holla, fuckers!
Great thing you got here, on this forum. I have been reading the forum up and down for a few weeks or so now. Just created new account because shit here got me paranoid https://txgate.io/images/smilies/fuck.gif
I was making a living from e-commerce for 5 years now, shopify, dropshipping, ali, fb ads, etsy, affiliate, t shirts, that kind of shit.
While I was setting up my burner laptop with vpn and sock5, it crossed my mind to ask this precious community about any ides how I can pull of carding with my online stores? It would be great to "buy" stuff from "myself" and don't send anything to the "buyer" lol, you know what I mean :*
Can I compromise my legit shop with 2-3 orders a day?
What would 2checkout do about this?
Anyhow, I am from Serbia, if there's somebody willing to share some shit with me, or to make partnership, shoot me a PM.||
Stay healthy!
</img>

once the chargebacks hit you're losing that money and your account.

I thought so... Right now I am brainstorming ideas to make something out of it.
I am also thinking about buying expensive digital goods which can help my business, any insights on carding digital files, tutorials etc. which doesn't require shipping?
Just a crazy thought
</br></br></br></br>

It's called setting up a Merchant Account and processing payments using it. The process entails you stealing an identity, opening up a merchant account with it, using your bank drop as the deposit account, processing transactions until account closure. And then you rinse and repeat. This is the general layout of the plan. Now you have to do a lot of research to figure out how to execute this, but it is nearly as common as carding a store.

Carding digital items can be very profitable and will also eliminate the issue of chargebacks linking to your account, but be aware that due to the high fraud risk, they are usually much more difficult to card successfully. The best advice I can give you is focus on things such as PDF files, video game keys, and other things like that. Don't attempt to card a $500 Amazon gift card because you'll be rejected unless you do everything just right. Stay under $100 generally and you'll find much more success.
Be prepared to fail a few times too. Carding isn't as easy as buying a $9 number and inputting the info. Numerous variables are involved which will determine whether a transaction goes through.
</br></br>

Wow, all the great answers when you ask the right questions https://txgate.io/images/smilies/pf.png
I am glad that I am definitely thinking in the right direction.
Cheers, guys, thanks so much for the input https://txgate.io/images/smilies/shkolota.gif
</br></br>

Ok, I am doing something wrong here.
I have tried few amex, visa and mc cards from jstash (signature, green, world cards) just to give it a go and see how this works.
Setup:
PureVPN, socks from 5socks(.)net at the same city. No dns leak, everything looks fine, at least whoer(.)net says that.
Mail on cc's name with outlook. (?)
Visas always wanted VBV (pre-approved numbers phone verification) so fuck visas.
Amex almost got through, but few minutes later after purchase I got an email that order is canceled.
Mastercard just says that the transaction is canceled and to call the bank.
Shipping addresses were ALWAYS same as billing addresses.
I have tried few sites I usually buy shit from, and few that suppose to be good for carding (digital goods) and no luck. Everything TYPED correctly etc.
What am I missing?
Is it my choice of cards? Do banks always want to confirm transactions by the phone?
Is it 5socks?
Is it everything above?

Maybe ur shops are just raped already ? Maybe ur bins got blacklisted ? My suggestion is to leave those shops alone for some time

What were the transaction amounts?

It could be, actually I didn't had bin list, I choose cvvs randomly :noob:
After researching after my own stupidity, I realized what may be the problem.
I also came across to some non-vbv bin list, amex centurion bin list, and what not, I am thinking about trying those...
My mind is exploding, overwhelmed with information. I understand that this is cat-and-mouse game, and that I just have to make a lot of mistakes to find the right way and I am trying not to loose a lot of $ on that way.
Currently, I bought a bunch of private SMSs to open gmail and yahoo accounts, maybe that would help.
I kept that at minimum, like 45$ - 75$
Here's exactly what I've tried:
-game codes from various not-so-popular sites
-gift codes from popular and not-so-popular sites
-t-shirts (with my designs) to earn affiliate commission (not too much, just to test the waters lol)
-even buying btc on virwox, they didn't had the chance to ban my account, payment didn't went through from the beginning https://txgate.io/images/smilies/pf.png
Am I on the right track? Any hint on what BINs to look for (I am not asking for lists, jus for hints :wink: )
Cheers

Those amounts should be going through fairly effortlessly if you have good cards, but as I said above: carding anythin digital can be difficult for even professionals no matter the amount. I'll give you a few more tips free of charge though:
-buy some aged emails. many merchants of high risk items use a product called emailage to get information on an email address and this includes when it was created. any newly registered email is deemed high risk for any merchant who will be a target for fraud (sellers of electronics,digital items). you can find aged emails on any online marketing forum
-Visa and Mastercard networks do not verify the name on a credit card, so you can put whatever name you want in the name field on an order form. If you buy some aged emails and some of them have a name in them, just put that name in the order form and you'll see a higher success rate. Obviously if the merchant calls the bank to confirm the transaction then it'll be declined, but this doesn't usually happen as long as everything looks right
-Amex cards are the exception to what I said above. they do verify the name, and they tend to have higher security than visa and mastercard, so I normally avoid them.
-You mentioned wanting to try a centurion. Why? Try thinking about this process rationally-why would anyone with a centurion card try to buy a $50 game code? that is much too cheap for someone with such a card. success in carding comes when you successfully impersonate the individual, and this can be done so long as you use common sense. If you're looking to purchase something like a $50 code, then use a standard credit card and maybe you'll see higher success
-Do you have a good burner number for verification calls? This can be crucial in many instances. A good number mind you-not some virtual shit.
-5socks is a good socks5 provider. How are you using the socks? I like to use the software proxifier and run everything through that as mozilla can leak stuff randomly I find. Are you checking for DNS leaks? Go here to check http://dnsleak.com/ you can enable "resolution through proxy" in the proxifier settings to use that proxy's DNS
-Use getipintel.net to check the fraud risk score of the proxy you're using. Anything above 1 I tend to just scrap and replace. Use ip-score.com to check that your IP is not on any spammer blacklists.
-Are you changing the time zone of your machine before you card? If you're on the east coast USA and you're on a California IP, but your computer's time zone is EST then that is obviously a red flag. Make sure to change this
-If all of the above sounds like too much work for you, then maybe you can try phone carding using the 4G data network. anti-fraud networks do not typically blacklist such IPs as that would be unfair to the many legitimate customers that rely solely on their phone data. You can get a lot of success just doing this
-There's not many hints I can give you in finding the right bins as it's mostly a solitary struggle for all of us. You have to experiment and just be smart. Eventually you'll amass your own list that you can do a lot of damage with. Keep notes on the bins you card with and maintain that list. Update it everytime you card
I hope this helps

Really great information and well written. I would love to learn more from you about carding..Please contact me if that is possible .
Thank You

~~~~~~

Thanks for your knowledge bro ... I have a question ... When I go to carder a cc to pay with the interface of paypal they ask for two telephone numbers(phone and mobile), I can add numbers of telephones fake of the state or city of the card? ... That could decline the payment?

Decent tips -- although surely overwhelming for the OP.
I have a few bits here to share overall.
Having an "aged" email that was never used in previous orders is as useful as a newly created email; while having an "aged" email that was involved in fraudulent orders in the past is worse than a newly created email.
Emailage, Sift Science, and other similar fraud-prevention tools do NOT actually have access to the creation date of the email from the provider (and they never make that claim). The way they work is by having a group of merchants share data about their orders and your email "age" is inferred from its existence (or lack thereof) in the
earliest order in the repository, and, if present, whether that email has been involved in legitimate or fraudulent orders. Therefore, there is no actual need to purchase an "aged" email that was unused.
The second point concerns how merchants are able to verify whether the name supplied matches what's embossed on the card. While it is true that processors aren't able to match the name supplied with the name on the card like they are able to do with other numerical data (such as numerical portion of address, zip, CC#, EXP, and CVV), and while it is true that merchants can manually verify the data by calling the issuing bank, there is often an automated step in the middle that I have never personally seen shared on any forum. A merchant can attempt to match the name supplied against the array of people that are listed to live on a particular address.
What happens here is two things, if the name supplied does indeed match the name of one of the people listed as residing at a particular address, the merchant can safely assume that it is the actual cardholder (although it could very reasonably be a sibling or a relative, or even a roommate of the actual cardholder placing the order instead), and in this case, this signal can be deemed safe. Whereas if the name does not match against any in the array, the risk is elevated (merchants are well-aware of thieves changing the billing address before placing a fraudulent order OR redirecting a shipment once an order has been shipped to the real billing address since the name matches the thief's name).
There are some other points, but this should be enough for now.

None of what I typed is particularly overwhelming for anyone with an IQ over 85 lol. The gist is be legitimate. The issue is many people don't know what exactly that means when you say it and what exactly it entails.
Fair point on emailage. I would still strongly suggest buying aged emails though. Online marketers who sell these do not just make them and sit on them for a few years. They are emails that they've used themselves for various things related to their work and this involves often using them for LEGITIMATE purchases. I've never had an aged email that was just unused or used for fraudulent orders (different story if you buy these from a fraudster obviously).
there is often an automated step in the middle that I have never personally seen shared on any forum. A merchant can attempt to match the name supplied against the array of people that are listed to live on a particular address.
What happens here is two things, if the name supplied does indeed match the name of one of the people listed as residing at a particular address, the merchant can safely assume that it is the actual cardholder (although it could very reasonably be a sibling or a relative, or even a roommate of the actual cardholder placing the order instead), and in this case, this signal can be deemed safe. Whereas if the name does not match against any in the array, the risk is elevated (merchants are well-aware of thieves changing the billing address before placing a fraudulent order OR redirecting a shipment once an order has been shipped to the real billing address since the name matches the thief's name).
I'm a little confused on what you mean. Are you talking about Experian File One? Or public data? If public data, that can be at times ridiculously inaccurate and surely unreliable for any merchant looking to verify information. I've carded numerous electronics, e-tickets, wholesale sites, gift cards, etc. and used a different CH name for all of them. So...Who is using this? Better question would be what is using this lol.

It has been my experience that a fresh email (specifically if it's @comcast, att, etc) nearly always beats a so-called "aged" email, from the perspective of bypassing fraud-detection mechanisms. You can always increase the credibility of your email's signal by creating social media accounts with that email, being sure to setting only the name and profile picture to public and the rest to private, and enabling search engine linking by email (and allowing a few days for results to cache). A previously utilized "aged" email may have become linked to a different name (even if no suspicious activity was linked to it) in the past and as such may end up being disadvantageous. I don't exactly know why telemarketers prefer using "aged" emails over fresh ones, but I suspect that the reasons concern bypassing spam detection, which are not necessarily relevant to fraud detection.
And regarding the second point, comparisons are made against public and proprietary DBs. And I do agree that the DBs can be inaccurate, but it remains a signal that affects the fraud score. And since you asked, I know with fully certainty Tigerdirect uses it, as well as Sony in the past when they still had an ecommerce division, although many others are also likely using it.

Yeah, Comcast emails are fantastic to use, though I find it easier to buy a few hundred gmails/yahoos in bulk and just be done with it. Haven't had issues passing numerous large transactions, so I wonder how great of a factor it really plays, and whether you could sacrifice something else in exchange for using an email that "passes" so to speak. It'd be interesting to experiment with. Although my setups are never really that complex. Often it's just a phone browser.
The DB checks you mentioned is very interesting. I've never heard of it and I've opened a few payment processor accounts. If it's Experian File One, then it certainly makes sense that places such as TigerDirect would use it. I'm gonna play around with it and see what I can do with them.

Unbelievable amount of information in just a few posts.
Thank you AsukaCredit and jamesbondd, this info is pure gold for me and other members too.
I will now try to answer some of the AsukaCredit's questions:
-You mentioned wanting to try a centurion. Why? Try thinking about this process rationally-why would anyone with a centurion card try to buy a $50 game code? that is much too cheap for someone with such a card. success in carding comes when you successfully impersonate the individual, and this can be done so long as you use common sense. If you're looking to purchase something like a $50 code, then use a standard credit card and maybe you'll see higher success
I was just reading random info everywhere and I didn't realize that centurions are for high-ticket items and pro carders. Standard credit card it is from now on.
-Do you have a good burner number for verification calls? This can be crucial in many instances. A good number mind you-not some virtual shit.
Unfortunately NO. I am in Europe, currently I don't know how to get an US pre-paid SIM, I will look into this, thank you.
-5socks is a good socks5 provider. How are you using the socks? I like to use the software proxifier and run everything through that as mozilla can leak stuff randomly I find. Are you checking for DNS leaks? Go here to check http://dnsleak.com/ you can enable "resolution through proxy" in the proxifier settings to use that proxy's DNS
Yes, at this part I am careful, I use proxifier and firefow and set proxy sock in BOTH of them, then check with check2ip.com, and whoer.net and 3-4 other checkers and adjust everything (time zone, java, flash etc.) until everything is green https://txgate.io/images/smilies/smile.gif
-If all of the above sounds like too much work for you...
Not at all, you have just filled the gaps in my setup https://txgate.io/images/smilies/smile.gif
Actually, I was doing similar thing on gift code sites. Created an account, and randomly browsed the website, logout, leave it for an hour and get back and try to card. But chatting and leaving it for a day or two sounds reasonable.
How do you search for cardable site? Go through them all until you hit the winner?
I was doing "10th page of the google search result shop" method.
Also, what about using non-US CCs? I see they're more expensive on jstash, must be the reason for that? German CC, German socks and German site? Hm?
Cheers!

Good post been enjoying reading it. I've been in this game long time ago (silverunix, irc nodes tempsys etc... ) . I was buying game memberships, it was so easy 2 card, even google checkout was cardable (good old days). Unfortunately I stopped doing it.
But now i wanna go back to game again, but there is so many security added in all of these merchants. I was just wondering is still worth doing it? I'm planning buying digital goods,clothes ( everything that I can sell instantly )
what setup shall I use?
My plan is :
Buy a server with Monero
VPN ( using express vpn )
Socks 4/5 (probably gonna use private shop posted in other forums)
Disposable sim card
What else am I missing?

Just curious, if you was good at e-commerce "shit" why bother with carding?
I mean by now you probably see that it's much more bullshit and too much work
involved and lot of time wasting and $$$ too..
You spend hours figuring out all those Drops/Cards/Bins/
Proxies/VPN, hours of work for nothing, if you just code for somebody you would
probably make much more $$$.. I mean carding sounds "cool", but I think
some people will make more money just delivering Pizza around.. Marketing is
much easier and long lasting biz model.. Play for little more and I think you will
be back to Facebook Ads, racking cash that way.. And you can always
process few stolen cards, if you wish to enjoy a Chargeback + 20$ Fee on top of that.. Good luck..

Nice writeup Asuka

Thanks for sharing this man! much appeciate it! been hung up w the same problem... plus
vbv &amp; mcsc... also PP linked card successfully also cannot send money