Carding training 2021
Lecture - Carding from "A to Z"Lecturer: Payne
(18:18:04) Payne: starting the lecture
(18:18:15) Payne: Hello again.
(18:18:33) Payne: What is driving in and what does it consist of?
(18:19:01) Payne: In general, carding looks like this:
1. Found a shop
2. Picked up materials for carding (card, soks / tunnel / dedicated server, address / intermediary)
3. Carding
4. PROFIT
(18:19:20) Payne: But ... when instead of Order Success you start to receive order canceled / decline, you realize that, in fact, there are a lot of details / underwater lumps / devils in a still pool - call it what you want - more than 3.
(18:19:48) Payne: You may have never thought about this before, but this is what could / could be the reason for your chancellors. Right now I propose to disassemble what it consists of and what it is eaten with.
(18:20:27) Payne: Let's take the naming of each part "variable" as a basis. Let's call a group of variables that fit one category - a block; each block consists of several sub-items and variables inside it, let's proceed to a detailed examination of the blocks and variables inside them:
(18:21:06) Payne: Block CREDIT CARD:
- bin (first 6 digits of the card, determines the issuing bank, country of issue, card level, presence / absence of vbv)
(18:21:39) Payne: On one or another the bin may have a restriction on payments, spending limits / payment limits on the Internet, or it may simply be "cashless", different types of VBV / MCSC and its reset (reset is variable depending on the bin);
(18:22:01) Payne: autovbv bins - when there is vbv on the card, but does NOT require a password and is processed automatically.
(18:22:18) Payne: Read about VBV here
You shouldn't dwell on this sub-item, but at least you should take note of it. Therefore, write down each bin you encounter in your work, as well as the result of working with it.
(18:22:50) Payne: - Card Level, Card Type Card
Level, Classic / Platinum / Premier / Gold, etc, and Debit / Credit. Based on the level of the card, it can make assumptions about the presence of a balance on it. It is logical that there will be more on platinum credit cards than on debit classics - purely statistically.
(18:23:31) Payne: - card validity
Nothing matters: neither the quality of the ip, nor the setting of the system, if the card is dead. One can be sure of this only by calling the bank (or if there is an enroll to the card). Checkers often kill cards, so you cannot blindly trust them, and it is better not to check the USA cards before carding at all.
(18:24:14) Payne: - billing info / address - credit card address (billing address, billing - cardholder residence address), unfortunately, billing curves occasionally slip on the cards, and in case of carding a card curve into the merchant, which checks AVS (for example, almost all USA shops) such a card will not be included.
(18:24:41) Payne: The reasons contributing to this are the method of obtaining cards, almost always information about the card gets to us the one that the holder entered somewhere CAM. He can order something to work, to his mother-in-law's house, and so on.
(18:25:11) Payne: There are various methods of dealing with this, I will tell you about several that I used personally:
A) Breaking through the billing holder before driving in the cards
(18:25:29) Payne: B) Searching for information about the holder in public sources, for example, by searching in Google Name + zip (John Woods 18462) and checking the correspondence of the address and the name on various sites and social. networks.
(18:26:00) Payne: C) Driving in certain bins and types of cards. The types of cards include Business Cards (cards for business). These are working cards that are often registered for a company / organization (so don't be surprised if instead of a name on such a card you see something like "Mike Stewart Washington Water Restoration")
(18:26:28) Payne: Plus driving such cards the fact that they have even billing in 99% of cases, which other types of cards cannot boast of, due to the fact that the company orders goods or pays for services in relation to its work address, that is, billing. Minus - not all bins will give.
(18:26:54) Payne: - check cards. There are several types of card checks:
(18:27:43) Payne: A) Authorization and cancellation. A random amount of money is authorized on the card (from $ 0.01 to infinity, but usually no more than $ 1), according to the same principle, a check is driven somewhere when the amount is debited.
(18:28:12) Payne: B) Pre-authorization and / or revoke authorization. Upon pre-authorization, the amount is not debited due to the quick cancellation thereof; when authorization is canceled, zeroing (cancellation) occurs after the direct authorization of the amount
C) Calling the bank
(18:28:31) Payne: Each bank and bin treats different kinds of card checks differently, but mostly the effect is negative (especially when working in the USA) and sometimes kills cards (even pre-authorization)
(18:29:12) Payne: Next block - Block of disguise:
The first item will be called "human factor". At the moment, many banks automatically analyze the amount of monthly expenses and the type of transactions of the cardholder, and because of the absurd behavior (this is when a 65-year-old lady buys a snowboard for herself), transaction failures from the bank are possible (I emphasize, possible).
(18:29:54) Payne: This point is not critical, but it cannot be ignored. The shop transmits information about the transaction to the bank, so you need to set the minimum fraud scoring to bypass anti-fraud systems - be guided by this.
(18:30:24) Payne: There is a sub-item "Behavior" at this point. By this I mean the motivation and purpose of the person buying something at a given moment in a particular shop.
(18:30:58) Payne: Create an image for yourself, become a holder, you drive your card, not someone else's, believe it! Are you a 65-year-old woman and have decided to give your son a laptop? Talk about this with the shop support and ask for advice, read the product description, make a mistake when entering text, your eyes are no longer the same as when you were young!)
(18:31:35) Payne: Sox and the tunnel as a whole can be grouped and called the ip block -address, then the variables in this block are as follows:
(18:32:17) Payne: - ip purity by blacklists
- open ports
I talked about this in my lecture on security, in short, this is not a negative, not a positive parameter in most cases.
(18:32:37) Payne: - geolocation of the ip address according to the maxmind (or other important)
base whoer.net and a number of other sites have an outdated max-mind geo base connected, so the consumption of geolocation information from the driven site in comparison with whoer and some of these sites can be very coordinated and critical, all the way to out of state.
(18:33:34) Payne: Certain sites have their own geo-bases, often on these sites you are offered to automatically fill in the zip code, city and state, so when driving into such shops it is better to focus on the information provided by them and based on it select material.
(18:34:15) Payne: - proxy & risk score
- provider, host name, DNS, ip belonging to the hosting provider
Internet provider ip, the host name can tell about the ip belonging to the cloud hoster (see the lecture Security and configuration virtual machine)
(18:35:01) Payne: - range of zip code ip from zip code cc
For example: we own a card with a zip code in billing 97401, which means that the zip ip should be as close as possible to the zip, that is, 97401/9740 * / 974 **, etc. - however, it directly depends on your theme and the place where you carding, for e-Gift you need to pick it up as close as possible, for a thing, depending on the situation: for a drop / middle or holder.
(18:35:56) Payne: Dedik, the virtual and physical machines are included in the second masking group, respectively, they are a single block and have their own groups of variables, namely:
(18:36:15) Payne: - OS
Windows / Linux version and etc.
- browser (Browser, version, WebRTC settings, coockies)
(18:36:53) Payne: Serious merchandise can also ask the browser for information about installed plugins (they can only check by requesting the id of a specific plugin (s)), check sites against the list on which you are logged in https://browserleaks.com/social - you can check here, for example). In practice, when logged in, for example, Facebook is a plus, but not critical.
(18:37:30) Payne: What's a coockie stuffing?
- Stuffing cookies, surfing on various sites - imitation of a real user BEFORE driving.
(18:38:10) Payne: It looks strange when a person with a "naked and empty" browser goes to buy gift for a thousand bucks, doesn't it? Therefore, we create the image of an ordinary hamster user, having previously surfed the sites of any local clinics / restaurants, Amazons, ebays, Facebooks, etc.
(18:38:45) Payne: - all kinds of prints (fonts, fingerprint, audiofingerprint and many others)
The collection of fingerprints generates your unique user impression, which remains in the system, is solved by changing the system (changing the Dedicated Server, etc.), replacing a number of dot prints (such as fonts, screen resolution, video card frequency, etc.) and / or using an antidetect.
(18:39:24) Payne: Driving block process. In my opinion, the driving process itself consists of several things, which, like all variables, can vary and / or modify themselves:
- the way to get into the shop (for example, from Google, or from Facebook / Twitter, other places)
(18:40:18) Payne: Yes, that's important too. Yes, shops see it too! To one degree or another, this also matters. There are several types of transition, I will talk about them starting from less trustful moving to more
trustworthy, respectively: (18:40:58) Payne: A) directly from the link from the browser home page, for example, browser> amazon.com
B) from search engines, for example , google.com> amazon
(18:41:11) Payne: C) Social networks, affiliate programs, various coupon / cashback services.
The shop keeps track of where you came from, the most advanced methods = the most trustworthy!
(18:41:37) Payne: - manual text input or copy-paste - anti-fraud is shooting it, do you copy your name from the clipboard when making purchases from your card? I don’t think so.
(18:42:13) Payne: - warming up the shop
Surfing in the shop, CONSCIOUS choice of goods, reading reviews, delivery methods. Removing / adding goods to the basket [from], registering an account in the shop (and possible temporary storage thereof), preliminary dialing or communicating with the support.
(18:42:48) Payne: - having carding a ringing / no
Some shops have the option to order by phone - order by phone. It happens that the holder's website does not load / is buggy, and then a support operator comes to the rescue, who personally enters your card details, etc. The plus is that in fact the anti-fraud does not see your system / ip address, and accordingly does not assess the risks based on these factors.
(18:43:57) Payne: - billing = / ≠ shipping
Correspondence between the input billing address and the shipping address, sometimes orders are canceled due to the difference. You can fight in the following ways: go through antifraud for all other indicators / warm up the shop (for example, chat in a live chat and say that you want to buy a gift for a friend, etc.) / search for shops that allow doing this / carding billing = shipping = drop / middle (when checking AVS system will not work in most cases), having carding non-liquid assets, which will not "tighten antifraud".
(18:44:37) Payne: - shipping
A number of addresses of well-known intermediaries can be blacklisted by many point shops and merchandise, duplicates are also monitored (have you bought this address earlier in the same shop)
(18:45:15) Payne: - email for the holder and for the recipient (in the case of Gift)
Mail also has a certain risk-speed. The most trustworthy are corporate mails like [email protected]. The most fraudulent are all those with a simplified registration process (for example, mail.com, in other words, those where you do not need to receive SMS during registration)
(18:46:04) Payne: Among other things, some merchandise pay attention to the name in the address mail ([email protected]) - can check the presence of the name / surname of the holder - also not critical, but also an important plus.
(18:47:51) Payne: As you can see, there are a lot of variables. Therefore, when there are chances, think twice about the number of other variables that directly affect the result of the work. The analogy of creating this list can be drawn in any job, be it working with a stick, poker, banks or affiliate programs.
(18:48:17) Payne: Block of consequences of driving. There are many different options for the consequences of your driving, consider the main ones:
(18:49:47) Payne: - Decline. The shop did not even allow you to place an order, often this means that you have problems with the card, so first of all you should pay attention to it and see Block CC. In other cases, the site has technical problems and the screws are tightened (rarely), or you do not pass antifraud (or shop or bank) from the word at all and burn somewhere, in this case, see Blocks "Disguises", "ip-address" and "Carding process"
(18:50:22) Payne: - Cancel. Kantsel. The order was hanged, but after a while (or immediately) the order was canceled on the email, the reasons: the antifraud did not pass / the shop rang the holder / something was wrong with the card and the shop could not write off the money.
(18:50:47) Payne: Antifraud did not pass and he didn’t like something - 2 options for further events:
1 - cancellation of the shop system directly from the antifraud (or the bank did not allow the transaction)
(18:51:14) Payne : 2 - according to the sum of the points scored by the fraud indicators, the order was processed manually (this is when the manager manually approves / cancels orders) and the manager canceled it, or called the holder.
(18:51:55) Payne: Otherwise, if everything is clear with the first case, then the rest should be disassembled in a little more detail.
(18:52:49) Payne: The shop rang the holder - yes, there are shops that always call, there are also shops that can only call for certain orders (for example, for eGifts) and / or for a specific specified order amount (for example, all orders $ 500 +)
(18:53:13) Payne: Methods of dealing with this are as follows: indicating your / your own phone number in order to receive a call if necessary / indicating the left number (for example, some neighboring cafe with the holder) or a non-existent number.
(18:53:54) Payne: However, due to the AVS system in a number of countries, such orders can also suffer, personally, I never shaman with the holder number, since in my work the AVS match should be 99.99%, so look at your needs and desires / themes.
(18:54:33) Payne: The third and final option is the cancellation due to card issues. It means that the holder either managed to burn, or your shop does not process the orders immediately, but after the buyer left the order, and then he can even grab a dead card and give you an order, but, of course, he will not write off the money from it.
(18:55:14) Payne: - a request by the shop for additional verification in the form of a photograph of an identification document (passport / driver's license) or a photo of a card. It means that you have missed the anti-fraud somewhere or your order seemed suspicious. It also arises in cases when the shop is already well done and asks for verification at the slightest suspicion.
(18:55:46) Payne: - request for additional verification by dialing, they ask you to call to "clarify" some details. Usually they drive along the backgrand (see the lecture on punching), depending on the shop, you can also mean that the card has a billing curve.
How to fight? Punch, call, draw. If the order or tests are worth it. We write the results in the records and draw conclusions.
(18:56:32) Payne: The last point in the lecture is the Checklist. Checklists, my method of working on point shops by developing and working out an approach in relation to them.
(18:57:19) Payne: It is a list of points (usually 10-20) that tell how you can break through a particular shop based on tests of driving this shop, various useful notes derived from experience (for example, how quickly orders / office) - it helps me in my work, a kind of creation of a template that must be guided by for success.
(18:57:47) Payne: An example of my check-list for one large shop:
"SHOP *****. COM
- There must be equal billing
- Driving must be done with one attempt per 1 IP. Exception: 2 attempts
- Only manual input and previously unrepeated variables (a la mail)
- Consider the option of carding from Dedicated Servers
- If the anti-fraud has not passed, but the card is even, the ticket will be sent to the mail within 25 minutes
- When the anti-fraud system does not pass the order, the merch gives a declline with the text: Unable to process credit card at this time, processor reported (Authorization Failed)
- If the card lacks balance or billing curve, the merchandise gives a declline with the text: Please double-check your billing address and credit card information.
- The following bins entered: 517805 464018 for such and such amounts ... *
And so on.
(18:58:37) Payne: As you may have noticed, the blocks are divided in point and group order, you can classify the groups in order as follows:
Credit Card blocks, Masking (system) - consolidated - preparation for driving.
(18:59:16) Payne: Blocks The driving process, consequences and checklists are the result of preparation for driving and, in fact, the consequences. It is important to trace the causal relationship between preparation and the result in order to learn to understand where and when you are to blame, and where the shop or material supplier is.
(18:59:56) Payne: "Those who give themselves up to practice without knowledge are like a sailor setting off on a journey without a rudder or compass ... practice should always be based on a good knowledge of theory."
(19:00:16) Payne: This concludes our lecture, let's move on to the questions. Put "?"
(19:00:35) fregal: 1. Is it not an option to drive from a virtual machine (except for using a sphere, etc.)? since there is a difference from real hardware, and this will be considered a minus.
2. I ask you to write your own scheme of driving and network connection. For example, what do I see:
- My computer - virtualka (sphere) - VPN - socks - shop (driving in)
- My computer - VPN - Dedic - socks - Shop.
(19:02:09) Payne: Nothing, you're all the first.
1. It depends on the complexity of the anti-fraud system of a particular shop, you can drive into the middle and below)
2. - VPN on your computer should be
- hang up on Dedicated Sox - mauvais ton.
If with a virtual machine, then, in general terms, something like this: base-vpn-virtualka-soks (or tunnel) is a necessary minimum
(19:02:35) soloveyraz: 1- how to understand that a shop accepts an order by phone?
2 - when will they give us a list of trusted shops with ss and socks? that would replenish them and you could start working
3- if you beat on a stingy, as I understand it, first of all, first of all, you need to find out from him the addresses he accepts and then go to drive in?
(19:03:51) Payne: 1. The faq shop (or other place) should be written, sometimes written directly on the staff's page. If this is not the case, call or ask the support in the online chat / by email
2. Mans will give in the main conference, soon
3. Of course. Otherwise, where will you drive.
(19:03:57) Best friend: 1. how exactly to select the material (map) for driving? Are there any algorithms or dependencies?
2. how to determine vbv by bin?
3. Is it possible to determine the shop that sends to different beep-thorns only by brute force?
4. is today's lecture in the form of one diagram (checklist) with all the blocks and variables and with the main key points?
5. Is there an antifraud "simulator" on which you can see, let's say, how many fraud points you are gaining?
6. Can I call the shop myself right after the order?
7. if you behave as much as possible like CH, what is the probability (%) that the shop will not call CH?
8. The checklist implies a set of key points of the shop, without which it will not work? Is it possible to group the shops in the future to narrow down the checklist?
(19:07:45) Payne: 1. Based on the bin / level / card type.
2. Drive it in. Or if this is a visa - generate a card by bin (for example, here) https://www.elfqrin.com/discard_credit_card_generator.php and insert the generated number here https://verified.visa.com/aam/activation/landingPage.aam and then see the reaction (this is a site for resetting the vbv)
3. Yes
4. The lecture is the checklist. Everyone makes the summary and main points for himself, I told everything that is important in my opinion.
5. No
6. Yes, but it doesn't always make sense
7. Depends on the shop. If the shop doesn't call (or rarely calls), and you are as close to KH as possible, then why call him? On the other hand, a shop calling everything in a row will ignore your resemblance to KH and simply ring him.
8. You create checklists yourself for your shops, so I showed you the systematization of information and an example of "drawing" conclusions. Which one will be convenient for you and do it, work on it for you
(19:08:10) prt: Sites where it is better to check the purity of the ip?
(19:08:29) Payne: Watch the lecture "Virtual Machine Security and Configuration". In it, I gave a list of sites.
(19:10:04) star8888: tell us about the rest of the card after carding a successful and unsuccessful
(19:11:01) Payne: After a successful one - do not touch it for at least a day. After an unsuccessful one, either drive into another place at once or lie down for a day or more, and then carding
(19:11:07) fregal: - Only manual input and previously unrepeated variables (a la mail)
Ie. Does the shop you are currently processing only work with manual input?
(19:11:47) Payne: Do you understand what manual input is? This is when you type text on the keyboard with your fingers, rather than copy-paste.
(19:12:32) fregal: I thought it meant the operator's request to manually enter the card data)
(19:13:56) star8888: avs works with any summax? let's say 5 bucks
(19:14:29) Payne: Yes, but at 5 bucks the anti-fraud can close its eyes and skip the order
(19:14:50) star8888: i.e. the situation is possible - the first having carding 5 bucks, the next 200?
(19:15:25) Payne: Possible. But several carding a row are:
a) suspicious for the bank, the card may die
b) suspicious for the shop
antifraud (19:15:26) star8888: in a week, say
(19:16:08) Payne: Yes, you can. But it will not always work, after all, having carding to 200 will be, and it will be scanned as an order for 200, and not for 5
(19:16:16) badd: in a week the card, socks / tunnel / dedicated server may not survive)
(19:16:41) Payne: Well thanks everyone for the lecture
(20:14:14) Payne: Let's start.
(20:14:41) Payne: Hello. Lecture topic: "Carding from A to Z".
(20:15:07) Payne: Conventionally, the act of driving can be reduced to preparing material and transmitting data to a store or service, but in fact there are anti-fraud systems - a real minefield containing a lot of filters of a technical, statistical and behavioral nature. In a broader sense, "driving in" is a collective term of many parameters and actions.
(20:15:33) Payne: It is wrong to rely entirely on the technical part only, because in addition to the "valid / invalid" patterns, the process involves both user psychology and circumstances beyond the control of us or the holder. While not easy to account for, having an overview of the process can expand the boundaries and fill in the gaps.
(20:16:04) Payne: In an area where every detail can somehow provoke financial losses, learning the subtleties and working on mistakes in advance is no less significant contribution to the activity than, for example, good material. The basis of the lecture is the study of the components of the process, prerequisites and causes of failure.
(20:16:44) Payne: Let's talk about the material first.
Of course, living material is one of the key parameters in the work, but this alone is not enough. The card can be limited by limits, technical design or modest balance. The technical side of the issue, as a rule, is learned by experience, and the main variables here are:
(20:17:13) Payne: - Validity. Working material, of course, first of all. However, “validity” does not ensure “immortality” - a huge number of payment attempts, a frankly bad user profile (IP, system), checkers and a suspicious order can ruin the material or, at least, cause various checks, which will be described below.
(20:17:42) Payne: Moreover, already limited material may fall into the hands, with which you can hardly do anything, even if it is alive. You can reliably verify that the card is working, except by calling the bank or using specific material like Enroll.
(20:20:02) Payne: Simply put, the basic verification methods absolutely in every single episode should not be trusted, as well as wielding the material like a jackhammer.
(20:20:23) Payne: - VBV and its analogues: MCSC for MasterCard, SafeKey for Amex, as well as alternatives to AutoVBV (automatic processing without a password). In the course of working with VBV-merch, being unprepared in this matter will become a problem if the material is limited to such a system. However, you can change the password with knowledge of the owner's data, based on the bin.
(20:20:05) Payne: - Probability and speed of chargeback - transaction cancellation. It usually happens automatically immediately, but with the intervention of the owner, the time depends on his activity, the type of notifications about spending (periodic statements, online access, etc.) and the bank's agility: if necessary, for example, if a transaction with VBV, proceedings can sometimes be initiated ...
(20:20:45) Payne: - To a certain extent, the balance can be estimated using the type and level of the card: Debit, Credit; Classic, Permier, Gold, Platinum and so on. It is believed that platinum credit cards are often richer than classic debit cards, but this is more an observation than a pattern, so this factor cannot be ruled out.
(20:20:32) Payne: The above characteristics converge under a common label - the map bin. And certain bins, similar to, for example, addresses, due to the actions of other buyers or fraudsters, can be marked as a risk factor or even be on the black list of stores and antifraud systems. In addition, what works today may fail tomorrow.
(20:21:15) Payne: As you can see, there is a development of events in which outwardly good material becomes a dead weight, therefore, living material is by no means a guarantee of success.
(20:21:55) Payne: Expanding the masking topic, let's dwell on the session configuration: IP address, system, browser.
First, let's briefly refresh our memory. IP address: blacklists, ISP, DNS, ping, ports; system: user-agent, fingerprints; browser: plugins, antidetect, cookie. Apart from what has been said about this in previous lectures, it is worth bringing up some details regarding the current subject of discussion - practice.
(20:22:37) Payne: It's important to keep in mind, however, that the then and now settings are not mutually exclusive. And dirty IP addresses, and questionable fingerprints, and even more so the security principles do not lose their relevance, but only complement the picture.
(20:23:21) Payne: The first is the distance between the zip of the IP address and the zip of the card. For example: if the index of the card is "97401", then the IP address should be searched for as close as possible - 97401, 9740 *, 974 ** and so on. Situationally, if, for example, special heating is used or billing is changed, but in general, an increase in the distance affects the attitude of antifraud systems.
(20:23:56) Payne: Alas, the geolocation of IP addresses named by anonymity check sites can be strikingly different from the stores' own information about the customer's location, up to tens or hundreds of miles. This is due to different sources of information, moreover, the databases are updated.
(20:24:29) Payne: These stores often offer automatic filling of some data: ZIP, city, state. Thus, it is better to focus on their performance, where possible - first a check, followed by a search for material with a suitable location.
(20:25:03) Payne: For reference: when choosing a disguise, you should start with an IP address - it's easier than finding pure IP access for the map location. An exception is the search for a specific material (for example, by bin), in this case the order is forced to change.
(20:25:37) Payne: The second is the system and statistics. Obviously, we are not alone in shopping. Over time, configurations wear out, overlaps with other fraudulent orders begin to appear, which leads to the need to change characteristics, stores, actions, directions - in other words, change the "approach".
(20:26:12) Payne: It is not possible to break through a store or service, succeed with an anti-fraud system and wait for delivery - all this is one answer: it is probably time to make adjustments. This can be a remote desktop (RDP), a physical device (PC, phone), an operating system and other methods that allow you to dissolve in the crowd and not go straight ahead.
(20:26:52) Payne: The field of activity is in constant flux, and in order to always keep your finger on the pulse of events, you need to continue to experiment.
(20:27:16) Payne: And third, the browser. This includes the actions of the client prior to visiting the store. Among other things, many stores automatically check the registration of social networks on the client's email: Google, LinkedIn, Instagram and others. The specific list of searched sites may differ depending on the anti-fraud system, but the benchmark here is Facebook.
(20:27:39) Payne: Explanation: firstly, various anti-fraud systems note the presence of mechanisms for checking the client's social networks in their arsenal; secondly, in the conditions of using the social networks themselves, there is the possibility of transferring some information about users to third parties, for example, advertisers.
(20:28:15) Payne: It is not necessary to fill in accounts with information and photos, since in a normal situation there is no manual assessment, and with automatic accounts themselves play in favor of the image of a normal client. Also, you can establish the fact of authorization in the browser: https://browserleaks.com/social - an example.
(20:29:00) Payne: Another aspect that positively affects the portrait of the client is the imitation of the behavior of an ordinary person. By surfing the net, clicks on relevant (from the perspective of the owner of the material) advertisements and deliberately searching for goods or services, one can play along with large analytical companies and advertising managers.
(20:29:37) Payne: The latter will collect information about the user, then, perhaps, through the chain of analytics and advertising, it will go to popular sites, thereby reinforcing the illusion. We specify the actions: choosing local stores, restaurants, clinics, viewing articles, media, well-known catalogs, registering on third-party sites, and so on.
(20:30:22) Payne: Strictly speaking, this will kill two birds with one stone: fill in your own cookies, and imitate the behavior of the average client, so to speak, a hamster user. Obviously, the implementation requires an already configured masking. When all the preparations are done, it remains to visit the desired store, but there is something to pay attention to.
(20:31:00) Payne: The way a customer enters the store is tracked to collect statistics and analyze the effectiveness of a particular advertising integration (from the store's point of view, this is a traffic source). Surely at least once met a survey on how you found a site or service - proof that stores are interested in this. Some examples:
(20:31:24) Payne: • browser home page> store;
• search> store;
• social networks, advertising on other sites, coupon or cashback services, mailings to email> store.
The most unobvious and unexpected ways are an additional stone in the foundation of the entire image of the client.
(20:32:03) Payne: Mode of action.
The next stage is behavior in the store or service. Before describing it, it should be emphasized that there is no formula for success - each individual indicator is in limbo and changes depending on the circumstances, services, stores, current settings and the human factor.
(20:32:37) Payne: At the same time, there are a number of popular technical and behavioral patterns adopted by most anti-fraud systems. Let's move on to the description.
A) The first part is general information about the client.
(20:33:04) Payne: - Once again, there is no need to talk about the unacceptability of "copy-paste", because there are other errors in the area of unnatural behavior: chaotic switching between tabs (for example, to use a translator) or amazing awareness "New" client about all the functions and products of the site.
(20:33:36) Payne: - Staying. Long break between registration and purchase to increase store loyalty. Do not break off at the last moment before ordering, having already tied the card, in order to continue from the same place a week later, but copy the adequate behavior of people - studying the assortment, registering, choosing, comparing.
(20:34:09) Payne: In general, such actions are variable and this includes the whole warm-up scenario. It is useful to learn the following: "holders" are not an abstract term, they are real, ordinary people. One will put himself VBV, the other will not; the third person will scan dozens of sites before buying, or, on the contrary, will immediately make an order.
(20:34:59) Payne: - In the case when the true owner of the material has previously bought something or has an account in a particular store, the chance of selling the material in it decreases in proportion to a number of factors: the owner's activity, his account in the store, used by him billing & shipping.
(20:35:26) Payne: When the owner made purchases in a local store, on the Internet without registering, or long enough for the time interval between the creation of the old and new accounts to look natural, chances remain.
(20:35:58) Payne: On the one hand, the customer's knowledge of offline purchases says little about his online activity, and the personality without registration is not so pronounced, but if it happened, forget about the account of a particular store or its data , in principle, a matter of everyday life, especially over time.
(20:36:40) Payne: On the other hand, the activity itself plays a role: the dates and frequency of the last visits, the type and amount of transactions, a selection from the assortment. Obviously, a parallel session with the real owner or teleportation between cities in short periods of time is something out of the ordinary.
(20:37:16) Payne: - A sharp change in preferences from detergents to laptops from the point of view of an extremely sensitive bank, alone or together with other details of the order, can affect the request for verifications and the life of the material in general, since its customer information is deeper and more comprehensive than the store's anti-fraud system.
(20:37:58) Payne: A simple example: the owner of the material in recent months has only bought groceries and clothing in stores or paid bills - in short, satisfied domestic needs. And then, one day I fell for the conditional Rolex on the Internet. It is very likely that if you do not block the card, then at least the bank can suspend the transaction.
(20:38:30) Payne: B) Customer technical data.
(20:38:36) Payne: - Purchase method. In most stores, it is possible to place an order with the registration of an account or a "guest". Yes, the account will be assessed as recent, not to mention the possibility that the owner of the material has his account in the store (mainly if it is popular). On the other hand, the fact of registration can add loyalty.
(20:39:11) Payne: Plus, a guest without an account is, in a sense, also a new, unverified user. In other words, one or another idea of the client cannot be avoided, therefore the result depends on the mood of the anti-fraud system and the totality of all the details. Conclusion: it is pointless to get hung up, you need to strive to improve the general opinion.
(20:39:59) Payne: - Payment method. Elapsed time since binding, number of cards, billing addresses, payment attempts, changes in personal data; used promotional codes, gift certificates, filling the basket or "buy now" - all this to some extent gives an impression of the client.
(20:40:44) Payne: Paying on the tenth try or the third linked card will cast a shadow, a promo code or discount for mail left for distribution can contribute to the result. In practice, it is necessary to act within the limits of the norms of behavior - "special" actions stand out against the background of the average buyer. Typing is okay, copying and pasting your own name is not.
(20:41:46) Payne: - Order by phone. Some stores provide an opportunity to place an order through an operator by phone. It happens that the client, due to technical problems, cannot use the site and turns to support, which independently enters all the information. The store's anti-fraud system does not evaluate customer prints, but the method itself is costly and suspicious.
(20:42:06) Payne: C) Order characteristics and customer personal data.
(20:42:31) Payne: - Product category and price. Certain positions and price thresholds in stores can be treated with increased attention and the anti-fraud system filters can be adjusted accordingly. It manifests itself in the form of a more serious assessment, verification, manual verification. For example: gift certificates (gift) or a particularly expensive product.
(20:43:06) Payne: - Coincidence of characteristics with other orders. First, it allows you to recognize the client or detect multi-accounts; second, to compare the order with fraudulent precedents. The signal can be: fingerprints, bins, e-mails; personal data such as addresses.
(20:43:33) Payne: Crossing multiple parameters with fraudulent orders will increase the risk, almost complete compliance is a fatal error, and the similarity or identity of individual elements will signal the participation of the multi-account owner. It also works in the opposite direction - according to the principle of the average buyer.
(20:44:16) Payne: - If you do not go into technical details, the processing of personal data by stores and services, according to formal doctrines, is needed to collect statistics and issue relevant advertisements, although in fact it is used for intrusive advertising tracking, selling data and spying.
(20:44:35) Payne: But this coin has another side, the value of the study which coincides with the interests of the lecture - analyzing the involvement of data in customer identification and transactions. A prominent place here is occupied, in particular, by the billing and shipping addresses of the client, that is, personal and delivery.
(20:45:12) Payne: 1. The first is verified by AVS (Address Verification System) - a verification system that compares the billing address used with the client's data in the bank file. Provided in USA, CA and UK and allows you to at least indicate a security risk in case of address mismatch - validation failure means incorrect card information.
(20:46:07) Payne: Mostly, a data error is the result of a method of obtaining material, in which the source is the owner himself, like phishing or sniffing, although there are also loss of relevance and technical failures. You can dispel suspicions, check or correct the flaw in the following way:
• An attempt to find information in the public domain, for example, on social networks;
(20:46:44) Payne: • refer to the "puncher" on the forum or use services - whitepages and analogues;
• material of the "business" type, where billing in most cases corresponds to a work address, and purchases are made for the purpose of the company (there may be some nuances).
(20:47:21) Payne: 2. Shipping, in turn, is the competence of the anti-fraud system and shows: identity with billing, and therefore with a bank file; use of blacklisted addresses and location. To check AVS, billing is enough, which implies the ability to work on different addresses.
(20:48:06) Payne: Continuing in this vein, in comparison with orders for a work or alternative address, specifically consumer goods (clothing, popular electronics, etc.) are much more likely to be bought by customers at home, in most cases the same with a bank file.
(20:48:43) Payne: Thus, different addresses reflect "work for different bill / shipps" and give rise to suspicion, since even without that from a relatively small sample of orders with this property, fraudulent activities are often encountered, for example, when using intermediaries or drops.
(20:49:07) Payne: However, suspicion does not necessarily translate into action. An order for a work or a relative's address fits into the framework of what is permissible, though not without exceptions: firstly, some stores may be critical of such orders; secondly, purchases for different billing and shipping are less, the greater the distance between them.
(20:49:45) Payne: The latter is easy enough to understand: people tend to work closer to home, and orders, for example, in their own or a neighboring city are much more than in another state, not to mention another country. In addition, comparison is possible not only in relation to address locations, but also taking into account the IP address map.
(20:50:30) Payne: Accordingly, as the distance increases, the chance of selling the material decreases, and if the real owner can insist or verify the order, then from the point of view of a third party this is additional costs in the form of ringing, warming up, breaking through the necessary information and time, for which one cannot always be prepared.
(20:51:03) Payne: If you can't find the key to the tactics of different addresses, besides the above, there are the following options:
• order for billing with the purpose of further redirecting the parcel or stopping it at the post office (reroute, pickup);
• search for stores with a qualitatively lower level of anti-fraud systems and / or illiquid goods;
(20:51:34) Payne: • special warm-up (“I want to order a gift for a friend”);
• enroll with the function of changing the address, which can also help with incorrect billing;
And the extreme is to avoid AVS entirely. Quite special cases, but in short: working with digital goods, payment systems and banks where address speculation is not required, as well as countries without AVS.
(20:52:13) Payne: Reactions. Suppose the order is completed and it remains to wait for news from the store or service.
(20:52:33) Payne: With rare exceptions, the universal responses of stores and services to customer actions are as follows.
1. Confirmation. A conditionally positive result and contains two options:
(20:52:46) Payne: a) primary. Notification of the formation of an order, figuratively speaking - the creation of an order that has yet to be processed.
b) actual. The request has been processed, and the funds have been authorized or debited. You need to wait for the order to ship.
(20:53:20) Payne: It is possible to distinguish one from the other in a particular store only empirically, therefore, as soon as you see "Order Placed", it will be hasty to divide the bearskin - confirmation remains intermediate. The primary can be followed by cancellation or verification, and in the case of the actual material die.
(20:53:55) Payne: 2. Decline - instant refusal to conduct a transaction during payment, even before the order is formed. Causes in ascending order of likelihood:
• source on the side of the store or service: excessive vigilance or technical problems;
(20:54:22) Payne: • reaction of the anti-fraud system. Reflects the highest degree of customer distrust? it smells so bad that it is not allowed to form an order;
• problems with the payment method. In addition to being invalid, it includes insufficient balance and various restrictions or limits in the bank's area.
(20:55:02) Payne: 3. Cancel - notification of the refusal to conduct a transaction after the order is formed. A similar list:
• the store authorizes funds after placing an order and, thus, may mistakenly accept defective material (empty, with limits, etc.);
(20:55:25) Payne: • death of the material after the order, for example, due to the reaction of the owner or the bank;
• negative response of the anti-fraud system. Not only automatically, but also as a result of manual verification by the operator or contact with the owner of the material.
(20:56:07) Payne: 4. Client verification.
(20:56:24) Payne: For reasons of lack of trust, harsh store policies due to deplorable statistics or, in a word, "delay", as well as due to a special attitude towards certain categories, for example, electronic goods or high-value items can verification must be requested in the following forms:
a) photo of the card with which the payment was made. Usually it is allowed to leave only the last 4 digits of the number, covering the rest with something;
(20:57:00) Payne: b) a request to contact support by phone "clarify details" (the request comes to the mail from the order, they rarely call without notification). During the conversation, they will ask leading questions or wish to confirm the identity of the client with information from his life (Background).
(20:57:25) Payne: For example, the make and year of the car, past places of work and addresses - this and the other are located in the same way as billing, and for a call you can contact the dial-up service or use SIP. Depending on the store, this item may indicate incorrect billing.
(20:58:01) Payne: c) It should be noted that the issuing bank can act in a similar way: requesting confirmation of the transaction via the owner's email or blocking the card before contacting support. At the same time, under normal conditions, there is no access to his mail, and to call the bank you often need more difficult-to-access information than the store.
(20:58:46) Payne: The request from the outside looks like decline or cancel, while blocking is, in fact, the death of the card. This is not the most common scenario, so there is no point in getting stuck in a loop, but if in doubt, you can take care of it in advance by carefully creating a disguise, using less sensitive cans or special material.
(20:59:33) Payne: Moving on to services, companies from the business relations segment - exchanges, some exchangers, payment systems and bookmakers - adhere to the so-called KYC principle (Know Your Customer, know your customer), legal norms of customer identification to prevent money laundering, tax evasion, etc. In the best case, you will need:
(20:00:09) Payne: • SMS confirmation of the phone;
• bank statement;
• photo of identification document: passport (ID) or license (DL) in various variations - spread, several pages, from different sides and angles;
(20:00:36) Payne: • personal photos with documents;
• proof of address: photo of registration in the passport, receipt for utility bills no older than n-months.
(20:01:04) Payne: At worst, up to video recordings, live videoconferencing, and even office visits. Half of what is touched upon can be drawn, for the other half will require dummies and verification services for drawing or real documents, depending on the situation. One way or another, these services can be found on the forum or implemented independently.
(20:01:48) Payne: The last stated verification method is used by both shops and services - requesting transaction data, for the issuance of which you will need access to the personal account of the card (enroll) or a call to the bank:
a) ID-number of the transaction or comment to it;
b) the exact size of a microtransaction sent or authorized by the service, as a rule, in the range of 0.01-1.99 - commonly called "miniki".
(20:02:30) Payne: Note: shops and services have common scenarios for requesting information, and sometimes they involve third-party companies that conduct verification. So, having collected statistics, you can assume the necessary measures - breaking through information, drawing, and so on.
(20:03:04) Payne: Let's summarize. In light of all that has been described, finding a working bin or a store does not mean hitting the jackpot. It may seem that the lecture material exaggerates, but this is not entirely true. The lecture focuses on what can go wrong, in which direction to look for potential errors, and generally summarizes the data within a single process.
(20:03:38) Payne: That's all. If you wish, you can send a review of the lecture here.
Go to the questions, put a "?"
(20:04:13) yarah4: so basically, if I do this, am I following the teaching here? :
* go to shalom.ninja, buy CC with 123 zip code (x in Florida)
* go to socks.bz, buy socks in or very close to 123 zip code (in Florida)
* login to newly made social accounts on browser in VM, using socks from FL.
* warm up shop the way you guys taught us
* find a drop in Florida
* make shipping info to his place
* after 30mins warm up, make 200-300 dollars clothing order
(20:04:32) yarah4: * also will we see live session from you guys? or we should start ourselves now? thanks
(20:05:50) Payne: On a different billing and shipping addresses? Well, yes, but you may face some problems with this type of work. What to do is described in this lecture.
(20:05:59) panacashe: Today there was supposed to be a lecture about Android, I was really looking forward to it.
(20:06:29) Payne: Not in charge of the schedule. Sooner or later, there will undoubtedly be.
(20:06:41) AK-Baks: 1. It turns out that we have now sorted out the moments that can go wrong?
2.If you make small transactions to buy goods in a store, say, illiquid stock up to $ 400, will antifraud start up?
(20:07:05) Payne: 1. Including.
2. Depends on antifraud. The amount does not guarantee anything, alas.
(20:07:26) Koba787: koba is in shock
1 - that is, buying Gift, on the contrary, increases the attention of anti-fraud?
2 - are we talking about different beats / thorns again? but how to register the drop address if it cannot be registered? already got confused with this beat / shield
3 - did I understand correctly that if the address is correct (it is it that AVS checks), then you can write another spike address? I say adequate in terms of distance
4 - When buying, if you use Gift from this store - does it soften the AF or alert you?
(20:09:39) Payne: 1. Of course. One of the most extreme forms of activity in this area.
2. It is possible, but it was mainly said about what to do if it does not work out simply to "register" it.
3. No, not connected. The accuracy of billing is one of the checks of the legitimacy of a transaction as such. Conditionally as a CVV check.
4. Making Gift the process is much easier than driving it in. There is a lecture on Gift.
(20:10:36) yarah4: yes, you described going to FEDEX / UPS, then re-routing the order to our shipping address of the drop, is that sufficient?
also, looking at the coming topics, it's going to all talk about different stuff like paypal, banks, hotels etc., so is this information enough for us to start or we should wait to learn more?
(20:12:02) Payne: 1. I described like 7-8 options what to do. Please reread lecture.
2. Better wait. You will know more details about work with shops and services.
(20:12:22) goldenbaum: 1. Is it possible, for example, if we order a beat - a thorn. Having received a track number for example the same UPS. Call UPS and, using knowledge of the owner's data, or call to change the address of the parcel on the way?
2. Asked a question. I want your point of view. Is it logical that driving from an application on an iPhone through a router configured for socks increases trust? Or so-so theory?
(20:14:25) Payne: 1. There is a lecture on the rearout / pickup. It is not a fact that it will be possible to simply ring out on your own, but ringing out does it, yes.
2. Right, it raises. It's about the phone itself: mobile devices are generally more favorable than desktop devices. With an iPhone, in particular, it's a disaster, because on it you can't walk around with a change in hardware characteristics and a substitution of parameters, as on an android. Only dances with a tambourine, jailbreaks and more.
(20:14:42) Izolentna: How often does it happen that you have to bypass vbv? From the samples of my friends, they constantly got a confirmation code. What is the point then, since 3D costs almost 90 percent of the cards? To score and search for leaked cards without them?
(20:14:58) Izolentna: litter for stupid questions. really not clear in this regard
(20:15:38) Payne: Not often. Many shops and banks with bins do not have vbv, moreover, you can purposefully work with non-vbv merchandise.
(20:16:41) Koba787: Without a reroute and a pickup and enroll - in general on a different beam-spike - it makes sense to beat or the topic is dead conceptually
(20:17:17) Koba787: and it turns out that it is easier to buy a product with adequate behavior than a gift? Then why are newbies offered to start with Gift?
(20:20:16) Payne: 1. It makes sense, at least for tests. And of course, there are people who are actively working. Don't take talk of dead topics seriously - only a specific store or service can die.
2. The product is simpler. Why? Perhaps the question should be directed to the one who proposes it. I'm not suggesting
Probably for my own reasons.(20:20:39) IB $ integral: Do I understand correctly that, in fact, the roller significantly increases the probability of a successful drive due to the beating = spike and the ability to check minikis?
(20:20:17) IB $ integral: Simply speaking, relatively speaking, 1 roll is equal to 10 cards in terms of the success of the drives?
(20:20:46) IB $ integral: Possibly clumsy, I have an understanding. I just would like to confirm sooner
(20:22:13) Payne: 1. No, it does not increase in itself, but it provides a greater understanding of the material and the amount of information - that's what increases. This, in turn, allows you to find other ways to implement the material. And about minikis: not the most frequent guest.
2. No. However, if we declare that 9 out of 10 cards will be dead and one single roller is alive - yes. But you do not take into account that these cards can be alive, and on the contrary, it can take 10 cards to create one roller, so they are applied in specific directions, and not for each drive. In other words, for specific purposes. Plus the anti-fraud system of the store ...
(20:22:38) Izolentna: That is, we have to reroute at the moment when the staff is already on the point? Or just ask to pick up the drop from the delivery point? Or do all sorts of varicks work and just test and test everything?)
(20:23:28) Payne: 1. When it is already going. 2. Pick up - pickup, another scheme of work. 3. All sorts of variki work, you can put it that way.
(20:23:32) yarah4: you mentioned to look for "less popular" shops, does that have a visitors range? like less than a million visitors per month? 1-5m? less than 10m? thanks
(20:24:12) Payne: ~ 500k-1m
(20:24:20) IB $ integral: I understand that there will be a separate lecture on the video, but you can list these "specific areas" in the
abstract (20:24:59) Payne: Billing changes, bays, services with mandatory verifications, large balances.
(20:25:51) Koba787: So there will be details of how the reroute is done and with what?
(20:25:52) yarah4: can you give us free socks and CC? ?? just kidding thank u
(20:26:44) Payne: Koba787 There is a related lecture topic. Again, I'm not responsible for the schedule. You can find an approximate group in which she appears in the training topic.
(20:26:50) Payne: lectures *
(20:26:58) Izolentna: ????
I thought, and many, too, perhaps. Today we thought it would be driven. In terms of how it all happens, and we'll see. This will not happen? : D
(20:27:24) Payne: It will.
(20:27:45) AK-Baks: After training?
(20:28:33) Payne: This is one of the lectures. Don't overstate your expectations by driving in - a common online purchase with a couple of additional actions like connecting an IP address. Have you ever ordered a pizza?
(20:28:53) Koba787: Payne: her delivery address was not changed))
(20:30:31) goldenbaum: question about an iPhone. why change the hardware characteristics to change through jailbreak. they essentially have 4 models. Or do you need to pick the serial number if it is marked on af?
(20:31:36) Payne: The idea is correct, but the identification data is nevertheless there, the same unique advertising number, the SSID of the networks, and even the serial, if they get access to it. Dig a lot, believe me.
(20:32:22) goldenbaum: Got it. Looking forward to a lecture on android then. does she seem to have it?
(20:32:42) Payne: Yes.
(20:33:11) Payne: Ok. Since there are no more questions, thank you for your presence and good luck. See you.
