I come from e-commerce

[mc will]

Quote:

Originally Posted by TMNT62

It could be, actually I didn't had bin list, I choose cvvs randomly :noob:
After researching after my own stupidity, I realized what may be the problem.
I also came across to some non-vbv bin list, amex centurion bin list, and what not, I am thinking about trying those...
My mind is exploding, overwhelmed with information. I understand that this is cat-and-mouse game, and that I just have to make a lot of mistakes to find the right way and I am trying not to loose a lot of $ on that way.
Currently, I bought a bunch of private SMSs to open gmail and yahoo accounts, maybe that would help.
I kept that at minimum, like 45$ - 75$
Here's exactly what I've tried:
-game codes from various not-so-popular sites
-gift codes from popular and not-so-popular sites
-t-shirts (with my designs) to earn affiliate commission (not too much, just to test the waters lol)
-even buying btc on virwox, they didn't had the chance to ban my account, payment didn't went through from the beginning
Am I on the right track? Any hint on what BINs to look for (I am not asking for lists, jus for hints :wink: )
Cheers

Those amounts should be going through fairly effortlessly if you have good cards, but as I said above: carding anythin digital can be difficult for even professionals no matter the amount. I'll give you a few more tips free of charge though:
-buy some aged emails. many merchants of high risk items use a product called emailage to get information on an email address and this includes when it was created. any newly registered email is deemed high risk for any merchant who will be a target for fraud (sellers of electronics,digital items). you can find aged emails on any online marketing forum
-Visa and Mastercard networks do not verify the name on a credit card, so you can put whatever name you want in the name field on an order form. If you buy some aged emails and some of them have a name in them, just put that name in the order form and you'll see a higher success rate. Obviously if the merchant calls the bank to confirm the transaction then it'll be declined, but this doesn't usually happen as long as everything looks right
-Amex cards are the exception to what I said above. they do verify the name, and they tend to have higher security than visa and mastercard, so I normally avoid them.
-You mentioned wanting to try a centurion. Why? Try thinking about this process rationally-why would anyone with a centurion card try to buy a $50 game code? that is much too cheap for someone with such a card. success in carding comes when you successfully impersonate the individual, and this can be done so long as you use common sense. If you're looking to purchase something like a $50 code, then use a standard credit card and maybe you'll see higher success
-Do you have a good burner number for verification calls? This can be crucial in many instances. A good number mind you-not some virtual shit.
-5socks is a good socks5 provider. How are you using the socks? I like to use the software proxifier and run everything through that as mozilla can leak stuff randomly I find. Are you checking for DNS leaks? Go here to check http://dnsleak.com/ you can enable "resolution through proxy" in the proxifier settings to use that proxy's DNS
-Use getipintel.net to check the fraud risk score of the proxy you're using. Anything above 1 I tend to just scrap and replace. Use ip-score.com to check that your IP is not on any spammer blacklists.
-Are you changing the time zone of your machine before you card? If you're on the east coast USA and you're on a California IP, but your computer's time zone is EST then that is obviously a red flag. Make sure to change this
-If all of the above sounds like too much work for you, then maybe you can try phone carding using the 4G data network. anti-fraud networks do not typically blacklist such IPs as that would be unfair to the many legitimate customers that rely solely on their phone data. You can get a lot of success just doing this
-There's not many hints I can give you in finding the right bins as it's mostly a solitary struggle for all of us. You have to experiment and just be smart. Eventually you'll amass your own list that you can do a lot of damage with. Keep notes on the bins you card with and maintain that list. Update it everytime you card
I hope this helps

[Sidor88ruSS]

Quote:

Originally Posted by AsukaCredit

Those amounts should be going through fairly effortlessly if you have good cards, but as I said above: carding anythin digital can be difficult for even professionals no matter the amount. I'll give you a few more tips free of charge though:
-buy some aged emails. many merchants of high risk items use a product called emailage to get information on an email address and this includes when it was created. any newly registered email is deemed high risk for any merchant who will be a target for fraud (sellers of electronics,digital items). you can find aged emails on any online marketing forum
-Visa and Mastercard networks do not verify the name on a credit card, so you can put whatever name you want in the name field on an order form. If you buy some aged emails and some of them have a name in them, just put that name in the order form and you'll see a higher success rate. Obviously if the merchant calls the bank to confirm the transaction then it'll be declined, but this doesn't usually happen as long as everything looks right
-Amex cards are the exception to what I said above. they do verify the name, and they tend to have higher security than visa and mastercard, so I normally avoid them.
-You mentioned wanting to try a centurion. Why? Try thinking about this process rationally-why would anyone with a centurion card try to buy a $50 game code? that is much too cheap for someone with such a card. success in carding comes when you successfully impersonate the individual, and this can be done so long as you use common sense. If you're looking to purchase something like a $50 code, then use a standard credit card and maybe you'll see higher success
-Do you have a good burner number for verification calls? This can be crucial in many instances. A good number mind you-not some virtual shit.
-5socks is a good socks5 provider. How are you using the socks? I like to use the software proxifier and run everything through that as mozilla can leak stuff randomly I find. Are you checking for DNS leaks? Go here to check http://dnsleak.com/ you can enable "resolution through proxy" in the proxifier settings to use that proxy's DNS
-Use getipintel.net to check the fraud risk score of the proxy you're using. Anything above 1 I tend to just scrap and replace. Use ip-score.com to check that your IP is not on any spammer blacklists.
-Are you changing the time zone of your machine before you card? If you're on the east coast USA and you're on a California IP, but your computer's time zone is EST then that is obviously a red flag. Make sure to change this
-If all of the above sounds like too much work for you, then maybe you can try phone carding using the 4G data network. anti-fraud networks do not typically blacklist such IPs as that would be unfair to the many legitimate customers that rely solely on their phone data. You can get a lot of success just doing this
-There's not many hints I can give you in finding the right bins as it's mostly a solitary struggle for all of us. You have to experiment and just be smart. Eventually you'll amass your own list that you can do a lot of damage with. Keep notes on the bins you card with and maintain that list. Update it everytime you card
I hope this helps

Really great information and well written. I would love to learn more from you about carding..Please contact me if that is possible .
Thank You

[mc will]

Quote:

Originally Posted by KingCash13

Really great information and well written. I would love to learn more from you about carding..Please contact me if that is possible .
Thank You

~~~~~~

[yaboyb1992]

Thanks for your knowledge bro ... I have a question ... When I go to carder a cc to pay with the interface of paypal they ask for two telephone numbers(phone and mobile), I can add numbers of telephones fake of the state or city of the card? ... That could decline the payment?

[Mayson]

Quote:

Originally Posted by AsukaCredit

You can contact me
I'd also like to share a story about a relatively obscure gift card site I was hitting last year for good money before they caught on. Just to give you an idea on what goes into successfully carding digital items for decent money. This site sold Itunes and Amazon gift cards primarily. How I approached it was relatively simple if not a little time consuming as well (well worth it though). I'll list what I did step-by-step:
1. Registered around 30 accounts with the site using aged gmails, yahoos, and a mixture of domain emails. Also used burner numbers from prepaid simcards so I would have a valid phone number. this may sound time consuming (it is) but keep reading. it's worth it.
2. Bought 30 CC from my supplier and confirmed they ALL had a good balance by calling into the bank. After confirmation I would attach each card to a different account on the site.
3. from each account I would browse the site in as random a way as possible. they had a livechat feature. I talked to the livechat and asked random questions that a legit customer would be curious about such as expiration date of the gift cards, how quick is delivery, how do I attach the amazon cards to my amazon account, etc. don't worry about sounding stupid as most legitimate people are stupid anyway. The point of all of this is for the customer service rep to put notes on your account detailing the questions you asked. this will help later during post-checkout when they're verifying your purchase. They'll notice the notes on my profile and it will obviously help in convincing them that I'm not a thief.
4. I would wait a little bit, sometimes a day, and then come back and make a very small purchase of $10-20. these should go through easily after everything you did so long as you confirmed that the cards you attached are live. why so small? i wanted to build a purchase history on my account making bigger purchases on a later date much more viable. sometimes i'd do two small purchases. don't worry about the card cancelling as most standard CC should be able to handle a couple of $10-20 purchases without having a fit. obviously some will still be discovered anyway, but no big deal. shit happens
5. after all of this, I would come back and hit them ALL for a big $500 amazon gift card. as I've already put in the work to look legit and already accumulated a purchase history, this site in particular had no issue instantly delivering the $500 card to my email. if you're too lazy to do the math:
30 accounts X $500= $15,000 in Amazon gift cards. Obviously some of cards will end up cancelling, so not always that much, but close to it. For just 2-4 days of work that's not bad is it?
The site in question no longer works for such a thing and I will not give it out for security reasons, but I just wanted to give you an idea on how I work digital items. You often have to go the extra step to really make money. Use your head, think like a legitimate customer and not like a thief. You'll see the money come in.

Decent tips -- although surely overwhelming for the OP.
I have a few bits here to share overall.
Having an "aged" email that was never used in previous orders is as useful as a newly created email; while having an "aged" email that was involved in fraudulent orders in the past is worse than a newly created email.
Emailage, Sift Science, and other similar fraud-prevention tools do NOT actually have access to the creation date of the email from the provider (and they never make that claim). The way they work is by having a group of merchants share data about their orders and your email "age" is inferred from its existence (or lack thereof) in the
earliest order in the repository, and, if present, whether that email has been involved in legitimate or fraudulent orders. Therefore, there is no actual need to purchase an "aged" email that was unused.
The second point concerns how merchants are able to verify whether the name supplied matches what's embossed on the card. While it is true that processors aren't able to match the name supplied with the name on the card like they are able to do with other numerical data (such as numerical portion of address, zip, CC#, EXP, and CVV), and while it is true that merchants can manually verify the data by calling the issuing bank, there is often an automated step in the middle that I have never personally seen shared on any forum. A merchant can attempt to match the name supplied against the array of people that are listed to live on a particular address.
What happens here is two things, if the name supplied does indeed match the name of one of the people listed as residing at a particular address, the merchant can safely assume that it is the actual cardholder (although it could very reasonably be a sibling or a relative, or even a roommate of the actual cardholder placing the order instead), and in this case, this signal can be deemed safe. Whereas if the name does not match against any in the array, the risk is elevated (merchants are well-aware of thieves changing the billing address before placing a fraudulent order OR redirecting a shipment once an order has been shipped to the real billing address since the name matches the thief's name).
There are some other points, but this should be enough for now.

[mc will]

Quote:

Originally Posted by jamesbondd

Decent tips -- although surely overwhelming for the OP.
I have a few bits here to share overall.
Having an "aged" email that was never used in previous orders is as useful as a newly created email; while having an "aged" email that was involved in fraudulent orders in the past is worse than a newly created email.
Emailage, Sift Science, and other similar fraud-prevention tools do NOT actually have access to the creation date of the email from the provider (and they never make that claim). The way they work is by having a group of merchants share data about their orders and your email "age" is inferred from its existence (or lack thereof) in the
earliest order in the repository, and, if present, whether that email has been involved in legitimate or fraudulent orders. Therefore, there is no actual need to purchase an "aged" email that was unused.
The second point concerns how merchants are able to verify whether the name supplied matches what's embossed on the card. While it is true that processors aren't able to match the name supplied with the name on the card like they are able to do with other numerical data (such as numerical portion of address, zip, CC#, EXP, and CVV), and while it is true that merchants can manually verify the data by calling the issuing bank, there is often an automated step in the middle that I have never personally seen shared on any forum. A merchant can attempt to match the name supplied against the array of people that are listed to live on a particular address.
What happens here is two things, if the name supplied does indeed match the name of one of the people listed as residing at a particular address, the merchant can safely assume that it is the actual cardholder (although it could very reasonably be a sibling or a relative, or even a roommate of the actual cardholder placing the order instead), and in this case, this signal can be deemed safe. Whereas if the name does not match against any in the array, the risk is elevated (merchants are well-aware of thieves changing the billing address before placing a fraudulent order OR redirecting a shipment once an order has been shipped to the real billing address since the name matches the thief's name).
There are some other points, but this should be enough for now.

None of what I typed is particularly overwhelming for anyone with an IQ over 85 lol. The gist is be legitimate. The issue is many people don't know what exactly that means when you say it and what exactly it entails.
Fair point on emailage. I would still strongly suggest buying aged emails though. Online marketers who sell these do not just make them and sit on them for a few years. They are emails that they've used themselves for various things related to their work and this involves often using them for LEGITIMATE purchases. I've never had an aged email that was just unused or used for fraudulent orders (different story if you buy these from a fraudster obviously).
there is often an automated step in the middle that I have never personally seen shared on any forum. A merchant can attempt to match the name supplied against the array of people that are listed to live on a particular address.
What happens here is two things, if the name supplied does indeed match the name of one of the people listed as residing at a particular address, the merchant can safely assume that it is the actual cardholder (although it could very reasonably be a sibling or a relative, or even a roommate of the actual cardholder placing the order instead), and in this case, this signal can be deemed safe. Whereas if the name does not match against any in the array, the risk is elevated (merchants are well-aware of thieves changing the billing address before placing a fraudulent order OR redirecting a shipment once an order has been shipped to the real billing address since the name matches the thief's name).
I'm a little confused on what you mean. Are you talking about Experian File One? Or public data? If public data, that can be at times ridiculously inaccurate and surely unreliable for any merchant looking to verify information. I've carded numerous electronics, e-tickets, wholesale sites, gift cards, etc. and used a different CH name for all of them. So...Who is using this? Better question would be what is using this lol.

[Mayson]

Quote:

Originally Posted by AsukaCredit

None of what I typed is particularly overwhelming for anyone with an IQ over 85 lol. The gist is be legitimate. The issue is many people don't know what exactly that means when you say it and what exactly it entails.
Fair point on emailage. I would still strongly suggest buying aged emails though. Online marketers who sell these do not just make them and sit on them for a few years. They are emails that they've used themselves for various things related to their work and this involves often using them for LEGITIMATE purchases. I've never had an aged email that was just unused or used for fraudulent orders (different story if you buy these from a fraudster obviously).
I'm a little confused on what you mean. Are you talking about Experian File One? Or public data? If public data, that can be at times ridiculously inaccurate and surely unreliable for any merchant looking to verify information. I've carded numerous electronics, e-tickets, wholesale sites, gift cards, etc. and used a different CH name for all of them. So...Who is using this? Better question would be what is using this lol.

It has been my experience that a fresh email (specifically if it's @comcast, att, etc) nearly always beats a so-called "aged" email, from the perspective of bypassing fraud-detection mechanisms. You can always increase the credibility of your email's signal by creating social media accounts with that email, being sure to setting only the name and profile picture to public and the rest to private, and enabling search engine linking by email (and allowing a few days for results to cache). A previously utilized "aged" email may have become linked to a different name (even if no suspicious activity was linked to it) in the past and as such may end up being disadvantageous. I don't exactly know why telemarketers prefer using "aged" emails over fresh ones, but I suspect that the reasons concern bypassing spam detection, which are not necessarily relevant to fraud detection.
And regarding the second point, comparisons are made against public and proprietary DBs. And I do agree that the DBs can be inaccurate, but it remains a signal that affects the fraud score. And since you asked, I know with fully certainty Tigerdirect uses it, as well as Sony in the past when they still had an ecommerce division, although many others are also likely using it.

[mc will]

Quote:

Originally Posted by jamesbondd

It has been my experience that a fresh email (specifically if it's @comcast, att, etc) nearly always beats a so-called "aged" email, from the perspective of bypassing fraud-detection mechanisms. You can always increase the credibility of your email's signal by creating social media accounts with that email, being sure to setting only the name and profile picture to public and the rest to private, and enabling search engine linking by email (and allowing a few days for results to cache). A previously utilized "aged" email may have become linked to a different name (even if no suspicious activity was linked to it) in the past and as such may end up being disadvantageous. I don't exactly know why telemarketers prefer using "aged" emails over fresh ones, but I suspect that the reasons concern bypassing spam detection, which are not necessarily relevant to fraud detection.
And regarding the second point, comparisons are made against public and proprietary DBs. And I do agree that the DBs can be inaccurate, but it remains a signal that affects the fraud score. And since you asked, I know with fully certainty Tigerdirect uses it, as well as Sony in the past when they still had an ecommerce division, although many others are also likely using it.

Yeah, Comcast emails are fantastic to use, though I find it easier to buy a few hundred gmails/yahoos in bulk and just be done with it. Haven't had issues passing numerous large transactions, so I wonder how great of a factor it really plays, and whether you could sacrifice something else in exchange for using an email that "passes" so to speak. It'd be interesting to experiment with. Although my setups are never really that complex. Often it's just a phone browser.
The DB checks you mentioned is very interesting. I've never heard of it and I've opened a few payment processor accounts. If it's Experian File One, then it certainly makes sense that places such as TigerDirect would use it. I'm gonna play around with it and see what I can do with them.

[hackseller]

Unbelievable amount of information in just a few posts.
Thank you AsukaCredit and jamesbondd, this info is pure gold for me and other members too.
I will now try to answer some of the AsukaCredit's questions:
-You mentioned wanting to try a centurion. Why? Try thinking about this process rationally-why would anyone with a centurion card try to buy a $50 game code? that is much too cheap for someone with such a card. success in carding comes when you successfully impersonate the individual, and this can be done so long as you use common sense. If you're looking to purchase something like a $50 code, then use a standard credit card and maybe you'll see higher success
I was just reading random info everywhere and I didn't realize that centurions are for high-ticket items and pro carders. Standard credit card it is from now on.
-Do you have a good burner number for verification calls? This can be crucial in many instances. A good number mind you-not some virtual shit.
Unfortunately NO. I am in Europe, currently I don't know how to get an US pre-paid SIM, I will look into this, thank you.
-5socks is a good socks5 provider. How are you using the socks? I like to use the software proxifier and run everything through that as mozilla can leak stuff randomly I find. Are you checking for DNS leaks? Go here to check http://dnsleak.com/ you can enable "resolution through proxy" in the proxifier settings to use that proxy's DNS
Yes, at this part I am careful, I use proxifier and firefow and set proxy sock in BOTH of them, then check with check2ip.com, and whoer.net and 3-4 other checkers and adjust everything (time zone, java, flash etc.) until everything is green
-If all of the above sounds like too much work for you...
Not at all, you have just filled the gaps in my setup
Actually, I was doing similar thing on gift code sites. Created an account, and randomly browsed the website, logout, leave it for an hour and get back and try to card. But chatting and leaving it for a day or two sounds reasonable.
How do you search for cardable site? Go through them all until you hit the winner?
I was doing "10th page of the google search result shop" method.
Also, what about using non-US CCs? I see they're more expensive on jstash, must be the reason for that? German CC, German socks and German site? Hm?
Cheers!

[zvfedkiop]

Good post been enjoying reading it. I've been in this game long time ago (silverunix, irc nodes tempsys etc... ) . I was buying game memberships, it was so easy 2 card, even google checkout was cardable (good old days). Unfortunately I stopped doing it.
But now i wanna go back to game again, but there is so many security added in all of these merchants. I was just wondering is still worth doing it? I'm planning buying digital goods,clothes ( everything that I can sell instantly )
what setup shall I use?
My plan is :
Buy a server with Monero
VPN ( using express vpn )
Socks 4/5 (probably gonna use private shop posted in other forums)
Disposable sim card
What else am I missing?