Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
Part 1
Today we will analyze what "Vbiv v shop" is. We will consider the details, discuss the possibilities and sum up the results.If we look at the input point by point, it looks something like this:
First: find a shop.
Second: we select materials for the input (credit card, socks/ssh/dedicated server, drop/intermediary address).
Third: I drove it myself.
It's all very simple, isn't it? But most people, instead of the inscription "Order success" see "Order cancelled/decline". And then, this majority begins to understand that in this matter everything is not so simple. That in fact, there are a huge number of nuances here that you did not take into account.
You may not have thought about it yet, but that's only "for now". Because that could/could be the reason for your "declines".
But there is a lot of sadness at the beginning of the article, let's look for solutions, because that is what we have gathered here for. We will consider points that will also have sub-points, so get ready to thoroughly delve into the topic.
It's time to return to our old friend - the Credit card:
Bin - these are the first 6 digits of the card, it determines the issuing bank, country of issue, card level, presence/absence of VBV)
A bin may have a payment limit, spending limits/online payment limits, or it may simply be out of money, various types of VBV/MCSC and its reset (reset varies depending on the bin).
Auto VbV Bins – this is when there is VBV on the card, but it does not require entering a password and processing is carried out automatically.
If you are interested in more detailed information on VBV, there are many articles on the Internet on this topic.
My advice to you as you work with bins is to write them down in a separate document, which one and for how much it gives/where it goes, etc.
Map level, map type:
We all remember the card levels: Classic/Platinum/Premier/Gold, etc., as well as Debit/Credit. Based on the card level, you can make assumptions about the balance on it. It is logical that there will be more money on Platinum than on Debit Classic - this is pure statistics, believe me.
Card validity:
Nothing matters: neither the quality of your IP, nor the system settings, if the card is dead. "And how can you find out?" - either by calling the bank, or by having an Enrollment to the card (now we know what it is). Checkers often kill cards, so there is no trust in them, and it is better not to check Usa cards at all before entering.
Billing info/address – credit card address (Billing address, let me remind you that this is the cardholder's residential address), unfortunately, sometimes there are crooked billing addresses on cards and if you enter a “crooked” card into the merch that is checked by AVS (and this is almost all US shops) – such a card will not be accepted.
The reasons that contribute to this are the method of obtaining cards, almost always the information about the card that the cardholder entered somewhere with his own hands gets to us. He can order something for work, to his mother-in-law's house, and so on.
There are various methods of combating this, I will tell you about several of them:
First: by checking the cardholder's billing address before inserting the card.
Second, search for information about the cardholder in publicly available sources, such as searching Google for name + zip (Andrew Klain 37146) and checking the address and name against various websites and social networks.
Third: by entering certain bins and card types. Card types include Business Cards. These are work cards that are often registered to a company/organization (so don't be surprised if instead of a name on such a card you suddenly see something like "Andrew Klain New-York Food Restoration".
The advantage of entering such cards is that their billing address is correct in 99% of cases, which other types of cards cannot boast of, due to the fact that the company orders goods or pays for services to its work address, which is the billing address.
On the downside, they only give some bins.
The next item is the card check.
Part 2
Card check. There are several types of card checks:First type: authorization and write-off.
A random amount of money (from $0.01 to infinity, but usually no more than $1) is authorized on the card, and this is the principle by which a check is entered somewhere when the amount is written off.
The second type: pre-authorization and/or cancellation of authorization. In the case of pre-authorization, the amount is not written off due to quick cancellation, and in the case of cancellation of authorization, it occurs after the direct authorization of the amount.
Third type: calling the bank.
Each bank and bin treats different types of card checks differently, but generally the impact is negative (especially when working with the USA) and sometimes kills cards (even pre-authorization).
We can say that we have covered the first part, let's move on to the second.
You can call it "Masquerade".
You all know what the "human factor" is, right? (It's been a while since I sent you on a Google binge). At the moment, many banks automatically analyze the amount of monthly expenses and the type of cardholder transactions due to absurd behavior (for example, when an 88-year-old pensioner buys a snowboard), in such cases, the bank may reject the transactions .
This point is not critical, but it cannot be ignored. The shop transmits information about the transaction to the bank, so you need to gain a minimum fraud score to bypass the anti-fraud system - focus on this.
There is a sub-item under this point called "behavior pattern." By this I mean the motivation and purpose of a person buying something at a particular moment in a particular online store.
What I mean is - create an image for yourself, become a cardholder. You enter your card, not someone else's, you are sitting in your apartment in Brooklyn. Are you an 88-year-old pensioner who decided to try something new because of an incurable disease? - talk to the store support about it and ask for advice, read the product description, make a mistake when entering text, your eyes are not as sharp as they were in your youth. "I remember a story, once in my youth I..."
The next part is your IP address.
IP purity according to black-list: open ports are neither good nor bad indicator when entering. You may not be bothered by this point.
Geolocation of IP address using maxmind or another database (I provided a list of current sites in one of the articles on security).
Whoer.net and a number of other sites have an outdated max-mind geo-base connected, so the consumption of geolocation information from the entered site in comparison with whoer and some similar sites can differ dramatically and critically, even to another state.
Certain sites have their own geo-databases, often on these sites you are offered automatic filling of zip-code, city and state, therefore when entering such shops it is better to focus on the information provided by them and select material based on it.
Proxy, Risk score, provider, host name, DNS, ip belonging to hosting provider:
Internet provider IP, host name can tell about IP belonging to a cloud host.
Range of Zip-Code ip from Zip-Code CC.
For example: we have a card with a zip code in the billing address 31243, which means the zip IP should be as close as possible to the billing zip code, ie 31243 / 3123* / 313** etc. – however, this directly depends on your topic and the place where you enter it, for an e-gift you need to select as close as possible, for a clothing bag depending on the situation, ie for a drop/intermediary or cardholder.
Dedicated server, virtual and physical machines:
OS: Windows/Linux version etc.
Browser: (version, WebRTC settings, cookies)
Serious merch can request information about installed plugins from the browser (they can check only by requesting the id of a specific plugin/s)? check sites from the list on which you are authorized (let me remind you that you can check here - https://browserleaks.com/social). For example, when authorized, for example, Facebook is a plus, but not a very important one.
We stuff cookies: surfing various sites - imitation of a real user BEFORE typing.
Agree that it would be strange if a person with a "bare and empty" browser goes to buy an e-gift for $2000, wouldn't it? Therefore, we need to create an image of an ordinary PC user, walking around the sites of various local clinics/restaurants, Amazon/Ebay/Facebook, etc.
Part 3
All kinds of prints (fonts, fingerprint, audio fingerprint, etc.).The set of fingerprints generates your unique user fingerprint, which remains in the system. This is solved by changing the system (changing the dedicated server/socks/ssh), replacing a number of pinpoint fingerprints (fonts, screen resolution, video card frequency, etc.).
In my opinion, the process of typing itself consists of several things that can happen in different orders:
Method of getting into the shop (for example: Google/Facebook/Twitter)
Yes, this is also important. And yes, shops see this too. To one degree or another, this also matters. There are several types of transition, I will tell you about them starting from less trustworthy moving to more trustworthy respectively:
First: directly from the link on the browser home page: browser >> amazon.com.
Second: from search engines: google.com >> amazon.com.
Third: social networks, affiliate programs, various coupon/cashback services.
The shop tracks where you came from, the least hackneyed methods are the most trusted.
Manual text entry or "copy-paste" - antifraud reveals this, do you copy your name from the clipboard when making purchases from your card? - Unlikely.
Warming up the shop: surfing the shop, making a conscious choice of product, reading reviews, delivery methods. Removing and adding products to and from the cart, registering an account in the shop (it wouldn't hurt to give it a rest, there was a separate article about it, remember?), preliminary calling or communication with support.
By dialing:
Some stores have the option of "order by phone" - order by phone. It happens that the cardholder's site does not load/glitches, and then a support operator comes to the rescue, who personally enters your card details, etc. The advantage is that antifraud does not see your system and IP address, and accordingly does not assess risks based on these factors (and you should already know about this).
Billing address = Shipping address (or not equal):
Matching the entered billing address with the shipping address, it happens that orders are cancelled due to differences. You can fight this in the following ways: pass the anti-fraud system for all other indicators/warm up the shop (for example, chat in live-chat and say that you want to buy a gift for a friend, etc.)/ search for shops that allow this/enter billing=shipping=drop/intermediary (when checked by the AVS system, it will not pass in most cases), enter illiquid assets that are not "pulled by anti-fraud".
Shipping:
A number of addresses of well-known intermediaries may be on the blacklist of many point shops and merch stores, and duplicates are also monitored (whether someone has previously purchased at this address in the same store).
E-mail for the cardholder and for the recipient (in the case of e-gift):
Mail also has a certain risk score. The most trustworthy are corporate mails like name@mysite.com. The most fraudulent are all those that have a simplified registration process (for example: mail.com, in other words - these are the services that do not require you to receive SMS).
In addition, some merch pays attention to the name in the email address (name@mysite.com) - they can check for the presence of the cardholder's first/last name - also not critical, but also an important plus (two sides of the same coin).
As you can see, a simple VBV has a lot of items and even more sub-items. Therefore, if you increasingly see "order cancellation", then it is worth conducting a full analysis of your work. An analogy for creating this list can be drawn in any work: stick, poker, banks, etc.
There are many different possible consequences of your carding, we will look at the main ones:
Decline: the shop didn't even let you place an order, often this means that you have problems with the card, so first of all you should pay attention to it and the sub-items related to it (see the first article on " VBiV"). In other cases, the site either has technical problems and the screws are tightened (this happens, but very rarely), or you do not pass antifraud (shop or bank) and get caught somewhere, in this case remember what we wrote at the point about "IP addresses".
Cancel: the order was hung, but after a while (or immediately) a cancellation of the order was sent to the e-mail. Reasons: antifraud did not pass/the shop called the holder/something is wrong with the card and the shop could not write off the money.
If you didn't pass the antifraud and it didn't like anything, then there are two possible scenarios for further developments:
The first is a cancellation directly from the shop's anti-fraud system (or the bank did not allow the transaction to be carried out).
The second - based on the sum of the points scored by the anti-fraud indicators, the order was processed manually (when the manager manually approves/cancels orders) and the manager cancelled it, or called the holder.
If everything is clear with the first case, then the rest is worth examining in a little more detail:
The shop called the holder - yes, there are shops that always call, there are also shops that can call only for certain orders (for example, for e-gift) and/or from a specific specified order amount (for example: all orders $1000+)
The methods for combating this are as follows: indicating your (or a calling service's) telephone number in order to receive a call if necessary/indicating a fake number (for example: some nearby cafe with a cardholder) or a non-existent number.
However, due to the AVS system in a number of countries, such orders may also suffer...
The third is cancellation due to problems with the card. It means that the cardholder either manages to burn it, or your shop processes orders not immediately, but after the order has been left by the buyer, and then it can accept even a dead card and give you an order, but, of course, It will not write off money from it.
Shop request for additional verification in the form of a photo of an identification document (passport/driver's license) or a photo of a card. Means that you have failed to meet the antifraud requirements somewhere or your order seemed suspicious. Also occurs in cases where the shop is already quite "blurred" and requests verification with the slightest suspicion.
Request for additional verification by calling. They ask you to call to "clarify" some details. Usually they ask about the background, but it all depends on the shop, it may also mean that the card has a crooked billing address.
"How to fight this?" - Punch, call, draw. If the order and tests are worth it, we record the results and draw conclusions.
Checklist:
It is a list of points that tell how: you can break through a specific shop based on tests of entering this shop, various useful notes, derived again based on experience (for example, how quickly orders/cancellations come) - this is your desktop template that you need to focus on, provided that you have compiled it correctly.
An example of such a checklist:
- The billing address must be correct.
- The entry must be made in one attempt on one IP address.
- Manual input only.
- The option of entering data via ssh works well.
- If you have not passed the anti-fraud system, but the card is correct, the cancellation will be sent to your email within 25 minutes.
- When the anti-fraud system does not pass the order, the merch gives a cancellation with the text: "Unable to process credit card at this time, processor reported (Authorization Failed)".
- If the card has an insufficient balance or incorrect billing address, the merch gives a cancellation with the text: "Please double-check your billing address and credit card information".
- Such and such bins came in for such and such amounts.
And so on and so forth.
