going through these courses at HackTown. Baby steps. You need to walk before you can run and understand what reality for you is. There's no point in reading a guide that talks about something that is way the fuck beyond your grasp or even possible for you. It would be awesome if I could find a guide that taught me how to build a jetpack and fly off to the fucking moon in no time too but that isn't fucking reality. Thinking like that all you're going to do is set yourself up for failure, in everything. Be realistic within your skill set and you'll have much success.
I realized that by purchasing other guides, going through the forums, talking with experienced members, and meeting my friend the harsh reality was I wasn't all of a sudden going to be making millions of dollars over night by reading one carding guide. I hate to burst your bubble but this is why most guides disappoint everyone. I realized fairly quickly with carding, as will you, that no one is going to reveal a profitable method on how to card or commit fraud. Think about it. Why would anyone release their methods on how they commit credit card fraud?! Would you? If they revealed their own method they would burn that method and stop making money. This is something you will not find, for obvious reasons.
Again, no one is going to tell you their private methods of carding. This should make sense to you and it's important to know this. Now with all that being said you don't need to know anyone else's carding methods. You really don't. What you need to know is the right information in order to develop your own method. I have included a chapter on how I found my methods that explains everything which will give you much insight into building your own private method. This carding course is the real deal comrades and will show you what is your reality should you choose to card until you go full tard.
Stop buying the other guides on "How to card $100,000, 6 Ferrai's, and 18 hats" for $7 on whatever bullshit dark market you're desperately looking on. It's fake and the creator of those shit guides want you to purchase a bullshit guide that's trash and doesn't work. Avoid this as it will just discourage you and play some fuckery in your mind. This is the only carding guide you require. Trust that my friends.
Each carder has their own methods on how to card successfully and each method will vary greatly depending on where you live in the world. It's impossible to create a carding guide that encompasses everything for everyone in the world but by finishing this carding course you'll have the knowledge, expertise, and experience needed in order to find your own method that works for you. To be honest finding a method when you have the right knowledge is not difficult by any means. Understanding how fraud works, how it's performed, and the logistics of it all is what you need to learn in order to be successful. It's really not that difficult once you have the right information but it will come down to whether you have the balls to commit it and pull it off.
The advice I was given when I started in 2014 and the advice I'm going to give you is don't try learning how to commit fraud in countries that you don't reside in or aren't familiar with at first. There are too many financial institutions in the world and each financial institution has different anti-fraud protections in place. This is silly. The best way to understand and perform fraud successfully is to make it relevant to your life and what you know.
Want to know how to open up a bank account that can be used for your fraud life? Walk into the bank you want a fake account in and open an account with your real identity and close it a week later or just fucking forget about it. By going through the process of opening a new bank account you'll see exactly what will be required in order to open up a fake bank account. Did they ask for ID? Did they ask for letter of employment? Did they need an address to send your credit/debit card to? What tools and equipment are you going to need in order to open a fake bank account? Understand yes? Think like this.
In order to be successful in carding, or any fraud for that matter, you need to know the ins and outs of what you're doing. Obviously. So let's get into this.
Grab your purse and take out your OWN credit card and look at it. Just imagine your credit card was stolen and you're the thief that took it. You have the physical card in your possession thus you have the credit card (CC) information you'll be needing to attempt an online purchase and potentially an in store purchase. Since it's your own CC you obviously know your home address and the details required to proceed with the checkout. With that information you can, in theory, use that card to make an online purchase. This is the mindset. Before you commit fraud think of how you make the purchase legitimately and the logistics required to make the purchase. You want to become the card holder and appear to make a legitimate purchase.
Everything you see on your CC is what you're going to need to commit online fraud. Got it? We need type of card (VISA, Mastercard, etc.), CC number, CC expiry date, card verification value (CVV/CVV2), and the name on the card. With these details we can now attempt to card.
The part you don't know, yet, is how to card with success. If you're logging into a website over Tor and using a stolen credit card to make an online purchase. Guess what? That shit isn't going to work. Of course not. If someone has your CC details and they attempt to make a purchase from Nigeria it's not going to go through. This shouldn't surprise you. The point is, even though you have the proper details (your CC information) to make an online purchase you need to know how to make that purchase fraudulently.
Want to know how to make a CC fraud purchase? A good start as a beginner is testing everything on yourself first. If I'm writing malware I first test it out on myself to make sure it's going to function to my liking so why not everything else?
Here's what I mean by test it on yourself. I have my own credit card so I have the CC details and I know the address and name on the card because the card is mine. I drive over to the next town, find a coffee shop, connect to their Wi-Fi network, load up a fresh Ubuntu virtual machine, connect to the website with Firefox, and try to make a purchase online with my own credit card to see what happens. Did it go through? Did it matter I was using a VM? Does it matter if I'm making a purchase from a different location then my address on the CC? Did I get an email of text from my financial institution about the purchase? See what happens when you do this. This will give you much insight on what you'll need to perform carding successfully and by doing these "tests" you're not doing anything illegal. Make a simple online purchase from XYZ website to see what's what.
Now re-do all the above when you're using a VPN from the same geolocation as you. Do it again using a VPN in a different geolocation then you and finally try it over Tor. If you get a phone call from your CC provider just say you're using a VPN or proxy service to make the purchase online. The conversation will be informative and interesting but remember you're not doing anything wrong. You're simply using a VPN/RDP or Tor to make a purchase with your own credit card online. This is not fraud. This is fine. Most important, you'll know what will go through and what will cause issues.
I'm not saying commit credit card fraud against yourself I'm simply stating for you to make a legitimate purchase online with your CC with different variations of your setup to see what gets flagged, declined, or accepted in order to solidify what you'll need to be most successful. Will using a VPN cause more suspicion than an open Wi-Fi network at a coffee shop? Do you even need a VPN? If so, does it need to be close to the card holders address? If you choose not to test this on yourself I hope you understand my point of doing this and get what I'm trying to show you. This is very valuable. Trying things on yourself will give you great insight into what you'll need to replicate to be successful with whatever fraud you're trying to pull off. More importantly, like I said we all know something different and think differently, maybe you know of a store in your town/city if you were to card one of their items you can sell it for high value or use it. Testing a small legitimate purchase first with various setups is a good way to see what works and what doesn't work real quick, and legally.
Once you know the "proper" process of how something works then you'll know what's needed to card successfully which will help you develop your own carding method. This is why you don't need other people's carding methods because knowing how something works will give you the knowledge to card like a boss using your own method. You think everyone is just copying each other's methods?! Of course not. We, just like you will, create our own.

To make a purchase with a stolen card you will require:

[*]
  • Credit Card (CC) including name, CC number, CC expiry date, CC provider, and CVV number.

[*]
  • Name and address of the card holder.

[*]
  • Connecting from an IP close to the card holders address (this depends but we'll get into it).

[*]
  • Connecting from an IP that isn't blacklisted or flagged as malicious

[*]
  • Using a "normal" operating system with a normal web browser to make the online purchase.

[*]
  • Think about the process needed in order to be successful.

[*]
  • The ability to clone a credit card
[*]
  • Social engineering abilities and social skills

[*]
Chapter 3: Antifraud knowledge

You should be well aware there are anti-fraud policies, procedures, and mechanisms in place within every company designed to prevent theft and online fraud. There are a lot of things happening behind the scenes trying to prevent people like us from making money the way we do. It's so out of control though that most companies understand fraud is now a cost of doing business as their profits exceed their losses so fraud is somewhat of an acceptable risk. Businesses can't fully stop people from carding because it would actually hinder real customers from making an online purchase from their website so it's a fine line companies must walk when designing their anti-fraud policies that allow the purchase and checkout to be user friendly yet stop fraud from occurring. The harder it is for people to navigate and make a purchase from a website the more inclined those customers are to go somewhere else where it's easier to checkout. The more you increase security the less user friendly it all becomes. This goes for everything really.
No company wants any of their customers upset because their credit card is always being declined when they're trying to make an online purchase. Anti-Fraud mechanisms can be viewed as a firewall on a computer. The firewall has to let some things in and out but will block anything suspicious or if it's setup to do so. We just need to find those holes that allow us to be successful.
Not all merchants today have the same anti-fraud protections in place and each website will have different anti-fraud protections with various different setups. Some businesses will process every transaction that comes their way while others have advanced fraud prevention in place which will scrutinize each transaction. Let's take a look at some well-known anti-fraud protections out there currently so you have an understanding of what you're up against when you're carding like a maniac.

Europay, Mastercard and Visa (EMV) Credit Cards

This is commonly referred to as CHIP and PIN credit cards. When you're making a purchase with these types of credit cards you must insert the CC into the Point-of-Sale (POS) machine (the machine you stick your CC into) and enter your PIN to complete the purchase. These CCs usually have the "Tap" feature as well for purchases that are <$100.
Using these types of credit cards is the standard that most merchants have been accepting since 2015. In fact, some countries have made CHIP and PIN mandatory across all merchants. If there is a fraudulent purchase and it turns out the merchant was not using a CHIP and PIN POS machine when doing the transaction the merchants are indeed liable for the loss.












Fraud Score

Picture every online transaction is assigned a fraud score number automatically through algorithms by computers in order to determine if an online purchase is of high risk for fraud. For arguments sake let's say this level is between 0 - 100 and is based on many factors that you'll be learning about in this chapter.
So, if a transaction has a fraud score of say 50 this will trigger a manual review within the CC issuer which an agent (a real person) will review and decide to deny or allow the purchase. Some factors will include contacting the card holder, comparing spending data, location of purchase, amount, risk assessment, etc. whereas higher fraud scores will simply get the transactions automatically declined. Makes sense, right? Don't need to pay an employee to review a CC purchase coming from Pakistan when the card holder lives in Maine and has never bought anything outside of USA in their whole purchasing history with that credit card company. A red flag wouldn't you agree? Algorithms detect all this shit going through each client's spending data, online shopping habit's, purchase amounts, etc. Don't under estimate big data people. Having a transaction manually reviewed from an employee is slowly becoming a thing of the past.
If you carded a $40 USD item from some low-level company website compared to carding a $1000 USD item from Amazon these will have a different fraud score. Forget about carding Amazon as too many people already have accounts there already and by-passing Amazon Anti-Fraud measures requires access to the CC holder's email. The point to take away is if the cardholder rarely makes any online purchases and only uses their CC for filling their cars with petrol and you make an online purchase from Apple for an iMac it's not going to work. The CC holder spending habits and online behaviors are factors as well but people seem to forget what's happening in the background with these companies.
Some people talk about "testing" the CC before using it to ensure it's valid and working. I found using the CC checkers out there along with some of my own methods I wasn't sure if it affected success or contributed to failure. Issuing banks are well aware of the fraud tactics used today and aren't fully retarded. They can detect a "testing" on a CC from their bank like if a small purchase of $1.50 is made from one place and then (5) minutes later a larger purchase is done somewhere else this is a classic sign of fraudsters "testing" to see if the stolen credit card just purchased is valid and works. I don't recommend this. Just assume the CC is valid that you've purchased because you know the source where you bought from is legitimate which is in Chapter 7.
By connecting to a website from an IP that is associated with malicious behaviour in the past will increase your fraud score on the website or from the financial institution and will contribute to getting your transaction declined and the card burned.
This makes sense yes? If you're connecting to a website you plan on carding on from your RDP but the IP of the RDP you're connecting from is associated to evilness then it's safe to say your efforts won't be successful. The companies can see that you're connecting to their website from a VPN, Tor exit node, or other IP addresses which they deem suspicious and malicious. Other hackers have been up to no good too from the socks, RDP, or Tor exit node you use and some IP's are flagged as malicious by numerous cyber security companies (Big names) that share this data to protect their customers against fuck faces like us. Understand that when you connect to a website you're revealing a lot about your browser, location, extensions, configurations, etc. that will be used against you in anti-fraud mechanisms.
Some items that contribute to a higher fraud score when making an online purchase are:

[*]Is the customer using services identified as a VPN or blacklisted IPs.
[*]Are the shipping and billing countries different?
[*]Is the order being shipped to Pakistan or Nigeria type countries far from card holder location.
[*]Is the BIN from a different country than the IP address used to order?
[*]Is the shipping address an identified mail forwarding company?
[*]Is the IP address from proxy or socks?
[*]Is the e-mail address from a free provider like Yahoo, Yandex, or Hotmail.

Remember, it's important to understand certain transactions get flagged for certain things. To hammer this point home let's review it again.

YELLOW ALERTS

[*]Is the user ordering from a free e-mail address?
[*]Does the customer phone number match the user’s billing location?
[*]Does the BIN number from the card match the country the user states they are in?
[*]Does the user’s inputted name for the bank match the database for that BIN?
[*]Does the customer service phone number given by the user match the database for that BIN?

RED ALERTS

[*]Does the country that the user is ordering from match where they state they are ordering from?
[*]Is the user ordering from one of the designated high risk countries?
[*]What is the likelihood that the user is utilizing an anonymous proxy?
[*]Is the user ordering from an e-mail address that has been used for fraudulent orders?
[*]Is the user utilizing a username or password used previously for fraud?
[*]Is the user specifying a known drop shipping address

You want to be a normal customer and appear like the actual card holder when making an online purchase which can reduce your fraud score once you have an understanding of what will trigger it.


IP Geo-Location

I think everyone knows about IP geo-location and if you don't you really need to understand this. You can't just go and buy CCs without knowing the card holders name or address (this actually depends) because when you're making an online purchase with a stolen credit card you must be connecting from as close as you can to the legitimate card holder's address to make success more. Just like we talked about before you're not making a purchase from Nigeria if the card holder resides in New York City and has never made an international purchase like it before. It's going to get declined and you're going to burn that card.
If you're attempting make an online purchase but connecting nowhere near the card holders address or location this can contribute to getting the CC you bought burned and rendered useless. This is an important thing to know!
Depending on whether you're using a laptop or mobile device will dictate whether you'll require a Remote Desktop Protocol (RDP)/socks location, Virtual Private Network (VPN) location, or burner cell phone that is as close to the card holders address as possible for best success. You want to tunnel all of your web traffic to appear to the website and credit card company to be coming from the CC holder location making sure whatever location the RDP, VPN, socks, or mobile is the same. You should be buying CC details with the card holders address and you would select the location of your RDP/socks to be as close to the location as the card holder as possible.
If you want to make meaningful money with carding you need to put yourself in the card holder shoes so you know what's going to be required in order to be successful with decent sized purchases. Making a purchase from the location the card holder resides in will increase your chance of success and decrease your fraud level score with whatever website you're carding on.


Web Browser Fingerprinting

You want to be using normal web browsers when browsing the website you plan on carding and may want the ability to change the User-Agent string of the web browser when visiting the website you plan on carding on. You can use Windows 7 or 10 in a VM freshly installed each time. A good idea is to always use a "New Private Window" when visiting the target you're going to be carding and changing the User-Agent to that of a Windows, macOS, or mobile device if you're using Linux before connecting to the website. Most customers are Linux users. Blend in with the herd.
There are so many different User-Agent add-ons for every browser out there so if you're comfortable with Firefox, Safari, etc. then just research which User-Agent add-on you'll need. You can learn how to do this under the "Equipment Needed" in Chapter 7.
Also, it's important to note that if the CC holder has already used that card on amazon or whatever website you're carding on their web browser would have already been finger printed so when you try and use the User-Agent changer and connect to the website it will know a different web browser is logging on and will notify the users account of the change with an email of some sort preventing you from accessing. Many different things at play which is why you avoid big name companies because we assume everyone has already signed up for Amazon already. We want smaller sites.

Web browsing habits

It's safe to say the websites you're visiting are tracking, analysing, and assessing your movements when on the website for a variety of different reasons such as marketing, product placement, product improvement, and also to prevent fraudulent purchases. Most eCommerce websites track how long you were browsing the website for, which pages you went to, which pages you stayed on the longest, and what products you were most interested in.
There are some websites that will deem a purchase to be suspicious if that person spent a whole 30 seconds on it before making a $8000 USD purchase. This appears a little odd considering you didn't spend time on the website and instead just went right away with committing fraud against the website in question. Think like the card holder...Would a normal user make a purchase so quickly? Wouldn't they spend time first viewing the items before making a purchase?
You want to become the card holder and as such everything about them including normal browsing habits. Act like a human and not a bot.



Card holder purchasing habits

Financial institutions have learned from people committing credit card fraud against them over the years and have implemented various anti-fraud techniques to combat credit card fraud. They've learned how people commit fraud against them and begin to develop methods to counter this. They do this by learning the CC holder's purchasing behaviours. By knowing the card holders purchasing habit's and the websites they purchase from financial institutions can detect fraud fairly quickly and prevent the transaction from going through pretty easily.
For example, the CC you just purchased from the Empire (they're shutdown now) or White House marketplace is valid but the CC holder only uses that CC to make specific online purchases so when you go off to card $500 USD worth of dildos it's flagged as suspicious and the transaction declined with the credit card being put on hold until the owner can confirm or deny this purchase. The card holder never makes a purchase like the one you're trying to card which results in the CC being burned. Understand?
Another example is if the card holder only uses that credit card to buy gas or groceries and you're attempting to purchase something that isn't normal for that specific card holder then expect the transaction to be cancelled and the CC flagged. This is important to understand as just because you have the right CC to make the purchase doesn't mean you have the same purchasing habits as the CC holder to make that purchase successfully.
This also goes for how often the CC is used. If the card holder hasn't used the CC in the past little while and now you're carding some website that's unusual for that card holder this will get it flagged as suspicious contributing to your failure.
same goes for if the card holder has historically made only small purchases with their CC and now you're trying to card a large purchase which is larger than the card holder has ever made before with that CC guess what? You got it. The transaction will most likely fail and the CC will be burned.
When you're assuming the card holder you're not just assuming their identity with a CC, geolocation, and address but you're assuming their whole purchasing behaviours online. Of course this is difficult for you to know about since you wouldn't know the card holders purchase history at all. Tricky things you see?


Address Verification System (AVS)

AVS is an anti-fraud system that's used by many merchants to ensure that the billing address is correct and matches the card holders address. AVS works usually by comparing the numerical part of the address (address and zip/postal code) against the address on file with the CC issuer or bank to make sure it's accurate. In my experience when I've made legitimate purchases online with my own CC I've mis-spelled my own street name but put the correct number of my address and zip/postal code and it went through. For the most part just assume AVS will automatic decline the transaction if the AVS does not fully match.
You want to enter the right address of the card holder when asked for it when making an online purchase. Entering the wrong information, depending on the website, will get the CC flagged and the transaction declined.
Also, if you're entering a different shipping address then the card holders address this will raise your fraud score and may get the transaction flagged especially if this is the first time the "card holder" is making a purchase from the website in question. Make sense? Picture it from the website or company point of view. OK? A new customer has just made a relatively large purchase and wants the product shipped somewhere that's different then the card holders address. By allowing anyone just to show up, make a purchase, and have it sent somewhere else has an increased risk of fraud occurring. Right? This is common sense shit and eCommerce websites aren't as retarded as they once were. That being said there are ways to have the item shipped to a different location than the CC holder's address that will appear "normal" and low risk to the merchant you'll learn in Chapter 8.
Furthermore, depending on what location or country you're trying to get the carded item shipped will also contribute to getting the transaction declined. Again, if the card holder lives in Texas and you're carding an item to Iceland things probably aren't going to work out the way you want them to all the time now are they?


3DSecure, Verified By VISA (VBV) and SecureCode

Alright this really is one of the most important Anti-Fraud measures in place and probably will be the majority of what you're going to encounter in 2020. Much problems for beginner carders out there but very important to know.
3DSecure is a XML type protocol which is sent across the internet over encrypted SSL channels which was designed to add an additional layer of security for online debit and credit card purchases. Every company defines this 3DSecure shit as something different such as VISA has Verified By VISA (VBV), Mastercard as SecureCode, Discover as ProtectBuy, and so on.
For the remainder of this course we'll just refer to the common name of "VBV" when talking about this shit because it's all the same really. It's safe to say all major online retailers would have VBV since 2010 ish which is why you want to avoid larger companies and find those non-VBV sites. They're out there you just have to find them
This section on VBV is fairly long but goes into much detail about VBV so please read it all the way through so you have an understanding of what the fuck is happening when you're presented with a VBV window trying to check out with a stolen CC.
VBV is an opt-in service for both ends of a transaction being the customer and merchant but can be put onto most card holders these days. It will be on transactions involving the cardholder and merchant who have opted-in to the service but you should assume making any decent sized purchase you'll encounter VBV as this is getting put on to more and more merchants to assist with combating credit card fraud online.
When you're making an online purchase if the transaction has a high fraud score level determined by the bank/website you will get re-directed to a VBV page to confirm the transaction. VBV will ask for additional password information from the customer or will attempt to confirm past previous purchases of that CC. Trickier shit yes? Card holders may register and sign up for VBV (sometimes the first time they are presented with a VBV window they're asked to sign up) in which they have to identify with an extra password or some sort of code.
Common VBV questions asked include:

[*]Date Of Birth
[*]Last (4) digits of card holder SSN.
[*]Full name on card.
[*]Billing zip or postal code.
[*]Certain characters of their password request (4th character of their password that was setup when enrolling in VBV, etc.).

Non VBV credit cards only have one level of protection which is your CC, CVV/CVV2 number, and expiry date whereas VBV adds another layer of protection with an extra password/authentication method. Every time you make a purchase with VBV present the transaction will display a different pop-up window which usually consists of questions to prove you are indeed the actual card holder. The screenshots below are from different VBV windows that are prompted when trying to complete a purchase.



[*][img]anonfiles.com/k2i839oazf/1fraud_png[/img] [img]anonfiles.com/hdi330odz0/2fraud_png[/img] [img]anonfiles.com/g4i13bocz4/3fraud_png[/img] [img]anonfiles.com/cai13eo5zc/4fraud_png[/img] [img]anonfiles.com/ici437oez1/5fraud_png[/img] [img]anonfiles.com/j5i331obza/6fraud_png[/img] [img]anonfiles.com/d8if3ao6z4/7fraud_png[/img] [img]anonfiles.com/f1if32o4z9/8fraud_png[/img]

Each financial institution displays their VBV window a little differently to customers but typically the end result requires a password which is tied directly to the CC. The VBV password that is created by the card holder is known as the personal assurance message (PAM) but you could be asked for email, fourth character in your password set, mother's maiden name, etc. Whatever the extra password field they're asking for will be directly related to the card holder. Since this VBV window may be different from provider to provider this tends to make it easier from a phishing campaign perspective since it's not standard.
Too many popups can be confusing to people which can lead to a phishers wet dream so the financial institutions started to implement the VBV within an iframe in the HTML source on the merchant's site. Doing this within an iframe makes it quite difficult for any customer to verify that the VBV window is genuine at all. Do you know what an iframe even is? This is basic HTML shit but let's take a second to explain it.
In a nutshell an iframe is just a HTML document embedded within a HTML document. Just picture it like a website within a website. You know when you go to a website and you get all those fucking ads displaying all over the god damn place? Those ads are most likely iframes that contain content from another source on the web page. Many iframes can contain an entire webpage which advertisers include tracking code within that iframe that will help them with data collection for the advertiser and publisher. YouTube videos, Google Maps, and similar windows that are on a webpage are often just an embedded iframe within the webpage.
Important to note that VBV presents a whole set of different problems when people are making purchases from their mobile devices online. This is because most websites aren't designed for mobile devices and tend to render the VBV window incorrectly for the device failing to display the VBV window properly. Mobile carding as of now I find easier than traditional online carding. Moving along...
The problem for cardholders is trying to figure out if the VBV pop-up windows or iframe windows are really from the card issuer and whether it's legitimate. Customers have no way of fucking knowing if that VBV pop-up window is a fraudulent website attempting to phish their credentials or whether it's actually legitimate. These VBV windows don't have any security certificates or way of letting the customers know whether they're legit or not. Classic.
As you can imagine those factors can lead for customers being vulnerable to phishing and other attacks from fuckers like you and me. Mostly from you That all being said the VBV protocol recommends the bank's verification page to be loaded after the transaction to assist with the customer feeling that indeed the VBV pop-up window was legit. Sometimes this happens sometimes it does not.
VBV has evolved significantly and it's fairly common now for a one time password to be sent by SMS text message to the customers mobile phone or sent to a separate email for authentication in order to confirm the purchase is legit. In my experience this is more common in the USA and Canada.
Thousands of online merchants have enrolled in VBV with the intent of adding an extra layer of protection to make shopping online safer for their customers. Ok let's get into some of the process of how the VBV system works behind the scenes so you have a full understanding of what's happening.
This additional VBV security check is based on a 3-domain model (hence 3DSecure - 3 domain Secure). The 3 domains are:

[*]The acquirer domain - This is the bank and merchant to where the money is being paid.
[*]The issuer domain - This is the bank which issued the CC being used.
[*]The interoperability domain - This is the infrastructure provided for VBV. It includes the merchants plug-in for those VBV windows, access control servers, and other third party software providers.

The advantage for merchants implementing VBV is reducing the number of unauthorized and fraudulent transactions on their websites. Make no mistake VBV was designed solely to protect the financial institutions and not the actual card holder as it doesn't offer any more additional protection to the customers since the extra questions being asked can easily be phished as well. VBV gives the banks the ability to claim that a transaction was made by the card holder because they were able to supply their PAM and thus no fraudulent transactions should take place.
We all think that performing carding or any type of fraud is only hurting the banks and other financial institutions but this is not the case. Most financial institutions will attempt to shift the blame onto the card holder if they're able to do so. For example, if there is CC fraud and the bank calls the card holder and the card holder admits they clicked on a link within their email that resulted in their CC details being stolen the blame will be put onto the card holder. This does vary but depending on the conversation with the card holder and the financial institution supplying the cards will dictate what occurs here. Do not think banks are always on the hook for the losses because they are not. VBV and other policies attempt to shift the blame of fraudulent activity onto the people and away from the banks. They claim is protects merchants from CC fraud. Sure but what about the people?
Most major websites and companies will most likely have VBV enabled and will have the customer confirm the transaction through SMS text message or confirm via email. VBV popups in my experience in US/Canada weren't that common. This is why selecting the website you'll be carding on is important and understanding why targeting smaller companies is where your efforts should be focused.
VBV is a funny thing though since the CC and CVV number are no longer considered secure yet it's difficult to see how the CC, CVV number, and VBV login would be any more secure since all these details can be phished just as easily as phishing the CC, CVV, and expiry date but what the fuck do I know.
One final thing. There are times when you'll make an online purchase and the VBV window will pop-up but just present you with a spinning wheel in the middle of it and isn't asking for any other password before confirming the purchase. When you see this the card issuer is performing various fraud checks on the online purchase you just made and will determine whether to ask for the PAM, other details, or just let the transaction through. When you see this wheel pray to the carder gods and wait for it to determine if you're fucked or good to go.



null

Are you starting to see what's happening? You should begin to understand there are many reasons as to why your carding efforts will fail since there are many things in place to prevent this type of fraud from happening. We've only talked about the major anti-fraud protections that are in place but the reality is no one is %100 sure on what is happening behind the scenes besides VBV. It's important to note then when you're having trouble carding the things talked about in this chapter will contribute to your transaction being flagged as fraudulent. When you're starting out with carding you're going to have a lot of failures but hopefully by completing this course you can limit those significantly with the new information you've learned at HackTown. Remember, carding is trial and error and much like gambling when trying to be successful until you find that groove and method that works for you.
I've been carding for quite some time and consider myself to be more experienced than the average bear and guess what? I still get cards declined online. All the time. There are so many things happening in the background that vary from bank to bank that will get your cards declined and you'll literally never know or understand why it got declined because you did everything right. What you don't release is the day you went to use the stolen CC that morning the bank was notified of the breach of certain cards and deactivated the one you just bought. You don't know this at all because how could you? How could anyone? I'm just putting this here so you know the reality of carding successfully because you're going to have a lot of failures when you're starting out until you begin to fine tune your own methods and maximize your successes.
Truth be told if you carding using a mobile device you're able to bypass a lot of these Anti-Fraud measures with ease and don't require RDP, socks, VPN, etc. which we'll get more into by the end of Chapter 6.

In this chapter you've learned:

[*]You need to appear to be as the legitimate card holder as much as possible
[*]It's best to connect from an IP that is as close to the card holders address.
[*]Using proper browsing habits to appear as a human making a normal purchase.
[*]The IP you're connecting from is associated to an IP score that determines if the IP has been linked to anything malicious in the past.
[*]The card holders purchasing history will affect your ability to card successfully.
[*]VBV is like 2FA for credit cards.

[*]Chapter 4: Why CC's are for sale
When I first started out with credit card fraud I would always think to myself why the fuck are these people selling stolen credit card information and not using it for themselves?! Well it came pretty clear once I started working in and out of different hacker circles and hearing their inputs on the matter.
People specialize in different things, and that goes for criminals too.



Some hackers are able to compromise a website and instead of defacing the website with some Iranian political bullshit they install a JavaScript Skimmer to the checkout portion of the website and capture a fuck ton of CCs.








Today people are still installing physical skimmers on various Point-Of-Sale (POS) devices all over the world from Gas stations, stores, and whatever else they can get their paws on. However, as you read from the articles above the modern age is here and most groups selling these CCs have installed JS skimmers to gleam their information for sale. If you're wanting to learn a little more about JS skimmers check out the article below


The point is once you start to get an absurd amount of CCs in your possession it's just too many to manage so most people branch out and begin to sell them to others to make a little more money. There's nothing wrong with doing that but when you're purchasing stolen credit cards you want to get fresh data and make the right connections with the sellers.
All hackers and fraudsters have their hands in so many honey jars trying to make the most money. A hacker who compromises a company and steals 5,000 credit card numbers doesn't have the time or desire to use them all. At the same time, there are organized groups who specialize in buying stolen credit cards and making money from them but lack the skills to hack a company to get their own. It's really just a beautiful supply chain just like any other business has.
Also, people live in different places all over the world so if I've hacked a company in the US and have a bunch of American credit cards I can't really use them in my area so I might opt to sell them instead.
Everyone is selling whatever they're able to in order to maximize their income. It's much easier to sell the stolen credit card data you have at a fixed amount and move onto your next hack then it is to use them yourself.
It all depends on where you are in the supply chain which will dictate what you do with that type of data but most opt to sell. When buying CCs you want to purchase them from reputable places and people. Once you've purchase them you should use them ASAP. Do not buy them and sit on them for weeks.
Having a proper source for your CC's is obviously crucial to success. That being said once you start purchasing stolen credit cards you soon realize you're at the mercy of the sellers. Are the CCs fresh? Are they already used? How the fuck do you know?
This is why it&pos;s important to develop a plan to rely on yourself and getting your own CCs. When I started out I was getting them from another hacker friend of mine and realized it was difficult to rely on randoms that the information you're purchasing is valid and usable. Nothing more fucking annoying then purchasing CCs and going to use them but nothing is working. Fucking failure mans. It's part of the Carding game we all know and love (hate).
As you're going to learn it's better to learn how to obtain your own CCs. Even if you're obtaining 1-2 CCs a week that's all you really need. As you begin to master your own techniques obtaining CCs you don't need to go fucking nuts and collected a billion of them. In fact, you don't need that many to keep yourself going and raining in profits.
What's better? Purchasing 20 stolen CCs that you have no clue how they were obtained, are they already burned, or the many other reasons why we fail OR taking the time to obtain 3-5 CCs a week/month and running solo? How do you want to operate is the question?
For me I realized I want to rely on myself and myself only. When I wanted more CCs I would launch my CC collecting operation and be the fuck on my way. This is what I recommend to you but you do whatever you think is best for yourself and your operations.
Tested and reputable CC sellers can be found in The Armory. If you're wanting to learn how to obtain your own CCs and keep your operations humming along running solo than Chapter 7 is what you're looking for.

Click to Read - The state of CC business

[*]Chapter 5: We All Fail
There are so many reasons as to why your carding efforts are failing. In fact by the time I started making some money in carding I realized that this wasn't for me. I was sick of getting transactions declined, spending money on CCs, obtaining my own CCs, waiting for packages, finding buyers for the stolen goods, and all that shit. It was tedious and the amount of time I was spending on learning and profiting from it all wasn't worth it to me. Failure is part of the Carding game and make no mistake failure will always be there. Even for the professionals.
Let's touch on some of the common reasons why Carders fail.
There are multiple reasons why your CC is being declined from being the purchase you're trying to make is too high for the card, the CC is alreayd burned, the CC you just bought was sold 1000 times to others, fake CC information, scammed, en-coding error when cloning CCs, the cardholder used their card an hour ago and then you just tried to use their card half way across the country getting it burned to fuck.
If you're using a stolen credit card don't go overboard and start carding multiple websites or places at the same time with the same card. Pick the target and use the CC once and move on but make sure the purchase is worth it for you. There's no point of carding like a fucking maniac when all your orders haven't shipped because you'll just end up burning the CC. Making an order go through and having it get approved is sometimes the easy part whereas getting the item shipped to where you want it to be delivered can be a whole other problem.
Credit card companies user their own proprietary technologies that look for anomalies in card holder's spending habits and online behaviours. These companies might be using 100+ data points to determining the likelihood that the transaction is fraudulent or not. If everything doesn't add up on their end then your shit will be declined, CC holder contacted from their financial institution, and CC burned.
Everything you've learned about in Chapter 3 will contribute to your failures plus the fact that you have no idea the CC information you're purchasing is even valid or has recently been obtained. Right? Unless you're obtaining your own CCs you're relying on others to sell you proper information. Which may be fresh stolen CCs or old as fuck from last year trash ones. Just like drugs the better quality is closer to the top of the supply chain. Move up the ladder brothers and sisters and push yourself to learn how to obtain your own CCs then rely on others. Always!.
You're going to want to refer to Chapter 3 regarding all the anti-fraud mechanisms in place as you should be aware there are so many reasons why your CCs aren't working or being burned. Without knowing truly the ins and outs of what you're trying to card you can associate failures to one, if not all, of those anti-fraud mechanisms talked about.
Remember, everyone wants to say they have a great supplier of CCs but unless you're obtaining them yourself you truly don't know if the vendor you're buying from is re-selling the cards, are the CCs fresh, has the organization where the Vendor is getting the CCs from been notified of a breach and is now going through each customer to notify them to cancel their cards?!
It's all good when you're buying stolen CCs but if you're buying them from a breach that happened a year ago then you're not going to be successful. CC supplier's matter.
Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  Where is the money being made? Is Swiping/Carding really dead? moneymadecards 2 63 06-13-2023, 01:32 PM
Last Post: moneymadecards
  Fast and Easy Carding and Fraud Money Pilgrimatepie 0 54 06-13-2023, 04:15 AM
Last Post: Pilgrimatepie
  Using Tails OS for Carding anonchronical2 8 251 06-04-2023, 11:53 AM
Last Post: L!0N_THREAT
  Bank Fraud & carding Timboo 2 102 06-02-2023, 09:24 PM
Last Post: Timboo
CARDING NOOB Hephaestus 0 187 05-20-2023, 08:33 AM
Last Post: Hephaestus



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }