Lord777
Professional
- Messages
- 2,579
- Reaction score
- 1,492
- Points
- 113
“A bit of creativity, perseverance, knowledge and some initial investment funds are required to card in today’s technologically protected markets. Imitate the victim well enough and the payment processor will allow any authorized payments to go through.”
“However, as the payment processor allows authorized payments to go through… It’s also designed to look for anything out of the ordinary and adds it to your “Fraud Score”, Get too high enough of a fraud score and the transaction will be declined.” – AusPost
PCIs
The Payment Card Industry (PCI) Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.”
To find a card to site we must first understand the PCI of the payment system we’ll be using to card. The payment system could be “authorize.net” as it does not require VBV/MasterCard authentication.
You can search for cardable sites by using google search operators
“authorize.net merchant” -site:authorize.net “Search Term”
“stripe merchant” -site:stripe.com “Search Term”
“braintree merchant” -site:braintreepayments.com “Search Term”
Putting a phrase into double quotation marks while searching on google will look for pages with the exact keyword match, the “site:” Operator will only show results from that site, the “-site:” operator will exclude the site and its’ results.
Correctly Setting Up Carding OPSEC
What You Should Know Before You Begin:
- Remmina is an RDP (Remote Desktop Protocol) Client
- VPN Is A Virtual Private Network that hides your IP
- Tor Facilitates An Anonymous Connection
- An RDP Server or Host Is A Hacked "Residential" Computer That We Can Log Into Remotely And Use As Our Own.
- VMWare is a Virtual Machine That Hosts The Operating System We'll be using (Ubuntu)
- Socks Proxy Checker is Proxy-client that will connect to a remote Socks5 Proxy.
- Socks5 Proxy Server is the server located within vicinity of the victim.
List of Socks5 Providers
bcprx.net ($100 deposit, but probably the best I've found)
luxsocks.ru (currently closed to new users)
limeproxies.com
5socks.net
unlimited-socks.com
naawy.com
winsocks.net
premsocks.com
seproxysoft.com
rs-socks.net
dichvusocks.us
truesocks.net
Buy yourself a balanced card from ggmccloud1 or redson, they seem to have the best validity.
#1 - Download, install and start VMWare Workstation
Link: http://www.vmware.com/products/workstation/workstation-evaluation.html
#2 - Download Ubuntu and start it with VMWare.
Link: http://www.ubuntu.com/download/desktop
#3 - In Ubuntu, download, install and start "Tor Browser"
Link: https://www.torproject.org/download/download.html.en
#4 - Download & install "NordVPN" ($12, and accepts btc / keeps no logs) to Ubuntu - USE TOR AND PAY WITH BTC!
Link: https://nordvpn.com
#5 - While or After installing NordVPN, Uninstall Tor.
Note: NordVPN Now Comes With Tor Already Integrated Into Their VPN
#6 - Start NordVPN
Your connection should then look like this:
Your OS -> VMWare -> Ubuntu -> VPN+Tor
#7 - Buy yourself a Hacked RDP Server From My Store - Using the virtual machine
#8 - Install Remmina RDP client on the virtual machine
#9 - Use Remmina to open a "Remote Desktop" connection to your hacked RDP server
Your connection should then look like this:
Your OS -> VMWare -> Ubuntu -> VPN+Tor -> Hacked RDP Server
#10 - Download Socks Proxy Checker and firefox to the hacked RDP Server, then install the plugin
#11 - Buy a socks5 proxy server from premsocks.com or alternative provider, in your victims city
#12 - Connect to the Socks5 Server with Socks Proxy Checker
Note: Always check your location with an ip to location service.
Your connection should then look like this:
Your OS -> VMWare -> Ubuntu -> VPN+Tor -> Hacked RDP Server -> Socks5 Proxy (victims location)
To understand how to successfully card any payment processor, the PCIs are key.
Braintree, authorize.net and stripe all have standard PCIs that once collected all the fraud triggers accumulated gives us a pretty good idea on what they look for in declination triggers.
Once we’ve chosen the payment processor we can use PCIs gathered from other payment processors and would then be able to google to see if they give any clue as to what they check for when authorizing credit card payments. Usually payment processors will have a page on what security they offer merchants.
Some of the device data collected to verify transactions by processors heads into the hundreds, especially amazon, paypal and skrill.
The process of finding the PCIs was a simple process of trial and error, some of the device fingerprints they look for include:
- System Clock
- Time Zone
- Operating System
- Operating System Username
- Browser Fingerprints
- Cookies
- Caches
- I.P
- Using a Proxy
- Unusual or large Transactions
- Location
- User-Agent
- HTTP_Headers
- Browser Plugins
- Screen Size and zoom
- System Fonts (Times New Roma, Tahoma)
- Names / DOB/ SSN/ ADDRESS
- Copy & Paste Credentials
- Residential/data-cantre/spam RDP/socks
- Card Tagging
- Connection Speed (Due To Proxies)
- Email Domain authenticity and age (.edu is the best)
- Shipping Address / Billing Address
“However, as the payment processor allows authorized payments to go through… It’s also designed to look for anything out of the ordinary and adds it to your “Fraud Score”, Get too high enough of a fraud score and the transaction will be declined.” – AusPost
PCIs
The Payment Card Industry (PCI) Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.”
To find a card to site we must first understand the PCI of the payment system we’ll be using to card. The payment system could be “authorize.net” as it does not require VBV/MasterCard authentication.
You can search for cardable sites by using google search operators
“authorize.net merchant” -site:authorize.net “Search Term”
“stripe merchant” -site:stripe.com “Search Term”
“braintree merchant” -site:braintreepayments.com “Search Term”
Putting a phrase into double quotation marks while searching on google will look for pages with the exact keyword match, the “site:” Operator will only show results from that site, the “-site:” operator will exclude the site and its’ results.
Correctly Setting Up Carding OPSEC
What You Should Know Before You Begin:
- Remmina is an RDP (Remote Desktop Protocol) Client
- VPN Is A Virtual Private Network that hides your IP
- Tor Facilitates An Anonymous Connection
- An RDP Server or Host Is A Hacked "Residential" Computer That We Can Log Into Remotely And Use As Our Own.
- VMWare is a Virtual Machine That Hosts The Operating System We'll be using (Ubuntu)
- Socks Proxy Checker is Proxy-client that will connect to a remote Socks5 Proxy.
- Socks5 Proxy Server is the server located within vicinity of the victim.
List of Socks5 Providers
bcprx.net ($100 deposit, but probably the best I've found)
luxsocks.ru (currently closed to new users)
limeproxies.com
5socks.net
unlimited-socks.com
naawy.com
winsocks.net
premsocks.com
seproxysoft.com
rs-socks.net
dichvusocks.us
truesocks.net
Buy yourself a balanced card from ggmccloud1 or redson, they seem to have the best validity.
#1 - Download, install and start VMWare Workstation
Link: http://www.vmware.com/products/workstation/workstation-evaluation.html
#2 - Download Ubuntu and start it with VMWare.
Link: http://www.ubuntu.com/download/desktop
#3 - In Ubuntu, download, install and start "Tor Browser"
Link: https://www.torproject.org/download/download.html.en
#4 - Download & install "NordVPN" ($12, and accepts btc / keeps no logs) to Ubuntu - USE TOR AND PAY WITH BTC!
Link: https://nordvpn.com
#5 - While or After installing NordVPN, Uninstall Tor.
Note: NordVPN Now Comes With Tor Already Integrated Into Their VPN
#6 - Start NordVPN
Your connection should then look like this:
Your OS -> VMWare -> Ubuntu -> VPN+Tor
#7 - Buy yourself a Hacked RDP Server From My Store - Using the virtual machine
#8 - Install Remmina RDP client on the virtual machine
#9 - Use Remmina to open a "Remote Desktop" connection to your hacked RDP server
Your connection should then look like this:
Your OS -> VMWare -> Ubuntu -> VPN+Tor -> Hacked RDP Server
#10 - Download Socks Proxy Checker and firefox to the hacked RDP Server, then install the plugin
#11 - Buy a socks5 proxy server from premsocks.com or alternative provider, in your victims city
#12 - Connect to the Socks5 Server with Socks Proxy Checker
Note: Always check your location with an ip to location service.
Your connection should then look like this:
Your OS -> VMWare -> Ubuntu -> VPN+Tor -> Hacked RDP Server -> Socks5 Proxy (victims location)
To understand how to successfully card any payment processor, the PCIs are key.
Braintree, authorize.net and stripe all have standard PCIs that once collected all the fraud triggers accumulated gives us a pretty good idea on what they look for in declination triggers.
Once we’ve chosen the payment processor we can use PCIs gathered from other payment processors and would then be able to google to see if they give any clue as to what they check for when authorizing credit card payments. Usually payment processors will have a page on what security they offer merchants.
Some of the device data collected to verify transactions by processors heads into the hundreds, especially amazon, paypal and skrill.
The process of finding the PCIs was a simple process of trial and error, some of the device fingerprints they look for include:
- System Clock
- Time Zone
- Operating System
- Operating System Username
- Browser Fingerprints
- Cookies
- Caches
- I.P
- Using a Proxy
- Unusual or large Transactions
- Location
- User-Agent
- HTTP_Headers
- Browser Plugins
- Screen Size and zoom
- System Fonts (Times New Roma, Tahoma)
- Names / DOB/ SSN/ ADDRESS
- Copy & Paste Credentials
- Residential/data-cantre/spam RDP/socks
- Card Tagging
- Connection Speed (Due To Proxies)
- Email Domain authenticity and age (.edu is the best)
- Shipping Address / Billing Address
