Hello! I just read Bailopan's Alphabay carding guide and have a couple questions regarding opsec and how to setup our carding operation.
Bailopan says that the safest way to card is to buy a burner lap top install Qubes OS and a VM with Win 7 installed. 2 VPNs one VPN in Qubes and another different VPN inside our virtual machine. He says this is the best setup.
Then he explains the other setup which is the same that Ginseng explains in his guides which is a burner lap top with win 7 installed, a VM with also win 7 installed, a veracrypt encripted volumen, socks5 and an RDP in the same location as the CH. Bailopan says that this second setup is not very safe, what do you guys think?

Both set ups seem like an overkill unless you're going to steal over 100k, but second setup looks more solid.
You need something (an RDP or Socks5 or SSH) that matches cardholder location and has residential IP (e.g. not a datacenter server IP range as they all are flagged as high risk by payment processors).
Use a VPN from 3rd country, not the one you reside and not cardholder's one either. Like if you're in the UK and ch from the states use a vietnamese VPN then connect to an RDP or use socks that matches state and city (ideally ZIP code) of the cardholder and you are good to go. Use double VPN if you wanna have extra security. A disposable laptop and 4G internet that's not linked to you or public wifi and VPN + RDP/SOCKS are the most ideal set-up, unless you get involved with hacking govt websites no one will bother finding you.
And remember, most people get caught when they cash out stolen money or when they become too noticeable (like developers of major trojans and ransomware) or just because they talk too much.
</br></br></br>

Hey man thank you so much for your reply!!
So you say that the setup host machine with Win 7 installed &gt; veracrypt encripted volume &gt; Virtual Machine with Win 7 installed &gt; RDP with CHs location is a better setup? I read in another forum that Windows has a lot of back door for FBI, NSA, CIA etc... what do you think?
Should we use RDP or Socks of both? I mean, if we use RDP then we don't use socks, and if we use socks then we don't use RDP, correct?
&gt;&gt; And remember, most people get caught when they cash out stolen money or when they become too noticeable (like developers of major trojans and ransomware) or just because they talk too much.
**I have actually been thinking about that a lot, I have seen a couple of cash out methods using 4 pay pal accounts, one for dirty funds, then a middleman and 2 other clean accounts. Do you recommend a way to safely cash out the stolen funds?
Thank you again for your help!!
</br></br></br></br></br></br></br></br></br></br>