Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,311
- Points
- 113
Lecturer: Pustota
(19:19:30) Pustota: Today we will talk a little about bank cards, the basic principles of their operation (and working with them) and the nuances of their purchase, and also touch on issues such as check cards, AVS, 3DS/VBV and why we even on “good” cards we can get a Decline (unsuccessful result of the transaction)
(19:20:12) Pustota: Each of you has come across bank cards in one way or another in your life, but few have thought about how the card payment process works and what information the plastic itself carries and the information printed (or embossed) On him
(19:20:20) Pustota: The first thing a novice carder should learn is basic information about bank cards in the context of our shadow activities.
(19:20:52) Pustota: Before that, I’ll emphasize that any information that you receive in the course of work, whether it’s a successful or unsuccessful order, needs to be written down. In order to check the data in the future and not make mistakes. Or simply not forgetting something. Example: (19:20:59) Pustota: Let's continue.
(19:21:52) Pustota: In our context, CC (Credit Card, credit card, cardboard, etc.) is carefully stolen data of a real-life (or virtual) card of a holder (card owner, CH) who does not reside in the country CIS
(19:22:27) Pustota: Where can we get cardboard? 3 main options - buy in shops, from private (or not so private) sellers, or get it yourself (from a fake site, from a sniffer on a real site, from a botnet, some hacked database, or from any other place where your imagination is enough ). We won’t talk about independent production today, this is a topic “with an asterisk” for independent development
(19:23:48) Pustota: Let's consider the most popular and obvious option of buying a card
(19:23:56) Pustota: When purchasing, you will receive cardboard in approximately this format:
4147400219040084 | 12/21 | 826 | Richard Lang | 56 Groveview Cir #302 | Rochester | 14612 | NY | USA | 661-298-0881 | richielang@aol.com
The format of each shop/seller is different, in some places it can be customized, but the main points are identical
In our example, 4147400219040084 is the credit card number;
12/21 (12 months / 21 years) - card expiration date (Expiry/Expiration Date);
826 – card security code CVV/CVV2/CVC;
Richard Lang – First and Last Name (first name, last name);
56 Groveview Cir – Address Line 1 (first address line);
#302 - Address Line 2 (second address line). Please note that the street name and house number are always Line 1, and the apartment/annex/office number is Line 2. If the house is private, then Address Line 2 will not be present;
Rochester - city;
14612 – Zip code (zip, analogue of our postal code);
NY (New York) – state;
USA – country;
661-298-0881 – telephone;
richielang@aol.com – holder’s email address.
(19:24:54) Pustota: The minimum necessary information to work in most directions is CC number, Expiration Date, CVV, First/Last name, Address line 1, Zip code
(19:25:25) Pustota: Let’s take a closer look at the card number, it contains important information for work
(19:26:02) Pustota: BIN (Bank Identification Number) – the first 6 digits of the credit card number
(19:26:23) Pustota: Each banking organization has a pool of unique numbers that are assigned to the cards they issue
(19:27:00) Pustota: These numbers contain information about the payment system (Visa/MC/AmEx/Discover, etc.), issuing bank, card level (Classic/Gold/Platinum, etc. .), card type (Credit/Debit/Prepaid)
(19:27:35) Pustota: The first digit of the BIN determines the Major Industry Identifier (MII) - the global payment system under which this card operates
(19:28:15) Pustota: The main payment systems you will encounter are AmEx (the first digit of the card begins with 3), Visa (4), MasterCard (5), Discover (6)
(19:29:13) Pustota: Detailed information about bins can be found on services like binlist.net, binov.net (the latter is very convenient for mass searches for bins and reverse search for bins in banks, although the databases are somewhat outdated at the moment), also Bean databases are built into most CC shops. Popular ones for sure.
(19:30:44) Pustota: If we punch the BIN of the cards from the example above (414740), we will see the following information:
TYPE: VISA;
BANK: CHASE BANK USA, N.A.;
RANK: CREDIT;
TYPE: SIGNATURE;
COUNTRY: USA
(19:31:41) Pustota: RANK and TYPE we will discuss further during the lecture (card type and level), the rest of the data is obvious based on the name
(19:33:17) Pustota: The remaining digits of the card, except the last one, identify the holder’s account in the bank, and the last digit is a control digit, intended for validating the bank card number using the Luhn Algorithm - for us this information is useful only in in the context that a random set of numbers cannot be a valid card number, and if we misspell one digit when entering, we will 100% enter a non-existent card number. The Luna algorithm is also used by services for generating pseudo-real data (fake data / fake cc generators) and when validating input (you’ve probably encountered a case where the card number input field “turns red” and indicates an incorrect card number even at the stage when you are typing the number )
(19:33:57) Pustota: Now regarding the actual purchase of cards in stores. When purchasing cards in most stores, we will see such a parameter as the validity of the database in which the card was received in the store
(19:34:48) Pustota: The shop/seller defines it this way: a certain number of cards are taken randomly and validated by a checker. Let’s say that out of 10 cards, 7 are valid – the *stated* validity of such a database is about 70%. I note that the actual validity can vary greatly depending on the honesty of the seller/shop, the checker used, the method of obtaining cards and how long ago the base was mined and verified as valid
(19:36:08) Pustota: Card checker is a service that runs cards through its merchandise. Checkers can work in different ways: a small amount ($1-2) can be pre-authorized from the card through the checker’s merch and returned back after a short period of time. This method is bad because the holder may have transaction notifications set up and a suspicious transaction may force him to block the card. Well, or he may simply check the bank statement at the wrong time (a bank statement, sometimes available in paper form, by calling the bank, or in online banking)
(19:37:17) Pustota: More advanced checkers use chargeless validation ($0 authorization), which most often goes unnoticed by the holder and gives a response from the payment system about the validity of the card
(19:38:35) Pustota: An alternative way to check a card for validity is to link it to some services (for example, to Google, or to any other service where the card is linked to your personal account)
(19:39:44) Pustota: This is a fairly safe check method that minimizes the risk of card death, provided that it also uses the principle of chargeless validation
(19:41:11) Pustota: In normal shops, a refund is provided for invalid cards - usually it takes 5-15 minutes to receive a check. To minimize time and financial losses, I recommend checking cards after purchase and trying to get a refund if the card is dead. If you don’t trust your card checking method (let’s say you think it can kill cards), you can check the card after driving in to minimize the likelihood of it dying from a check
(19:42:48) Pustota: It’s also worth remembering that checkers built into shops often spoil cards much more than your own check methods, so use them only if you are sure that the card is invalid (the algorithm is most often like this: you check the card with the shop’s checker, if the shop’s checker reports the card’s premature death, you receive a refund; if the checker says that the card is alive, then no)
(19:43:49) Pustota: Also, I would like to note that by far the safest method of checking a card is to try to lock it up or ring it on the balance (to lock up is a derivative of Enroll). This concept will be covered in detail in further lectures, it implies gaining access to online banking card), or calling the bank. In this case, sometimes you may need to break through additional. card information (SSN (social security number)/DoB (date of birth of the holder) or anything else)
(19:44:41) Pustota: A few words about the types of CC. As I said above, most often in your work you will encounter Visa, MasterCard, American Express, Discover cards
(19:46:07) Pustota: From my experience, the easiest way to find good Visa and MC bins, however, in practice I have also come across fat Amex bins (however, the latter has its own specifics - the chargeback is faster, which is often detrimental to drive-ins You need to understand where this will happen and where it will ruin your work). Discover cards are more likely to be exotic - but in some areas they are also used
(19:47:17) Pustota: Visa, MasterCard and Discover cards each have 16 digits in the card number and 3-digit CVV codes. Amex has 15 digits in the card number and a 4-digit CVV
(19:48:43) Pustota: Cards from some countries (specifically USA, Canada, Australia, New Zealand and United Kingdom) have an AVS (Address Verification System) security mechanism, which verifies the address used when making a transaction with that of the bank - issuer. If the data does not match (the numbers in the address and ZIP code are checked), an AVS Mismatch response is received from the bank and such a transaction will be rejected. From here in the future you will come across concepts such as billing and shipping address, they will be touched upon in further lectures
(19:49:23) Pustota: You can read more about the AVS system on the our forum.
(19:49:28) Pustota: But I’ll write it down for you for a general concept:
(19:50:52) Pustota: AVS - Address Verification System should have been studied, the point is that if you make a transaction within the country (that is, the card issuing bank of the same country as the store) they can verify the digital part of the address, and if it does not match will decline, remember the list of countries that have this system. That is, this system does not exist in the Russian Federation/EU (note: corporate cards in England do not have AVS, also not all cards in usa/ca/au can have such protection, in usa and ca almost everything, in au it’s more realistic to find them without checking)
(19:51:04) Pustota: When working with cards, sooner or later you will encounter 3D Secure security mechanisms.
(19:51:25) Pustota: For Visa cards it is called Visa Secure / Verified by Visa (VBV); MC has MasterCard Secure Code (MCSC) and Amex has SafeKey. Accordingly, many gateways have their own analogues.
(19:52:45) Pustota: 3Dsecure - It seems that it is usually called the 3rd layer of protection, the point is that you enter an Internet password for purchases, I think you have already encountered this when purchasing from your cards, when the bank sent you a sms code.
(19:53:46) Pustota: What is very important to note is that if you made a purchase with a 3DS code, the chargeback falls entirely on the shoulders of the cardholder or bank, the store is not responsible for this operation, that is, even if the cardholder burns the transaction, it is unlikely that the store this will affect and he will not send you the goods, but there is an exception (a shop that values its reputation will cancel).
(19:54:44) Pustota: That is, transactions with a 3DS code have a high level of trust (the exception is the USA due to the fact that the Internet password there is often static, that is, for example, like an email password, and it can be reset). Let me clarify a little: This is a window for entering a 3DS code from a USA bank, but instead of SMS, the bank asks you to enter card information + zip code.
(19:57:08) Pustota: In general, 3ds is the most common type of protection; in most countries, merchants in stores have it connected to cards. That is, if the merchant does not have this protection enabled, but it is on the card, then the transaction will go through without 3ds, since it was not initiated by the shop.
(19:57:19) Pustota: Let’s look at the 3Ds moment in more detail:
(19:58:17) Pustota: These mechanisms are designed to significantly reduce the percentage of unauthorized/fraudulent card transactions by adding an additional transaction confirmation method not related to the card itself. If you enter merchandise with an activated 3DS system, during the transaction you will be redirected to a page for entering a static code, which must be known to the holder, or a one-time code sent to the holder via SMS/e-mail
(20:00:45) Pustota: Static codes will be unknown to you when purchasing a card, however, for some bins they can be reset. Bins where this can be done are called VBV reset bins
(20:01:51) Pustota: Also, there are bins that pass VBV automatically. It looks like this: during the transaction, you are taken to the VBV page, similar to that for the above bins, but you are not asked for the VBV code itself. At this time, the issuing bank evaluates your transaction according to its anti-fraud criteria and gives an answer to the merch whether you passed the VBV check or not. Such bins are called autovbv. Also, sometimes autovbv cards are found in banks that simply have not yet implemented protection using 3DS; in such banks the percentage of successful completion of VBV will be higher. Usually these are small banks (most often Credit Unions)
(20:02:23) Pustota: If you work on clothing with US shops and come across a shop with VBV/MCSC, the easiest way is to give up on such a shop and find another one. If you are using any service where VBV is required (for example, Airbnb), or working in the EU, you already need to look for bins with reset/autovbv that will fit into the merch of your service/shop
(20:03:09) Pustota: 3DS code in the USA is often static, usually it is either zip/ssn or zip+ssn, or it can be set by the cardholder, but often it can be reset (you will see the reset item). So in eu/ca/au and perhaps in other regions you can also find cards where you can reset a static password (provided that it is static and not an SMS or a token and there is a reset option), but no one knows how much money you will spend searching for this can tell)
(20:04:40) Pustota: Perhaps in the UK there is a higher chance of finding something with a reset, since at one time there were a lot of bins with changing the 3ds password using DOB. Previously, there were a lot of bins with 3DS password reset, for dob, zip (data that was found through open sources), now I’m talking about Europe and England, at the moment, as I already said, there are fewer such bins, but it’s really possible to find them, I would start with England and Italy, but this is subjective.
(20:05:52) Pustota: At the moment, many have already moved away from this, and now either SMS or 2FA tokens (like 2FA Google applications). But if it costs SMS, then there are options, and since 2017-2018 the world has been trumpeting that it is necessary to refuse confirmation by phone number, so probably in 2-3 years a lot of banks will switch to tokens.
(20:07:27) Pustota: This is what a 3ds window looks like and the principles of protection according to EU:
And here, after entering the 3ds code, it additionally requested an account number (20:08:24) Pustota: Methods of working with the EU mat will be given to you at the lecture on hotels and air, because All these areas are very closely connected with each other.
(20:09:37) Pustota: A little trick, to determine if a store has 3ds, you need to take a card that has this protection installed and carry out a transaction, preferably not a typical one so that auto3ds does not work, this way you can go through lists of shops, or find out which merchant they have shop and read the documentation on their official website.
(20:10:36) Pustota: Also, when working with European cards in America, it’s worth checking with support whether they have the ability to pay with cards from other countries. Because if the transaction goes further, the bank may not let it through and only ringing will save it. Therefore, we communicate with support.
(20:12:46) Pustota: If we talk about other nonUSA countries, we can highlight the following: These are Latin America, the European Union, the CIS, Asia, Australia, Africa. You can also highlight the Arab countries and India, England (approx. The lecture was earlier about Europe and Asia, but I decided to include the whole world, but in fairness I will say that I worked mainly on USA/EU/Asia).
(20:14:09) Pustota: You should look for information regarding regions on the Internet. There may be different situations in countries, influence, etc. Simply put, you need to be able to use Google.
(20:14:56) Pustota: As I wrote above, I mainly worked with USA/EU/Asia, so these areas will be discussed in more detail, in other regions + the situation is the same as in EU and Asia
(20:14:58) Pustota: Let's talk a little about the types and levels of CC
(20:16:03) Pustota: Credit - a card on which you can spend borrowed funds, i.e. without having your own money in your account. Moreover, US credit cards often have no such thing as a positive balance - you can only spend credit funds on them and repay the loan. The higher CH’s Credit Score, the larger credit limits the bank gives. Let me draw your attention to the fact that if you want to call the bank on such a card, or log in and find out the balance, then the funds actually available for spending on the day will not be the account balance, but the available credit
(20:16:35) Pustota: Debit - a card that is linked to a bank account (account) and is a kind of key to the bank account for the convenience of everyday payments (obviously, as a method of making payments, bank accounts are not the same convenient, like cards). Funds are debited from debits only within the current balance on the BA (bank account)
(20:17:37) Pustota: Prepaid - a card with a prepaid amount - a smart card on which electronic money is stored, deposited there in advance by the card owner. In use they are similar to debits, but unlike them they are not associated with bank accounts. Often found with payment systems like Payoneer, etc. Some merch refuses to work with prepaid cards. I note that this is the worst option for working, with the exception of cases when you clearly know the properties of such a bean, how to work with it and what to do
(20:18:34) Pustota: As for card levels, there are a lot of them and they are different for different banks and payment systems. From Classic to Black. You can read a detailed description in the educational format of each of the levels in the working conference on the forum, there should be a corresponding post there
(20:19:42) Pustota: On the one hand, cards of a higher level indicate a higher status of the owner and potentially they may contain more money than cards of lower levels. However, in practice this is not always the case - for example, in my arsenal there are Classic bins, which always have a lot of available funds, their holders are mostly active and such cards allow you to write off large amounts. On the other hand, there are Platinum bins, which on average have little money and writing off transactions from them is difficult, and often this is completely impossible due to widespread limits and evil bank fraud
(20:20:38) Pustota: Thus, I want to dispel the popular myth that you should try to take cards of higher levels - often this is far from true (at least when working with US cards. In the case of EU cards, the use of cards of Gold levels and higher is justified and actually shows statistically better results)
(20:22:18) Pustota: I also want to note that the presence of funds available for spending on the card does not always equal successful insertion, and now I will give a detailed explanation why. To do this, we will consider in detail the entire kitchen that occurs when paying by card and is hidden from the eyes of the average person.
(20:22:27) Pustota: The process of paying by bank card on the Internet is not as simple as it seems at first glance
(20:22:32) Pustota: Let's say you make a payment in an online store
(20:22:35) Pustota: Let’s look at the main participants in the payment process:
(20:23:26) Pustota: - CH: cardholder, owner of the card from which the payment is made;
- Merchant: in fact, an online point of sale of goods with a current account, where funds for the goods should ultimately be received. Many people confuse the merchant and what is more correctly called payment gateway. These are different entities, but in carder slang, to simplify things, we talk about them as a single whole (merch);
- Payment Gateway (payment gateway) - a technology that allows you to connect a merchant with a processing center and acquiring bank;
(20:25:12) Pustota: - Processing center - a high-tech system for processing payments by bank cards in the field of e-commerce. Receives data from payment gateways, processes and forwards it to the issuing bank;
- Acquiring bank (merchant bank): a bank that is a participant in the global payment system (Visa/MC, etc.) and allows businesses to accept payments using bank cards;
- Issuing bank (CH bank): a bank that is also a member of the global payment system and issued the card to the holder;
- Global payment system (Visa/MC, etc.) - an organization that regulates and carries out interbank settlements. In simple words, it allows you to transfer money from the issuing bank account to the acquiring bank account and resolves the entire process that occurs.
(20:27:22) Pustota: After clicking the Place Order button, first the data goes into the shop’s anti-fraud system. It evaluates the order according to its huge array of criteria.
And it decides whether to pass the order further automatically, send it to manual verification, or give an instant Decline. At this stage, in most cases, the card data has not yet gone beyond the store
(20:29:24) Pustota: If the antifraud check is successfully completed, or the manager manually approved the order, the payment process continues. After the order is approved, your data is collected, encrypted and transferred to the Payment Gateway. In turn, he evaluates the transaction according to his criteria (gateways have their own anti-fraud systems that allow them to identify suspicious patterns) and can immediately initiate payment
(20:31:07) Pustota: Let’s say the KX transaction seemed legitimate to the gateway - in this case, it passes all the data on to the processing center. The processing center again checks against its criteria for fraudulent transactions and decides whether to forward the transaction further.
(20:32:34) Pustota: If the processing center liked everything, the transaction goes through the global payment system to the issuing bank. The issuing bank analyzes CH's transactions and, if the transaction seems out of the ordinary to it (for example, KX has never bought anything more expensive than $100 from the card, and you suddenly try to drive in a gold bar for $10k) - it can also cancel the transaction (at least, before CH calls the bank and verifies such a transaction, which is usually accompanied by a decent number of questions, the answers to which, in theory, should only be known to CH)
(20:34:09) Pustota: The issuing bank also looks at the limits set by the holder and, of course, the availability of available own/credit funds
(20:34:38) Pustota: If it seems to the issuing bank that everything is in order, it transmits a positive response to the acquiring bank back through the global payment system, which, in turn, returns the result of a successful transaction to the payment gateway and the gateway reports directly to you and the store managers about successful payment
(20:35:29) Pustota: Now do you understand why the fact that you have a card with a known balance in your hands does not give you confidence in successful insertion? You are dealing with multi-stage antifraud (shop, payment gateway, processing center and banks)
(20:37:26) Pustota: Most of our activity when working with cards is to learn how to effectively bypass all stages of antifraud. This is quite difficult, because there are always many variables that are inaccessible to us, but by correctly analyzing the entries, sooner or later we find vulnerabilities, which we exploit until they are closed
(20:38:50) Pustota: If we are talking about working with cards, then we have 2 main entities that we must select correctly in order to bypass the above protection systems. The first is the technical side, namely the correct configuration of the system, simulating that of a real holder (includes, for example, system languages, time zone, etc., IP address substitution using anonymizers (proxy servers, SSH tunnels), OVPN/PPTP configs, direct access to machines ((H)RDP, (H)VNC, etc.) and behavioral factors (imitation of real user actions)
(20:39:13) Pustota: In further lectures we will touch on both of these sides in one way or another, applicable to various areas in carding. That's all for today, I'm waiting for yours?
(20:43:00) wimmont: Which CC shops can you recommend based on personal experience? Are there good shops represented on the forum? I looked at some reviews, the situation is twofold
(20:46:59) Pustota: Quite a good shop at the moment - Castro. Frequent updates and different sellers, there is often a suitable mat. But still, you need to proceed from personal experience and always compare reviews, price/quality, etc. The same Castro is not without sins.
You can indicate my code when registering pustota1337 and receive a discount on all purchases
(20:47:17) Snork: Can we say that over time (the last 3-4 years), driving is only becoming more difficult? And in your experience, how many unsuccessful entries did you have to make before success?
(20:48:34) Pustota: When I started, I literally got success in my first attempts. Now, yes, everything is more difficult than before, but success is still quite achievable.
(20:48:44) Serpantin666: Why didn’t they tell you about NON-VBV? Also, before the start of the training, I was told that it would be explained how to get bins from these cards.
(20:51:35) Pustota: What do you mean, how to get bins? You get beans through tests. You buy a card, test it, and if there is a nonvbv/autovbv that suits you, keep it for yourself. Regarding nonvbv - it was talked about all types of cards.
(20:51:43) Peter_Parker: 1. Which cards do you think are easier to enter (if you take statistics): debit or credit?
2. As a beginner, what types of cards would you recommend starting with, or what is better for driving in (ease of driving in): American Express, Visa or Master?
3. Is there often money on debit cards and are they in demand among CH USA?
4. If you have a CH email and phone number, what is the best way to use it and where to apply this information?
5. What linking services would you recommend? (for check)
6. What do you think is better to do: 1 card = 1 hit and 1 drop? Or can I use 1 card = a couple of drives and a couple of drops?
(20:54:02) Pustota: 1. Debit if it is not empty. But most often they are empty. Therefore, basically take out a loan
2. I took a visa\mk
3. They use it, but the problem is that the debit most often goes through the second round and there is no money there anymore after our colleagues.
4. Spam them and, if necessary, use them to register\call a shop\bank
5. the most banal thing - Google, Netflix, etc.
6. 1 card can be used for several hits, but a couple of drops will not allow you to make AF. Therefore, we all hit the drop on whom it gives
(20:54:13) Veles24: 1. what services can you link to a card to check its validity?
2.What shops or sellers do you recommend where to buy mats and full clothes?
3.Which cards are best to take when entering a shop? I mean visa or etc.
4. Which country is better to work in? USA Canada or Europe?
5. How can you avoid 3D security code? If you don’t have access to your phone number?
(20:56:11) Pustota: 1. Answered above
2. Regarding CC - answered above. Regarding fulok - look at the section on the forum, we have a lot of good fulok sellers. I just use mine
3. It often doesn’t matter
4. Yusa is the easiest for beginners.
5. Do not fall under antifraud. Do everything as carefully as possible and avoid triggers.
(20:56:31) BaronLuffy: 1. Is it worth the bother and taking cards from unpopular banks? Is there a big difference in protection, or are there popular but poorly protected banks?
2. Why do merch on websites change? There were situations where I checked merch in the evening, and in the morning it changed
3. Is there more up-to-date information about merch? Your link shows a post from 16
1. Is it necessary to create accounts on social networks when typing in, to what extent does this justify itself? If it does, then register the social network directly in the session where it will be typed in or in another?
(20:59:06) Pustota: 1. This is a quite popular theory, but as practice shows, there is no difference, and often large banks are more loyal than local state banks. Because there the check basically goes into manual mode for any reason
2. For various reasons. It’s trite that the terms of cooperation could have changed, we decided to try another one, technical work, etc.
3. Nothing much has changed regarding the system. Next you will have a lecture on merch, they will tell you more about it
4. Justifies. Yes, you can fight right in the session.
(20:59:14) nlf: 1. What criteria should be used to analyze entries? will they tell us later? 2. What is AF?
(21:00:17) Pustota: 1. Based on successes and failures, of course. According to the errors that the shop\payment gateway gives you
2. Antifraud system\protection system. There will be a separate lecture on it later.
(21:00:50) Akpatyr: 1 As I understand it, first we take CC and then we select the butt of his sock?
2 And how does the location of the CH affect the place of our sock?
3 Should I change my socks every time I insert a new CC?
(21:02:06) Pustota: 1. Correct
2. Completely. If your farm is in Nevada, and you are geographically located in California, it’s somehow strange for the protection system, don’t you think? That's why we do everything under CH
3. Naturally
(21:02:25) KimJo: 1. If we found a clothing store with a 3DS (and gave up on it), does KK die after that, or do we just watch the screen from the 3DS and leave the site, as if we changed our minds about buying?
2. If a shop has 3ds checking, without auto-3ds, then we forget about such shops if there is 3ds on the card?
(21:05:37) Pustota: 1. In the case of 3ds, it is most often issued after the antifraud has flagged you as a fraudster. Therefore, it’s either a change of shop or your approach.
2. Yes
(21:09:44) stormspecter: how do we find out the balik of a map by filling it up?
(21:10:11) Pustota: In general, in a duffel bag, the balik is recognized by driving it in. He either exists or he doesn't. To find out for sure, either call the bank or roll.
(21:12:07) Veles24: Another question, how can I enter the CH personal account?
(21:12:55) Pustota: If you’re talking about a bank - no way, if you’re talking about personal account cards - through enroll, if you’re talking about a shop - no way
(21:13:47) Fuerza: From my own experience, what is the maximum distance from the CH to the drop so as not to disturb fraud? Is it possible to understand in advance whether the address of the drop is included in the fraud ban?
(21:15:00) Pustota: Unfortunately, you won’t understand this in advance. But in general, if the drop is not the latest, its address is already marked. Regarding the distance, I generally try to almost look for neighbors, but on average up to 50 miles
(21:15:08) Mr_Lotus: 1. Let’s talk about the vulnerabilities of fraud systems when driving in, which are exploited by carders until they are rip. Are there any people/services that provide links/templates that are relevant and live today? Or do you need to analyze everything yourself from scratch, keep statistics and try to configure it by trial and error?
2. Are there very few shops left with 2DS merchants?
3. As far as I know, in certain cases 3DS merch can let a card through without SMS confirmation and additional code
In what cases does this happen? does it all depend on the category of the card itself? The shop's trust in CH? Or is this completely impossible?
4. Isn’t it easier to look for platforms (not necessarily with a duffel bag) on which 2ds works and pour money there - for example, through an online casino, etc.
Surely similar schemes exist
(21:17:41) Pustota: 1. That’s right. Trial and error is everything. There are no universal tools and methods to bypass AF. His mood changes like a schizophrenic
2. Not exactly, but less so, yes. But the guys from other streams easily found it. Not with MacBooks, of course, but not bad either
3. This is possible if you have a perfectly clean system, you have not exceeded the order amount threshold and have not triggered the antifraud in any way.
4. Not all cards fit there. As long as you find a bin that fits there, you will kill a lot more money. In addition, most often then you get stuck with withdrawing this money in cash
(21:18:24) ya8no: how is the CC checked for binding to services? Can you please process the process, if it doesn’t make it difficult?) And another question, are there any methods for determining whether a shop has auto-3ds besides actually typing it in?
(21:18:42) GorilaDuster: if there is conditionally $5k on the card. Is it better to hit 100-200 or 500-1000?
(21:19:27) Pustota: It’s simple. You register the service and link the card as a payment method. If the card is valid, it will be linked. If not, it will throw an error. Try linking your map to Google and you will understand the algorithm. Regarding 3ds - only at random.
(21:19:55) Pustota: GorilaDuster - I advise you to make orders of 500-1000. This is the average threshold that is set in antifraud
(21:20:32) selfregs left the room (It is not allowed to send error messages to the room. The participant (selfregs) has sent an error message (service-unavailable) and got kicked from the room).
(21:21:06) Snork: Question about linking to services. Is there a separate service for each CC or can several CCs be linked to one service?
(21:21:59) Pustota: You can do a couple, but there will be constant doubts about fraud. I've knitted for every session before. In general, use a checker, it saves a lot of time
(21:22:19) Snork: But a checker can burn a card, right? (kill)
(21:22:34) Pustota: Maybe that’s why we compare checker reviews and choose the best one)
(21:22:48) Pustota: The cards you buy one way or another still go through the shop’s checker.
(21:23:04) Snork: The best checkers will be provided further in the training during live driving?
(21:23:37) Pustota: You can look at the checkers on the forum in the right section, I recommend trying a sombrero
(21:25:29) Fuerza: Regarding the behavioral characteristics of CH and adjusting to them, the behavior itself directly in the store, what advice would you give?
(21:25:56) Pustota: Checking reviews, checking products, looking at reviews, state news, etc. - standard behavior of an ordinary person on the Internet
(21:27:54) Pustota: I think there are no more questions. Thank you all for your attention! If you have any questions, write to the question/answer. There, my fellow lecturers and I will help and answer your questions.
Thanks again for your attention and see you soon!
(19:19:30) Pustota: Today we will talk a little about bank cards, the basic principles of their operation (and working with them) and the nuances of their purchase, and also touch on issues such as check cards, AVS, 3DS/VBV and why we even on “good” cards we can get a Decline (unsuccessful result of the transaction)
(19:20:12) Pustota: Each of you has come across bank cards in one way or another in your life, but few have thought about how the card payment process works and what information the plastic itself carries and the information printed (or embossed) On him
(19:20:20) Pustota: The first thing a novice carder should learn is basic information about bank cards in the context of our shadow activities.
(19:20:52) Pustota: Before that, I’ll emphasize that any information that you receive in the course of work, whether it’s a successful or unsuccessful order, needs to be written down. In order to check the data in the future and not make mistakes. Or simply not forgetting something. Example: (19:20:59) Pustota: Let's continue.
(19:21:52) Pustota: In our context, CC (Credit Card, credit card, cardboard, etc.) is carefully stolen data of a real-life (or virtual) card of a holder (card owner, CH) who does not reside in the country CIS
(19:22:27) Pustota: Where can we get cardboard? 3 main options - buy in shops, from private (or not so private) sellers, or get it yourself (from a fake site, from a sniffer on a real site, from a botnet, some hacked database, or from any other place where your imagination is enough ). We won’t talk about independent production today, this is a topic “with an asterisk” for independent development
(19:23:48) Pustota: Let's consider the most popular and obvious option of buying a card
(19:23:56) Pustota: When purchasing, you will receive cardboard in approximately this format:
4147400219040084 | 12/21 | 826 | Richard Lang | 56 Groveview Cir #302 | Rochester | 14612 | NY | USA | 661-298-0881 | richielang@aol.com
The format of each shop/seller is different, in some places it can be customized, but the main points are identical
In our example, 4147400219040084 is the credit card number;
12/21 (12 months / 21 years) - card expiration date (Expiry/Expiration Date);
826 – card security code CVV/CVV2/CVC;
Richard Lang – First and Last Name (first name, last name);
56 Groveview Cir – Address Line 1 (first address line);
#302 - Address Line 2 (second address line). Please note that the street name and house number are always Line 1, and the apartment/annex/office number is Line 2. If the house is private, then Address Line 2 will not be present;
Rochester - city;
14612 – Zip code (zip, analogue of our postal code);
NY (New York) – state;
USA – country;
661-298-0881 – telephone;
richielang@aol.com – holder’s email address.
(19:24:54) Pustota: The minimum necessary information to work in most directions is CC number, Expiration Date, CVV, First/Last name, Address line 1, Zip code
(19:25:25) Pustota: Let’s take a closer look at the card number, it contains important information for work
(19:26:02) Pustota: BIN (Bank Identification Number) – the first 6 digits of the credit card number
(19:26:23) Pustota: Each banking organization has a pool of unique numbers that are assigned to the cards they issue
(19:27:00) Pustota: These numbers contain information about the payment system (Visa/MC/AmEx/Discover, etc.), issuing bank, card level (Classic/Gold/Platinum, etc. .), card type (Credit/Debit/Prepaid)
(19:27:35) Pustota: The first digit of the BIN determines the Major Industry Identifier (MII) - the global payment system under which this card operates
(19:28:15) Pustota: The main payment systems you will encounter are AmEx (the first digit of the card begins with 3), Visa (4), MasterCard (5), Discover (6)
(19:29:13) Pustota: Detailed information about bins can be found on services like binlist.net, binov.net (the latter is very convenient for mass searches for bins and reverse search for bins in banks, although the databases are somewhat outdated at the moment), also Bean databases are built into most CC shops. Popular ones for sure.
(19:30:44) Pustota: If we punch the BIN of the cards from the example above (414740), we will see the following information:
TYPE: VISA;
BANK: CHASE BANK USA, N.A.;
RANK: CREDIT;
TYPE: SIGNATURE;
COUNTRY: USA
(19:31:41) Pustota: RANK and TYPE we will discuss further during the lecture (card type and level), the rest of the data is obvious based on the name
(19:33:17) Pustota: The remaining digits of the card, except the last one, identify the holder’s account in the bank, and the last digit is a control digit, intended for validating the bank card number using the Luhn Algorithm - for us this information is useful only in in the context that a random set of numbers cannot be a valid card number, and if we misspell one digit when entering, we will 100% enter a non-existent card number. The Luna algorithm is also used by services for generating pseudo-real data (fake data / fake cc generators) and when validating input (you’ve probably encountered a case where the card number input field “turns red” and indicates an incorrect card number even at the stage when you are typing the number )
(19:33:57) Pustota: Now regarding the actual purchase of cards in stores. When purchasing cards in most stores, we will see such a parameter as the validity of the database in which the card was received in the store
(19:34:48) Pustota: The shop/seller defines it this way: a certain number of cards are taken randomly and validated by a checker. Let’s say that out of 10 cards, 7 are valid – the *stated* validity of such a database is about 70%. I note that the actual validity can vary greatly depending on the honesty of the seller/shop, the checker used, the method of obtaining cards and how long ago the base was mined and verified as valid
(19:36:08) Pustota: Card checker is a service that runs cards through its merchandise. Checkers can work in different ways: a small amount ($1-2) can be pre-authorized from the card through the checker’s merch and returned back after a short period of time. This method is bad because the holder may have transaction notifications set up and a suspicious transaction may force him to block the card. Well, or he may simply check the bank statement at the wrong time (a bank statement, sometimes available in paper form, by calling the bank, or in online banking)
(19:37:17) Pustota: More advanced checkers use chargeless validation ($0 authorization), which most often goes unnoticed by the holder and gives a response from the payment system about the validity of the card
(19:38:35) Pustota: An alternative way to check a card for validity is to link it to some services (for example, to Google, or to any other service where the card is linked to your personal account)
(19:39:44) Pustota: This is a fairly safe check method that minimizes the risk of card death, provided that it also uses the principle of chargeless validation
(19:41:11) Pustota: In normal shops, a refund is provided for invalid cards - usually it takes 5-15 minutes to receive a check. To minimize time and financial losses, I recommend checking cards after purchase and trying to get a refund if the card is dead. If you don’t trust your card checking method (let’s say you think it can kill cards), you can check the card after driving in to minimize the likelihood of it dying from a check
(19:42:48) Pustota: It’s also worth remembering that checkers built into shops often spoil cards much more than your own check methods, so use them only if you are sure that the card is invalid (the algorithm is most often like this: you check the card with the shop’s checker, if the shop’s checker reports the card’s premature death, you receive a refund; if the checker says that the card is alive, then no)
(19:43:49) Pustota: Also, I would like to note that by far the safest method of checking a card is to try to lock it up or ring it on the balance (to lock up is a derivative of Enroll). This concept will be covered in detail in further lectures, it implies gaining access to online banking card), or calling the bank. In this case, sometimes you may need to break through additional. card information (SSN (social security number)/DoB (date of birth of the holder) or anything else)
(19:44:41) Pustota: A few words about the types of CC. As I said above, most often in your work you will encounter Visa, MasterCard, American Express, Discover cards
(19:46:07) Pustota: From my experience, the easiest way to find good Visa and MC bins, however, in practice I have also come across fat Amex bins (however, the latter has its own specifics - the chargeback is faster, which is often detrimental to drive-ins You need to understand where this will happen and where it will ruin your work). Discover cards are more likely to be exotic - but in some areas they are also used
(19:47:17) Pustota: Visa, MasterCard and Discover cards each have 16 digits in the card number and 3-digit CVV codes. Amex has 15 digits in the card number and a 4-digit CVV
(19:48:43) Pustota: Cards from some countries (specifically USA, Canada, Australia, New Zealand and United Kingdom) have an AVS (Address Verification System) security mechanism, which verifies the address used when making a transaction with that of the bank - issuer. If the data does not match (the numbers in the address and ZIP code are checked), an AVS Mismatch response is received from the bank and such a transaction will be rejected. From here in the future you will come across concepts such as billing and shipping address, they will be touched upon in further lectures
(19:49:23) Pustota: You can read more about the AVS system on the our forum.
(19:49:28) Pustota: But I’ll write it down for you for a general concept:
(19:50:52) Pustota: AVS - Address Verification System should have been studied, the point is that if you make a transaction within the country (that is, the card issuing bank of the same country as the store) they can verify the digital part of the address, and if it does not match will decline, remember the list of countries that have this system. That is, this system does not exist in the Russian Federation/EU (note: corporate cards in England do not have AVS, also not all cards in usa/ca/au can have such protection, in usa and ca almost everything, in au it’s more realistic to find them without checking)
(19:51:04) Pustota: When working with cards, sooner or later you will encounter 3D Secure security mechanisms.
(19:51:25) Pustota: For Visa cards it is called Visa Secure / Verified by Visa (VBV); MC has MasterCard Secure Code (MCSC) and Amex has SafeKey. Accordingly, many gateways have their own analogues.
(19:52:45) Pustota: 3Dsecure - It seems that it is usually called the 3rd layer of protection, the point is that you enter an Internet password for purchases, I think you have already encountered this when purchasing from your cards, when the bank sent you a sms code.
(19:53:46) Pustota: What is very important to note is that if you made a purchase with a 3DS code, the chargeback falls entirely on the shoulders of the cardholder or bank, the store is not responsible for this operation, that is, even if the cardholder burns the transaction, it is unlikely that the store this will affect and he will not send you the goods, but there is an exception (a shop that values its reputation will cancel).
(19:54:44) Pustota: That is, transactions with a 3DS code have a high level of trust (the exception is the USA due to the fact that the Internet password there is often static, that is, for example, like an email password, and it can be reset). Let me clarify a little: This is a window for entering a 3DS code from a USA bank, but instead of SMS, the bank asks you to enter card information + zip code.
(19:57:08) Pustota: In general, 3ds is the most common type of protection; in most countries, merchants in stores have it connected to cards. That is, if the merchant does not have this protection enabled, but it is on the card, then the transaction will go through without 3ds, since it was not initiated by the shop.
(19:57:19) Pustota: Let’s look at the 3Ds moment in more detail:
(19:58:17) Pustota: These mechanisms are designed to significantly reduce the percentage of unauthorized/fraudulent card transactions by adding an additional transaction confirmation method not related to the card itself. If you enter merchandise with an activated 3DS system, during the transaction you will be redirected to a page for entering a static code, which must be known to the holder, or a one-time code sent to the holder via SMS/e-mail
(20:00:45) Pustota: Static codes will be unknown to you when purchasing a card, however, for some bins they can be reset. Bins where this can be done are called VBV reset bins
(20:01:51) Pustota: Also, there are bins that pass VBV automatically. It looks like this: during the transaction, you are taken to the VBV page, similar to that for the above bins, but you are not asked for the VBV code itself. At this time, the issuing bank evaluates your transaction according to its anti-fraud criteria and gives an answer to the merch whether you passed the VBV check or not. Such bins are called autovbv. Also, sometimes autovbv cards are found in banks that simply have not yet implemented protection using 3DS; in such banks the percentage of successful completion of VBV will be higher. Usually these are small banks (most often Credit Unions)
(20:02:23) Pustota: If you work on clothing with US shops and come across a shop with VBV/MCSC, the easiest way is to give up on such a shop and find another one. If you are using any service where VBV is required (for example, Airbnb), or working in the EU, you already need to look for bins with reset/autovbv that will fit into the merch of your service/shop
(20:03:09) Pustota: 3DS code in the USA is often static, usually it is either zip/ssn or zip+ssn, or it can be set by the cardholder, but often it can be reset (you will see the reset item). So in eu/ca/au and perhaps in other regions you can also find cards where you can reset a static password (provided that it is static and not an SMS or a token and there is a reset option), but no one knows how much money you will spend searching for this can tell)
(20:04:40) Pustota: Perhaps in the UK there is a higher chance of finding something with a reset, since at one time there were a lot of bins with changing the 3ds password using DOB. Previously, there were a lot of bins with 3DS password reset, for dob, zip (data that was found through open sources), now I’m talking about Europe and England, at the moment, as I already said, there are fewer such bins, but it’s really possible to find them, I would start with England and Italy, but this is subjective.
(20:05:52) Pustota: At the moment, many have already moved away from this, and now either SMS or 2FA tokens (like 2FA Google applications). But if it costs SMS, then there are options, and since 2017-2018 the world has been trumpeting that it is necessary to refuse confirmation by phone number, so probably in 2-3 years a lot of banks will switch to tokens.
(20:07:27) Pustota: This is what a 3ds window looks like and the principles of protection according to EU:
And here, after entering the 3ds code, it additionally requested an account number (20:08:24) Pustota: Methods of working with the EU mat will be given to you at the lecture on hotels and air, because All these areas are very closely connected with each other.
(20:09:37) Pustota: A little trick, to determine if a store has 3ds, you need to take a card that has this protection installed and carry out a transaction, preferably not a typical one so that auto3ds does not work, this way you can go through lists of shops, or find out which merchant they have shop and read the documentation on their official website.
(20:10:36) Pustota: Also, when working with European cards in America, it’s worth checking with support whether they have the ability to pay with cards from other countries. Because if the transaction goes further, the bank may not let it through and only ringing will save it. Therefore, we communicate with support.
(20:12:46) Pustota: If we talk about other nonUSA countries, we can highlight the following: These are Latin America, the European Union, the CIS, Asia, Australia, Africa. You can also highlight the Arab countries and India, England (approx. The lecture was earlier about Europe and Asia, but I decided to include the whole world, but in fairness I will say that I worked mainly on USA/EU/Asia).
(20:14:09) Pustota: You should look for information regarding regions on the Internet. There may be different situations in countries, influence, etc. Simply put, you need to be able to use Google.
(20:14:56) Pustota: As I wrote above, I mainly worked with USA/EU/Asia, so these areas will be discussed in more detail, in other regions + the situation is the same as in EU and Asia
(20:14:58) Pustota: Let's talk a little about the types and levels of CC
(20:16:03) Pustota: Credit - a card on which you can spend borrowed funds, i.e. without having your own money in your account. Moreover, US credit cards often have no such thing as a positive balance - you can only spend credit funds on them and repay the loan. The higher CH’s Credit Score, the larger credit limits the bank gives. Let me draw your attention to the fact that if you want to call the bank on such a card, or log in and find out the balance, then the funds actually available for spending on the day will not be the account balance, but the available credit
(20:16:35) Pustota: Debit - a card that is linked to a bank account (account) and is a kind of key to the bank account for the convenience of everyday payments (obviously, as a method of making payments, bank accounts are not the same convenient, like cards). Funds are debited from debits only within the current balance on the BA (bank account)
(20:17:37) Pustota: Prepaid - a card with a prepaid amount - a smart card on which electronic money is stored, deposited there in advance by the card owner. In use they are similar to debits, but unlike them they are not associated with bank accounts. Often found with payment systems like Payoneer, etc. Some merch refuses to work with prepaid cards. I note that this is the worst option for working, with the exception of cases when you clearly know the properties of such a bean, how to work with it and what to do
(20:18:34) Pustota: As for card levels, there are a lot of them and they are different for different banks and payment systems. From Classic to Black. You can read a detailed description in the educational format of each of the levels in the working conference on the forum, there should be a corresponding post there
(20:19:42) Pustota: On the one hand, cards of a higher level indicate a higher status of the owner and potentially they may contain more money than cards of lower levels. However, in practice this is not always the case - for example, in my arsenal there are Classic bins, which always have a lot of available funds, their holders are mostly active and such cards allow you to write off large amounts. On the other hand, there are Platinum bins, which on average have little money and writing off transactions from them is difficult, and often this is completely impossible due to widespread limits and evil bank fraud
(20:20:38) Pustota: Thus, I want to dispel the popular myth that you should try to take cards of higher levels - often this is far from true (at least when working with US cards. In the case of EU cards, the use of cards of Gold levels and higher is justified and actually shows statistically better results)
(20:22:18) Pustota: I also want to note that the presence of funds available for spending on the card does not always equal successful insertion, and now I will give a detailed explanation why. To do this, we will consider in detail the entire kitchen that occurs when paying by card and is hidden from the eyes of the average person.
(20:22:27) Pustota: The process of paying by bank card on the Internet is not as simple as it seems at first glance
(20:22:32) Pustota: Let's say you make a payment in an online store
(20:22:35) Pustota: Let’s look at the main participants in the payment process:
(20:23:26) Pustota: - CH: cardholder, owner of the card from which the payment is made;
- Merchant: in fact, an online point of sale of goods with a current account, where funds for the goods should ultimately be received. Many people confuse the merchant and what is more correctly called payment gateway. These are different entities, but in carder slang, to simplify things, we talk about them as a single whole (merch);
- Payment Gateway (payment gateway) - a technology that allows you to connect a merchant with a processing center and acquiring bank;
(20:25:12) Pustota: - Processing center - a high-tech system for processing payments by bank cards in the field of e-commerce. Receives data from payment gateways, processes and forwards it to the issuing bank;
- Acquiring bank (merchant bank): a bank that is a participant in the global payment system (Visa/MC, etc.) and allows businesses to accept payments using bank cards;
- Issuing bank (CH bank): a bank that is also a member of the global payment system and issued the card to the holder;
- Global payment system (Visa/MC, etc.) - an organization that regulates and carries out interbank settlements. In simple words, it allows you to transfer money from the issuing bank account to the acquiring bank account and resolves the entire process that occurs.
(20:27:22) Pustota: After clicking the Place Order button, first the data goes into the shop’s anti-fraud system. It evaluates the order according to its huge array of criteria.
And it decides whether to pass the order further automatically, send it to manual verification, or give an instant Decline. At this stage, in most cases, the card data has not yet gone beyond the store
(20:29:24) Pustota: If the antifraud check is successfully completed, or the manager manually approved the order, the payment process continues. After the order is approved, your data is collected, encrypted and transferred to the Payment Gateway. In turn, he evaluates the transaction according to his criteria (gateways have their own anti-fraud systems that allow them to identify suspicious patterns) and can immediately initiate payment
(20:31:07) Pustota: Let’s say the KX transaction seemed legitimate to the gateway - in this case, it passes all the data on to the processing center. The processing center again checks against its criteria for fraudulent transactions and decides whether to forward the transaction further.
(20:32:34) Pustota: If the processing center liked everything, the transaction goes through the global payment system to the issuing bank. The issuing bank analyzes CH's transactions and, if the transaction seems out of the ordinary to it (for example, KX has never bought anything more expensive than $100 from the card, and you suddenly try to drive in a gold bar for $10k) - it can also cancel the transaction (at least, before CH calls the bank and verifies such a transaction, which is usually accompanied by a decent number of questions, the answers to which, in theory, should only be known to CH)
(20:34:09) Pustota: The issuing bank also looks at the limits set by the holder and, of course, the availability of available own/credit funds
(20:34:38) Pustota: If it seems to the issuing bank that everything is in order, it transmits a positive response to the acquiring bank back through the global payment system, which, in turn, returns the result of a successful transaction to the payment gateway and the gateway reports directly to you and the store managers about successful payment
(20:35:29) Pustota: Now do you understand why the fact that you have a card with a known balance in your hands does not give you confidence in successful insertion? You are dealing with multi-stage antifraud (shop, payment gateway, processing center and banks)
(20:37:26) Pustota: Most of our activity when working with cards is to learn how to effectively bypass all stages of antifraud. This is quite difficult, because there are always many variables that are inaccessible to us, but by correctly analyzing the entries, sooner or later we find vulnerabilities, which we exploit until they are closed
(20:38:50) Pustota: If we are talking about working with cards, then we have 2 main entities that we must select correctly in order to bypass the above protection systems. The first is the technical side, namely the correct configuration of the system, simulating that of a real holder (includes, for example, system languages, time zone, etc., IP address substitution using anonymizers (proxy servers, SSH tunnels), OVPN/PPTP configs, direct access to machines ((H)RDP, (H)VNC, etc.) and behavioral factors (imitation of real user actions)
(20:39:13) Pustota: In further lectures we will touch on both of these sides in one way or another, applicable to various areas in carding. That's all for today, I'm waiting for yours?
(20:43:00) wimmont: Which CC shops can you recommend based on personal experience? Are there good shops represented on the forum? I looked at some reviews, the situation is twofold
(20:46:59) Pustota: Quite a good shop at the moment - Castro. Frequent updates and different sellers, there is often a suitable mat. But still, you need to proceed from personal experience and always compare reviews, price/quality, etc. The same Castro is not without sins.
You can indicate my code when registering pustota1337 and receive a discount on all purchases
(20:47:17) Snork: Can we say that over time (the last 3-4 years), driving is only becoming more difficult? And in your experience, how many unsuccessful entries did you have to make before success?
(20:48:34) Pustota: When I started, I literally got success in my first attempts. Now, yes, everything is more difficult than before, but success is still quite achievable.
(20:48:44) Serpantin666: Why didn’t they tell you about NON-VBV? Also, before the start of the training, I was told that it would be explained how to get bins from these cards.
(20:51:35) Pustota: What do you mean, how to get bins? You get beans through tests. You buy a card, test it, and if there is a nonvbv/autovbv that suits you, keep it for yourself. Regarding nonvbv - it was talked about all types of cards.
(20:51:43) Peter_Parker: 1. Which cards do you think are easier to enter (if you take statistics): debit or credit?
2. As a beginner, what types of cards would you recommend starting with, or what is better for driving in (ease of driving in): American Express, Visa or Master?
3. Is there often money on debit cards and are they in demand among CH USA?
4. If you have a CH email and phone number, what is the best way to use it and where to apply this information?
5. What linking services would you recommend? (for check)
6. What do you think is better to do: 1 card = 1 hit and 1 drop? Or can I use 1 card = a couple of drives and a couple of drops?
(20:54:02) Pustota: 1. Debit if it is not empty. But most often they are empty. Therefore, basically take out a loan
2. I took a visa\mk
3. They use it, but the problem is that the debit most often goes through the second round and there is no money there anymore after our colleagues.
4. Spam them and, if necessary, use them to register\call a shop\bank
5. the most banal thing - Google, Netflix, etc.
6. 1 card can be used for several hits, but a couple of drops will not allow you to make AF. Therefore, we all hit the drop on whom it gives
(20:54:13) Veles24: 1. what services can you link to a card to check its validity?
2.What shops or sellers do you recommend where to buy mats and full clothes?
3.Which cards are best to take when entering a shop? I mean visa or etc.
4. Which country is better to work in? USA Canada or Europe?
5. How can you avoid 3D security code? If you don’t have access to your phone number?
(20:56:11) Pustota: 1. Answered above
2. Regarding CC - answered above. Regarding fulok - look at the section on the forum, we have a lot of good fulok sellers. I just use mine
3. It often doesn’t matter
4. Yusa is the easiest for beginners.
5. Do not fall under antifraud. Do everything as carefully as possible and avoid triggers.
(20:56:31) BaronLuffy: 1. Is it worth the bother and taking cards from unpopular banks? Is there a big difference in protection, or are there popular but poorly protected banks?
2. Why do merch on websites change? There were situations where I checked merch in the evening, and in the morning it changed
3. Is there more up-to-date information about merch? Your link shows a post from 16
1. Is it necessary to create accounts on social networks when typing in, to what extent does this justify itself? If it does, then register the social network directly in the session where it will be typed in or in another?
(20:59:06) Pustota: 1. This is a quite popular theory, but as practice shows, there is no difference, and often large banks are more loyal than local state banks. Because there the check basically goes into manual mode for any reason
2. For various reasons. It’s trite that the terms of cooperation could have changed, we decided to try another one, technical work, etc.
3. Nothing much has changed regarding the system. Next you will have a lecture on merch, they will tell you more about it
4. Justifies. Yes, you can fight right in the session.
(20:59:14) nlf: 1. What criteria should be used to analyze entries? will they tell us later? 2. What is AF?
(21:00:17) Pustota: 1. Based on successes and failures, of course. According to the errors that the shop\payment gateway gives you
2. Antifraud system\protection system. There will be a separate lecture on it later.
(21:00:50) Akpatyr: 1 As I understand it, first we take CC and then we select the butt of his sock?
2 And how does the location of the CH affect the place of our sock?
3 Should I change my socks every time I insert a new CC?
(21:02:06) Pustota: 1. Correct
2. Completely. If your farm is in Nevada, and you are geographically located in California, it’s somehow strange for the protection system, don’t you think? That's why we do everything under CH
3. Naturally
(21:02:25) KimJo: 1. If we found a clothing store with a 3DS (and gave up on it), does KK die after that, or do we just watch the screen from the 3DS and leave the site, as if we changed our minds about buying?
2. If a shop has 3ds checking, without auto-3ds, then we forget about such shops if there is 3ds on the card?
(21:05:37) Pustota: 1. In the case of 3ds, it is most often issued after the antifraud has flagged you as a fraudster. Therefore, it’s either a change of shop or your approach.
2. Yes
(21:09:44) stormspecter: how do we find out the balik of a map by filling it up?
(21:10:11) Pustota: In general, in a duffel bag, the balik is recognized by driving it in. He either exists or he doesn't. To find out for sure, either call the bank or roll.
(21:12:07) Veles24: Another question, how can I enter the CH personal account?
(21:12:55) Pustota: If you’re talking about a bank - no way, if you’re talking about personal account cards - through enroll, if you’re talking about a shop - no way
(21:13:47) Fuerza: From my own experience, what is the maximum distance from the CH to the drop so as not to disturb fraud? Is it possible to understand in advance whether the address of the drop is included in the fraud ban?
(21:15:00) Pustota: Unfortunately, you won’t understand this in advance. But in general, if the drop is not the latest, its address is already marked. Regarding the distance, I generally try to almost look for neighbors, but on average up to 50 miles
(21:15:08) Mr_Lotus: 1. Let’s talk about the vulnerabilities of fraud systems when driving in, which are exploited by carders until they are rip. Are there any people/services that provide links/templates that are relevant and live today? Or do you need to analyze everything yourself from scratch, keep statistics and try to configure it by trial and error?
2. Are there very few shops left with 2DS merchants?
3. As far as I know, in certain cases 3DS merch can let a card through without SMS confirmation and additional code
In what cases does this happen? does it all depend on the category of the card itself? The shop's trust in CH? Or is this completely impossible?
4. Isn’t it easier to look for platforms (not necessarily with a duffel bag) on which 2ds works and pour money there - for example, through an online casino, etc.
Surely similar schemes exist
(21:17:41) Pustota: 1. That’s right. Trial and error is everything. There are no universal tools and methods to bypass AF. His mood changes like a schizophrenic
2. Not exactly, but less so, yes. But the guys from other streams easily found it. Not with MacBooks, of course, but not bad either
3. This is possible if you have a perfectly clean system, you have not exceeded the order amount threshold and have not triggered the antifraud in any way.
4. Not all cards fit there. As long as you find a bin that fits there, you will kill a lot more money. In addition, most often then you get stuck with withdrawing this money in cash
(21:18:24) ya8no: how is the CC checked for binding to services? Can you please process the process, if it doesn’t make it difficult?) And another question, are there any methods for determining whether a shop has auto-3ds besides actually typing it in?
(21:18:42) GorilaDuster: if there is conditionally $5k on the card. Is it better to hit 100-200 or 500-1000?
(21:19:27) Pustota: It’s simple. You register the service and link the card as a payment method. If the card is valid, it will be linked. If not, it will throw an error. Try linking your map to Google and you will understand the algorithm. Regarding 3ds - only at random.
(21:19:55) Pustota: GorilaDuster - I advise you to make orders of 500-1000. This is the average threshold that is set in antifraud
(21:20:32) selfregs left the room (It is not allowed to send error messages to the room. The participant (selfregs) has sent an error message (service-unavailable) and got kicked from the room).
(21:21:06) Snork: Question about linking to services. Is there a separate service for each CC or can several CCs be linked to one service?
(21:21:59) Pustota: You can do a couple, but there will be constant doubts about fraud. I've knitted for every session before. In general, use a checker, it saves a lot of time
(21:22:19) Snork: But a checker can burn a card, right? (kill)
(21:22:34) Pustota: Maybe that’s why we compare checker reviews and choose the best one)
(21:22:48) Pustota: The cards you buy one way or another still go through the shop’s checker.
(21:23:04) Snork: The best checkers will be provided further in the training during live driving?
(21:23:37) Pustota: You can look at the checkers on the forum in the right section, I recommend trying a sombrero
(21:25:29) Fuerza: Regarding the behavioral characteristics of CH and adjusting to them, the behavior itself directly in the store, what advice would you give?
(21:25:56) Pustota: Checking reviews, checking products, looking at reviews, state news, etc. - standard behavior of an ordinary person on the Internet
(21:27:54) Pustota: I think there are no more questions. Thank you all for your attention! If you have any questions, write to the question/answer. There, my fellow lecturers and I will help and answer your questions.
Thanks again for your attention and see you soon!
