Greetings, friends! Today we will talk about such a well-known phenomenon in the niche of earning money on the Internet as carding. This direction has gained particular significance with the development of the monetary system, namely, with the popularization of electronic money.
In this article, you will learn about how carder training really takes place, what you may encounter on carding forums, as well as what bays on sim cards without prepayment are, and how this niche works in 2023.
Just want to say that this article is purely informational in nature. Forewarned means armed! I do not intend to encourage you to take action or interest you enough to make you want to plunge into the world of carding, and therefore I will not touch on the details of this or that "case”, but in general terms, you will undoubtedly receive quite comprehensive information.
Carding is a term that literally means fraud with credit or debit bank cards, however, with the development of information technology, the concept of carding has expanded somewhat and also includes:
- Data trading (credit cards, passports, hacked bank accounts, payment systems, and much more)
- Scam against so-called hamsters (mostly "smart" fraud, i.e. using social engineering)
- Cashing out other people's money
The time dynamics of the development of certain events in carding can vary from several hours, in the worst case, to several months. In other words, what works in carding today doesn't necessarily work tomorrow.
Therefore, carding is a place where people come hoping to earn money quickly and easily, but there are few people who really earn anything here. This is because the main principle of carding is testing. I.e., it is a direct investment in the hope of making a big profit.
I think that this should be very clear: you invest money - with a successful scenario, you get it back and make a profit, and with a bad scenario, you lose everything irrevocably. But in order to continue my story, I need to introduce you to the situation and introduce you to the terminology.
All carder tools are usually called in a simple way - material. The word material refers to credit cards, bank accounts, personal data, passport data, etc. This is exactly what carders work with. As they say - from simple to complex, so let's start getting acquainted with credit cards.
Credit cards
So, in the terminology of carding, a credit card is called-cardboard, plastic or cc (from the English cc-credit card). I think that each of you has a credit card, so the content of the credit card is familiar to you. The most common cc contains information such as:- Name, surname
- Card number
- Expiration date
- CVV-code (security code)
However, all this was possible a very, very long time ago. As I said above, security systems do not stand still, so having such a "meager" set of information, you can make a maximum of money from a credit card to the fund for the treatment of sick children, and this, by the way, is very important to always do, but we will touch on this topic in more detail below.
Two-factor authentication, vbv, mcsc
To protect their customers, banks have come up with a system of unique SMS notifications that work on the principle: “if you want to pay for something, enter the code received in the SMS message in the window.” The bank sends this code to a previously registered customer number, and this security method is called two-factor authentication.Is it possible to bypass this protection system? Of course, yes. Various methods can be used here, ranging from centralized viruses (botnets) to banal cookie substitution.
I'm only telling you this to make you understand one thing - there is no such security that cannot be hacked, at least I haven't heard of it (cryptography may be an exception)
However, despite the fact that two-factor authentication is quite popular in the CIS, in the West they prefer to use a different type of protection, which is called vbv or mcsc. This is the same two-factor authentication, but with a password set for making payments on the network instead of an SMS notification coming to your phone.
Simply put, this is an “additional” password that the user sets on their credit card to make purchases online. And this system is much more vulnerable than an SMS notification with two-factor authentication. Because the botnet virus collects this information with a bang, but in addition, some online stores often store such information in their databases, and hackers can take advantage of this.
In addition, it is important to understand that not all cardholders (from the English card holder - card holder) install the SMS notification system.
For example, pensioners, people who are far from the Internet, who do not make purchases online, and do not think about additional protection at all. Therefore, the carder himself can install this protection in order to freely use the money stored on the plastic.
In this case, the carder can not only make payments online, but also observe the dynamics of funds stored in the account. And this is almost the most important point, because everyone wants to know the balance of the card, so as not to run into the bank's anti-fraud system once again.
As for the anti-fraud system (from the English anti fraud - anti fraud), it exists not only in banks, but also in individual stores and services, and therefore this topic is quite extensive and we will reveal it a little later, stay tuned.
Fullz
Full information about the bank's client is usually understood as full information about the bank's client. This includes their full name, residential address, phone number, operating system, browser, email, username and password from their bank account (hereinafter referred to as BA), mother's maiden name, as well as information from a credit card - the number, security code, and life span of the card.It is considered the most privileged and expensive product on the sites where the material is sold. Because fullz, which has access to the BA, allows you to control expenses, as well as attach a credit card to certain services using microtransactions.
This is the case when a small amount of money is withdrawn from the account, so that by entering it you can confirm that you really are the account owner. Note that this method of syncing invoices is widely used in the PayPal payment system.
About methods of "draining" money from credit cards
Duffel carding is when you buy real " gear”, send it to the address of the drop, and he either keeps it for himself, or sends it to the buyer. Drop is a fake person. There are two types of drops - adjustable and non-adjustable.
Divorce drops are usually naive fools who are found online and asked to accept the parcel, and then send it to the appropriate address. They always breed such drops in different ways - they tell whiny stories to someone, and they just rub their trust in someone and ask them to accept the parcel “in a brotherly way". In short, who is in a lot of trouble.
Another thing is non-dilutive drops that deliberately make a deal with the carder. They usually don't forward any packages until they receive payment from the drop driver. But a drop driver is a whole profession. This is a person who recruits drops and cooperates with the carder.
In addition, there is a buyer in the chain, which pays money for goods to the carder. How much money the carder will receive is a matter of agreement, however, the highest interest on payments (40-50%) is received by the carder for equipment (electrical goods, gold, optics)
The complexity of the duffel bag is that all store owners install unique protection against card attacks. To do this, a staff of employees is even hired to check orders, calling customers back on the phone and asking them for information about the order. An order is an order placed by the client.
But for a carder who has all the information about the payer from fullz and a virtual phone number for receiving calls from abroad (for example, a Skype number) such security systems are not a problem.
In addition, stores often ask you to take a photo of a credit card or send a scan of the payer's passport, but this is not a problem for a person who knows how to use Photoshop and knows document templates from around the world.
Let's discuss the easiest way to implement stuff carding for beginners - online auctions. These are online stores where one product pays off 10-20 times, and therefore they do not deploy packages and send them anywhere.
Although carders create problems for online auctions, they are so insignificant in the scale of profit generated by auctions that they do not particularly bother and are ready to pay penalties to bank customers.
Usually, the protection system for online auctions is rather low because it is advantageous for online auction owners, as well as casino owners, that the client does not have any difficulties at the time of payment.
The faster they pay, the higher the chance that they won't change their mind at the last moment. Therefore, when adding funds to various casinos or auctions, you may notice that you are not required to provide much information, but you will be asked to verify your identity when withdrawing funds.
By the way, let's discuss a very important point that is being pedaled everywhere on carding forums, and it is related to the delivery of goods. You see, in most modern stores, it is customary to send goods only to the user's registration address, which is called billing address.
However, there are also stores that send a shipping address, and this can already be any address, for example, the address of your drop.
So, it is quite difficult to find such a store that would send to the drop address, and not the payer's registration address, but if the carder succeeds, then he can be said to be in chocolate
After making a payment, which in the cybercrime environment is simply called "driving in", a notification is sent to your email address. Its content can be completely different, ranging from refusing a purchase without explaining the reasons, to approving it and further instructions on how to get a tracking code that allows you to track products on the way.
Payment systems
Unlike small online stores that are quite vulnerable to card attacks, payment systems are giants of the industry. There is not just a staff of people checking orders for authenticity, but a whole company of IT specialists who know how to distinguish a client from a carder, no matter how much he hides behind the guise of a regular user.
When working with payment systems, two types of cards are widely used. One is based on hacked accounts of real users, and the other is based on so-called self-regs. A more common and cheaper way is, of course, self-monitoring.
Its essence lies in the fact that the carder creates an account in a particular payment system according to data taken from fullz (for a fake person), and then merges the money of the same person to an account in the payment system, from which he has full access. Now the carder can freely pay with self-registration for goods, services, cryptocurrencies and much more.
Every day, thousands of self-registers appear in various payment systems-PayPal, Skrill, Qiwi, MoneyGram, etc. Therefore, the system already knows how to distinguish a real user from a carder.
Previously, it was possible to send money using Western Union all over the world, just having information about the holder, but now it becomes quite difficult, and therefore I strongly recommend not to go into this jungle, without preliminary tests or good material.
In addition to the data from fullz, you will need to immediately draw documents for the information contained in fullz, buy a Skype number for calling (or order this service on the appropriate forum), get a working machine and configure it correctly, and buy a vpn, proxy or socks for these fullz (in extreme cases, you can buy or untie a dedic). and act as carefully as possible when driving in, without arousing suspicion from the system.
Payment systems include various types of casinos, in which carders drain money through the so-called gaskets. To do this, they use several self-regs, which they lose money to.
This happens as follows: the carder creates an account, deposits funds from someone else's credit card, and then logs in to the poker room, where his own account is already waiting for him, running on another VM.
Then the carder loses all or part of the amount to his own self-register, and then does the same thing again. Casino owners can easily recognize such a chain, but those who have long specialized in casino cards can use gaskets to drain tons of money from bourgeois cards.
The last account that the carder cashes out is called a pumped account. To upgrade your account, you need to add funds to it several times, play with it, and withdraw funds to at least two, or preferably three, types of payment systems.
Plus, the upgraded account must be fully verified, i.e. your merchant profile has a loaded passport, phone number, and a bank account connected.
As you understand, the carder does not use his personal data when creating a pumped account, but uses drop data so that if something does not fly home from the authorities, because the type of activity is at least grayish
Transfers on SIM cards
I'm not afraid of this word, but working on cashing out SIM cards is the easiest direction in carding, and there are quite objective reasons for this. The first is that international SIM card replenishment services are not related to payment systems, and this gives us a relatively low anti-fraud system.The level of protection here is exactly the same as in most online stores, where there are employees who, as we discussed above, only ask us for information from fullz, and ask us to provide an identity document in the form of a scanned passport or driver's license.
The second reason why you should start your journey in carding with cashing out SIM cards lies in the speed of the process itself. It can take from 30 minutes to several hours from the moment of driving in and receiving money, which greatly facilitates the work. Here you do not have to sit on pins and needles for several weeks, as in a duffel bag, waiting for the parcel to be unfolded or dropped.
When cashing out SIM cards, everything happens at lightning speed. Entered-passed - received money and no unnecessary reasons for concern. As for the SIM cards themselves, it is not difficult to purchase them, especially if you are familiar with avito, where you can buy dozens or even hundreds of SIM cards for 20-50 rubles apiece.
Money is transferred to SIM cards via international top-up services. There are such services exclusively for bourgeois people who live over the hill, often travel and like to replenish SIM cards of various countries with credit cards.
The attacker, disguised as a tourist, sets up a virtual machine, as with a normal drive-in, then goes through the google search engine to the desired site, and drives in cardboard, indicating one of the SIM cards purchased on avito as the object of replenishment. Upon successful insertion, money from the SIM card is immediately transferred to the qiwi wallet created for this number. And from there, through the money changer, the money dissolves into the oblivion of the card pocket
Why don't all carders do this? Yes, because the exhaust in cashing out SIM cards, although there is, but quite insignificant. For one replenishment of the SIM card, you can earn 2-3 thousand rubles maximum, and this, for a moment, is the cost of all the material used for one drive.
Of course, if the cardboard is good, and the carder's hands grow where they need to, then in a few days, so you can merge the entire credit card balance to a SIM card. However, if the cardholder suspects something is wrong and calls the bank, the card is blocked and more than one or two deposits will not be made.
Gift certificates
In other words, gifts (from the English gift certificates - gift certificates) this is something that is appreciated primarily by those who are engaged in clothing. I don't think it makes sense to explain what gift certificates are. However, it should be said that they are of two types-electronic and conventional.
We will talk about electronic gifts, as they are exactly what carders value. In general, an electronic gift is nothing more than a set of numbers and letters that can be entered in an online store when buying a particular product.
Guys who have been carding for a long time and are seriously engaged in clothing sales use gifts for purchases, because this reduces the chances that the parcel will be deployed somewhere on the way.
But do not rush to go to Google and search for online stores with gift certificates to save them. The protection of such stores that sell digital goods is as high as possible.
Card gifts are very difficult and to some extent impossible without some knowledge in this topic, but you can get them in another way.
When a carder buys a BA with a certain history, there is a high probability of finding purchase bonuses on the account, which are credited to the cardholder for paying with a credit card in stores.
You can spend bonuses at your own discretion, and among the things that the account holder can buy for their accumulated points, you can often find gift certificates to amazon, apple, girbest stores, etc.
The cost of gifts on forums is estimated at 15-50% of their nominal amount, i.e. if you have Amazon gifts totaling $ 1000, you can sell them to clothing companies for $ 150-500. The amounts may vary for several reasons, one of which is your integrity and reputation on the forum.
Hotels, flights
Only professionals work on such topics. Usually there are two or three people on the forum who provide services such as booking hotel rooms or flights for 20-30% of the face value. Pay for hotels and air travel using the same points that can be found in bank accounts.
However, only the presence of your own botnet, i.e. a network of computers infected with the virus, can allow you to get such bank accounts in abundance.
For example, by spreading a virus over the network, a carder gets 10-20 new accounts of various banks, after which he needs to weed out those that have nothing on them from those that have the most desired bonuses.
One or two bonus accounts are enough to buy a one-way plane ticket or rent a hotel room for several days.
As you can see, very few people follow these bonuses, and therefore the probability that the carding will open tends to zero. And then, no one really cares about these bonuses, the main thing is that the money is still there.
How do shops die?
This question cannot be left without due attention. The fact is that if you find a new store that opened not so long ago and has not yet managed to get acquainted with a large number of carders, then you can clap your hands. After all, such a carder takes out everything from there.
Cardboard beats without problems, and now dozens of emails containing notifications about successfully sent orders to various drop addresses are already on different emails. The boxes can contain everything your heart desires-phones, blenders, costume jewelry, branded clothing, video cards, musical instruments, pet food, and much more.
However, there comes a time when the number of approval emails from the store declines, and all cardboard with certain BIN-s starts to be blocked. That's what they call it - the shop is dead. It's time to look for a new online store to resume the delivery of goods to the buyer.
How do I search for stores?
In the entire history of carding, no one has given an unambiguous answer to this question. Shop search is an absolutely unique process for each individual carder. An important role in the search for “leaky” online stores is assigned to the skills of using the google search engine.Usually, before entering a search phrase into a string, use commands such as:” inurl: “and”intext:". This helps make the search easier, but it certainly doesn't guarantee anything. It happens that you find a shop in the most unexpected place, for example, by studying the partners of certain online stores.
A “test” drive-in will help you determine that you have found the right store. For this purpose, you can use cardboard, which is laid out in sections called "freebies" on carding forums. What matters here is not the result of the drive-in, but the study of all possible stages and security systems installed in the store.
In the same way, they are looking not only for vulnerable online stores, but also for services similar to those that top up SIM cards or those that rent domain names or even hosting providers ' sites. Everything that is sold and bought on the Internet can be carded.
What do you need to know about embedding?
In fact, everything is extremely simple here. First, you need to test everything thoroughly, and then proceed directly to the "drain" of money from the cardboard. But before you go to drive in plastic, you need to donate money to any charity foundation.
This is done in order, firstly, to check the validity of the card, and, secondly, to help not only yourself, but also those in need. If the money is successfully debited to a charitable foundation, then the cardboard is suitable for work.
Now all you have to do is set up a VM, create mail on one of the popular mail services, and go to the store via PRODUCT search. Further, actions should be as close as possible to those performed by new users entering the online store.
Usually people “walk” and stare at the shop windows, and only after some time do they decide to buy something. It is vital to follow these rules in order not to arouse unnecessary suspicions from the anti-fraud system, which sees right through you
By itself, the drive - in is a regular payment with a credit card for the next product on the Internet. You can't use the “copy-paste " principle here, which means you need to fill in all the fields manually. Moreover, all these rules apply both in clothing and in other carding areas.
Where can I get material for my work?
There is no “perfect " answer here. I can only warn you that most sellers (from the English sell - sell) are unscrupulous, and therefore it is extremely difficult to find your seller.In addition, even if you come across a seller who meets the demand with real material, i.e. merged from online stores or obtained from botnets, it is not a fact that the quality of their material will meet all your needs.
You see, by merging the credit card database from online stores, hackers can lose out on certain information about credit cards, especially if the online store does not store all information about users.
For example, it doesn't remember the CVV code or the name of the cardholder. In this case, you will needlessly throw away your money. But what is to be done in this case?
It's very simple - relying on the main principle of carding is testing. However, in order to protect you and your money from unscrupulous sellers, I recommend that you buy material on sites where the so-called escrow is installed (from the English escrow-escrow)
In other words, in stores where it is possible to challenge transactions, or at least use the guarantee service. It's better to overpay a little than lose everything. And as soon as you make sure that the seller is bona fide, you can do without using a guarantor.
How are hamsters bred?
I think you already guessed that under the word “hamsters” I mean those who are new to carding. These are the people who rush to the first seller who comes across and buy a “scheme” for earnings or a dozen invalid credit cards from him. It is very easy to recognize a hamster, but to breed it for money is generally a nice thing.
For example, on public forums, ads for the sale of carded equipment pop up every now and then. However, think for yourself, who in their right mind will sell you a macbook even for 50% of the cost, if it can be sold for 90%? And hamsters are kept and throw their honestly earned money at the factory, hoping to resell this equipment on avito.
Here I will not disclose the names of these forums or point out specific personalities, but only warn you that the divorce of hamsters has long been a stable and profitable business that thrives on the newly arriving masses of under-carders. As Sergey Panteleevich Mavrodi said: "the loch is not a mammoth-the loch will not die out”"
And indeed, divorce in carding is so ingrained that it began to be practiced directly by hamsters themselves. They sell everything: services for drawing documents and calling calls, dedics (dedicated servers), Google Voice numbers, credit cards, accounts in payment systems, and much more.
Therefore, when you come to carding today, there is a 99% chance that you will come across a crocodile, but if you can recognize it in time, then your money will remain safe.
Do not be confused by such things as customer reviews or a well-designed seller's site, because now every non-crooked netizen can quickly rivet a site for themselves, catch up with comments there and cut loot. Therefore, once again read how to approach the choice of sellers and you will definitely not fall for the hook
Safety in carding
I recently watched an interview with a person who was at the origin of creating one of the services for selling ready-made templates for websites. So, he told one story, according to which at the first placement of goods, the site began to receive massive carder attacks.
As I said above, first of all, they try to carding digital goods and services that can be quickly resold on forums. And precisely because the site owner was so tired of carders, he agreed with the main carder at that time, the owner of carderplanet, a long-forgotten but very popular cybercriminal forum in the early 2000s. The agreement was that in no case should we work in the CIS countries.
Believe it or not-it's up to you, but nevertheless this rule is deeply embedded in the minds of our compatriots from the field of carding, and I think that it is better to adhere to this rule and take money out of the cash register only in the bourgeois West. By the way, this very West is the states and countries of Europe.
Now, as for your immediate safety. To work, you will need a configured VM or its analogs in the form of dedicated servers (dedics). You'll find out how to set up the machine if you ask Google about it, because I don't see the point in overloading an already large article.
If you are as lazy as I once was, then you can spend money on dediki. Their cost varies from $ 2 to $ 10, depending on some parameters. Such as: country, whether the dedic is rolled off or maybe rented, as in the case of Amazon dediks; frequency of use, etc.
Dedics usually don't live long, especially if the carder doesn't handle them properly. In this case, the administrator easily calculates the uninvited guest and disconnects it from the network, as well as changes the password, which permanently closes the carder's path to dedic. However, there are ways that will allow you to hide your presence on the server, even if only for a short time. You can also find out about them from Google.
About how to work!
Finally, I would like to thank you for reading this article.
In this regard, I want to introduce you to several ways that you can always stay afloat in the world of carding. The methods that I will talk about are long dead, but you can build your own personal carding strategy based on them, which will eventually bring a lot of profit.
Remember that carding likes a unique approach, and all those who buy shops, topics for earning money, and the like, carding does not spare, but only empties their pockets.
So, the first topic is related to renting housing through the airbnb website. I think that many of you are familiar with this service. Here you can rent an apartment anywhere in the world by paying for it in advance with a credit card. So, for a carder, this provides an excellent opportunity to drain some money from over the hill.
I hope that everything is very clear here. We go to the site under the guise of a drop (create a self-register), register and enable withdrawal and deposit methods, and then submit an ad for renting out real estate. The next step is to drive in your own ad, but under the guise of a visitor (cartholder)
As I mentioned above, this method has long been dead and is in the public domain, however, it once hung in a closed section on the cow, from where I got this idea. The second method is more author's, but it doesn't make it any less overdue.
There is such a platform called etsy, which is a kind of online marketplace where you can register your store and sell products around the world.
Goods are mostly handmade, that is, those that are produced by needlewomen. The scheme here is exactly the same as in working with airbnb. We register, create our own store, add products, catch up with some traffic so that the system doesn't get too suspicious, and then drive our cardboard into our own products. By the way, products can be both real and digital, which greatly speeds up the carding process.
This topic is also dead, or at least dying for the reason that etsy has grown so much as a store that it has allowed itself to use the latest developments in the field of anti-fraud. That's why I don't recommend going here either, but I think these examples have shown you that there are so many possibilities in carding.
Conclusion
Please read it, because it is very IMPORTANT. Carding is illegal, but like any other field of activity, it can play a cruel joke on you. It will help one person to get out of a debt hole, and the other, on the contrary, to deprive everything. The only difference is with what attitude and knowledge you approach the process.Once again, I would like to draw your attention to the fact that carding should be unique for everyone, because otherwise, topics die like flies, and in this case there can be no question of earning money. Treat your money with respect and don't throw it around. Before you do anything, think carefully about whether you need it.
In any case, this carding article is only informational in nature, does not call anyone to anything, and is written only so that readers can protect themselves from the harmful influence of cybercriminals. Any article can lead to both good and bad consequences.
Therefore, just accept the information described above as an interesting read, but do not try to repeat certain actions described by the author, because you will ultimately be responsible.
On this note, I do not say goodbye to you, but I say see you in new articles![/HEADING]
