Carder
Professional
- Messages
- 2,616
- Reaction score
- 1,934
- Points
- 113
Stuff carding - the nuances of working with stores, addresses, billing and shipping
In the last article, I disassembled the basic scheme and gave tips for finding drops and cards. In this article we will analyze the features of choosing a store, product, the main points of carding and working with addresses.
How to choose a product?
Anything can be a product in clothing carding, however, not all of them can bring tangible profits, since you can card both cheap headphones and expensive equipment.
The product should be discussed with the drop in advance. If a drop purchases for himself, the product will depend on his choice. If for resale, then smartphones, laptops are the best and fastest, sometimes video cards and other computer components are in great demand.
Separately, in clothing carding, there are ways to sell clothes from Western stores - however, for such a scheme you will have to find a large number of customers, since even branded clothing will not give you tangible profit. However, the method is quite safe - many, even large, clothing stores have weak anti-fraud protection and are popular, which makes it possible to get around your purchases in the bulk.
Also, you can do carding information products - licenses, keys and time payment cards on online services. This niche is less profitable, but finding buyers for game licenses is fairly easy. However, for the client himself, the "curdled" product in this case does not look attractive - upon opening the fact of fraud, the license will most likely simply be blocked, and sometimes the entire user account.
What would a perfect store look like?
The store must:
A low level of protection means the absence of powerful anti-fraud systems and a large number of detectors. Almost all major players in the online shopping market have already encountered fraud, and in considerable volumes, which forces them to improve their protection systems and actively cooperate with authorities to protect against carders.
Small shops that run on self-written systems or free CMS like Wordpress are not always equipped with sophisticated security systems that are difficult to circumvent. They either haven't thought about them yet, or they don't have enough money to install them yet. Also, they rarely work on creating visitor fingerprints - this system requires a lot of investment and works for small stores using data from Google or Yandex.
Popularity refers to the number of purchases per day. If at least 10-20 people buy something on the resource per day, then your purchase among them will easily get lost and will not cause attention from the store employees. The average check also plays a role - if your purchase is 5-10 times out of the general range, then you will most likely be interested.
European banks are not yet fully using the 2FA system - in European countries it is much easier to obtain a license from a visa or mastercard, which will allow you to make purchases bypassing additional confirmations from the bank. If the website has a “Licensed by Visa” badge, most likely the purchase will go through without any problems. Also, it is advisable that the store is in the same country as the bank in which you have the card - so there will be even less suspicions.
In this case, the store must send goods to the drop address. If your drop accepts goods in your drop, then you should know that not all European stores send to Russia. In this case, you can find a forwarding service - a person in Europe will receive your product and send it to an address in Russia.
Can I find a store on the carding forum?
The best carding forums often have a large number of different tips for choosing a store, and sometimes direct advice on which resource is worth working with. However, if the information has already been published, it is out of date. Most likely, the store was attacked by more than a dozen carders and it has already become more attentive to customers.
However, if we are talking about unpopular areas (information products, clothing), then even after posting on the forum, the store may remain relevant for carding, but still, the best store is the one that you found yourself and is only used by you.
After you have chosen a store, purchased a card and found a drop, you can start carding.
Carding Highlights
The process itself is very simple. You create an account on the website, enter the cardholder data in it, link the card itself and start buying. To do this, you need the owner's data, card number, expiration date and its security code - CVV or analogs, which are indicated on the back of the card.
If you work with expensive equipment, most likely, even a licensed store will ask you for information for confirmation. Usually this is a code, however, it can be obtained through social engineering - for example, by calling a client, reporting an error and asking him for a code to cancel the operation, or in more sophisticated ways. It is best, of course, to bypass places that require you to authenticate.
When billing in carding, it is important to indicate information similar to the drop address for sending a check. If they are located in different countries, then check if the store works for the whole world, or sends goods only within their own country. Providing similar billing information is the key to easily bypassing most items from the store side.
Also, indicate the number available to you. If possible, use online telephony with a number within the country of purchase. Be prepared for the store employees to want to chat with you before the sale. Use voice morfer, get ready to speak in a foreign language, or seek help with this - the purchase confirmation should look believable. The best option is if the drop knows the language and is ready to receive a call from the store.
You can reduce the likelihood of calls by buying cheaper goods - try not to exceed the upper check limits. You can find out this information from official sources, such as interviews or store articles (in Russia, online stores themselves publish such information on sites like VC.RU), or by posing as a representative of a trading company that wants to cooperate.
The delivery method is left to the discretion of the carder, but drops do not like receiving goods at courier services. If possible, send the parcel by letter immediately to the addressee's house, this will allow him to collide with people as little as possible and hide his identity more when receiving the goods.
In clothing carding, it's also important not to repeat yourself. If you buy a product from one card and send it to a drop, then it is unreasonable to buy the same product from it - most likely, the operation will raise suspicion. If you send from multiple accounts to one address, you will also most likely receive a denial of service and a call to the cardholders. Try to pause.
What should be avoided "from the bank's side"?
One of the most important criteria for carding is to bypass the bank's purchase limits. If you exceed the limit for a one-time or weekly purchase, wait for a call to the owner, who will cancel all your purchases.
Usually the limits are set at $ 1000. Some banks may have their own limits, and besides that, the limits may be individual according to the tariff. You can find them out on the bank's website or when you call it - ask about the limits, saying that you want to open an account.
Make purchases below the limit. For example, with a $ 1000 limit, shop at 700-800. If the limit is greater, then try to deviate from it by 20-30% - this will make the purchase less noticeable, which is especially important when working with asset cards, and the operation is less suspicious for the bank.
The address
Shops usually need country, city, region, zip code and exact address for shipping. Moreover, the data does not have to belong to the drop - this is important only in cases where the parcel will be picked up by mail.
Since some time, shops have also begun to require that passport or driver's license details be indicated when ordering. You can use relatively cheap scans, but the main thing is that the data is similar to the data of the real recipient. If he lives in Estonia - the rights must be Estonian.
Ideally, they should belong to the owner, but with carding, this is almost impossible. However, if the format of the country and the format of the documents of the country in which the bank is located coincide, you can already easily bypass such protection. You can find documents there, on the websites of carders.
What if the address of the card and the recipient is very different?
If you order a purchase to Russia, and the card belongs to a German, be prepared for rejections. In this case, you will either need to change the number to contact the store, or hope for luck. Knowledge of the language can play a special role in this case - moreover, it must be good, without an accent. Otherwise, you will most likely receive a denial of service from the store.
However, if the store started operating recently, then they do not know such features yet, and each purchase for them brings huge profits that they need. They may even close their eyes to strong differences if they notice them. However, there is no need to hope for this - each purchase from someone else's card often leads to a refund of funds to the holder, and the store incurs losses, which rather quickly teaches them to check billing information.
A little about anonymity
Almost every modern store retains your visit information. They need it to offer you the products you need most, to improve usability. Used by everything - browser, IP address, actions, behavior, JS data, window size. All this needs to be passed on to shops, however, it must be fake.
Use regular TOR as a browser, but pass traffic through pure proxies, preferably from the IP of the country where the bank is located. Run the equipment on WM and transfer only those JS data that will not lead to your deanonymization. Fake the rest of the data - use the standard size of the browser window, repeat the typical visitor behavior. Use antidetect software - for example, LinkenSphere. And remember - anonymity is the main thing for you.
In the last article, I disassembled the basic scheme and gave tips for finding drops and cards. In this article we will analyze the features of choosing a store, product, the main points of carding and working with addresses.
How to choose a product?
Anything can be a product in clothing carding, however, not all of them can bring tangible profits, since you can card both cheap headphones and expensive equipment.
The product should be discussed with the drop in advance. If a drop purchases for himself, the product will depend on his choice. If for resale, then smartphones, laptops are the best and fastest, sometimes video cards and other computer components are in great demand.
Separately, in clothing carding, there are ways to sell clothes from Western stores - however, for such a scheme you will have to find a large number of customers, since even branded clothing will not give you tangible profit. However, the method is quite safe - many, even large, clothing stores have weak anti-fraud protection and are popular, which makes it possible to get around your purchases in the bulk.
Also, you can do carding information products - licenses, keys and time payment cards on online services. This niche is less profitable, but finding buyers for game licenses is fairly easy. However, for the client himself, the "curdled" product in this case does not look attractive - upon opening the fact of fraud, the license will most likely simply be blocked, and sometimes the entire user account.
What would a perfect store look like?
The store must:
- Have a low level of protection;
- To be popular enough so that your purchase for 50-100 thousand does not arouse special suspicion from the store employees;
- Be trusted with banks so that they do not require additional checks like 2FA;
- Send goods to the addresses of your drops.
A low level of protection means the absence of powerful anti-fraud systems and a large number of detectors. Almost all major players in the online shopping market have already encountered fraud, and in considerable volumes, which forces them to improve their protection systems and actively cooperate with authorities to protect against carders.
Small shops that run on self-written systems or free CMS like Wordpress are not always equipped with sophisticated security systems that are difficult to circumvent. They either haven't thought about them yet, or they don't have enough money to install them yet. Also, they rarely work on creating visitor fingerprints - this system requires a lot of investment and works for small stores using data from Google or Yandex.
Popularity refers to the number of purchases per day. If at least 10-20 people buy something on the resource per day, then your purchase among them will easily get lost and will not cause attention from the store employees. The average check also plays a role - if your purchase is 5-10 times out of the general range, then you will most likely be interested.
European banks are not yet fully using the 2FA system - in European countries it is much easier to obtain a license from a visa or mastercard, which will allow you to make purchases bypassing additional confirmations from the bank. If the website has a “Licensed by Visa” badge, most likely the purchase will go through without any problems. Also, it is advisable that the store is in the same country as the bank in which you have the card - so there will be even less suspicions.
In this case, the store must send goods to the drop address. If your drop accepts goods in your drop, then you should know that not all European stores send to Russia. In this case, you can find a forwarding service - a person in Europe will receive your product and send it to an address in Russia.
Can I find a store on the carding forum?
The best carding forums often have a large number of different tips for choosing a store, and sometimes direct advice on which resource is worth working with. However, if the information has already been published, it is out of date. Most likely, the store was attacked by more than a dozen carders and it has already become more attentive to customers.
However, if we are talking about unpopular areas (information products, clothing), then even after posting on the forum, the store may remain relevant for carding, but still, the best store is the one that you found yourself and is only used by you.
After you have chosen a store, purchased a card and found a drop, you can start carding.
Carding Highlights
The process itself is very simple. You create an account on the website, enter the cardholder data in it, link the card itself and start buying. To do this, you need the owner's data, card number, expiration date and its security code - CVV or analogs, which are indicated on the back of the card.
If you work with expensive equipment, most likely, even a licensed store will ask you for information for confirmation. Usually this is a code, however, it can be obtained through social engineering - for example, by calling a client, reporting an error and asking him for a code to cancel the operation, or in more sophisticated ways. It is best, of course, to bypass places that require you to authenticate.
When billing in carding, it is important to indicate information similar to the drop address for sending a check. If they are located in different countries, then check if the store works for the whole world, or sends goods only within their own country. Providing similar billing information is the key to easily bypassing most items from the store side.
Also, indicate the number available to you. If possible, use online telephony with a number within the country of purchase. Be prepared for the store employees to want to chat with you before the sale. Use voice morfer, get ready to speak in a foreign language, or seek help with this - the purchase confirmation should look believable. The best option is if the drop knows the language and is ready to receive a call from the store.
You can reduce the likelihood of calls by buying cheaper goods - try not to exceed the upper check limits. You can find out this information from official sources, such as interviews or store articles (in Russia, online stores themselves publish such information on sites like VC.RU), or by posing as a representative of a trading company that wants to cooperate.
The delivery method is left to the discretion of the carder, but drops do not like receiving goods at courier services. If possible, send the parcel by letter immediately to the addressee's house, this will allow him to collide with people as little as possible and hide his identity more when receiving the goods.
In clothing carding, it's also important not to repeat yourself. If you buy a product from one card and send it to a drop, then it is unreasonable to buy the same product from it - most likely, the operation will raise suspicion. If you send from multiple accounts to one address, you will also most likely receive a denial of service and a call to the cardholders. Try to pause.
What should be avoided "from the bank's side"?
One of the most important criteria for carding is to bypass the bank's purchase limits. If you exceed the limit for a one-time or weekly purchase, wait for a call to the owner, who will cancel all your purchases.
Usually the limits are set at $ 1000. Some banks may have their own limits, and besides that, the limits may be individual according to the tariff. You can find them out on the bank's website or when you call it - ask about the limits, saying that you want to open an account.
Make purchases below the limit. For example, with a $ 1000 limit, shop at 700-800. If the limit is greater, then try to deviate from it by 20-30% - this will make the purchase less noticeable, which is especially important when working with asset cards, and the operation is less suspicious for the bank.
The address
Shops usually need country, city, region, zip code and exact address for shipping. Moreover, the data does not have to belong to the drop - this is important only in cases where the parcel will be picked up by mail.
Since some time, shops have also begun to require that passport or driver's license details be indicated when ordering. You can use relatively cheap scans, but the main thing is that the data is similar to the data of the real recipient. If he lives in Estonia - the rights must be Estonian.
Ideally, they should belong to the owner, but with carding, this is almost impossible. However, if the format of the country and the format of the documents of the country in which the bank is located coincide, you can already easily bypass such protection. You can find documents there, on the websites of carders.
What if the address of the card and the recipient is very different?
If you order a purchase to Russia, and the card belongs to a German, be prepared for rejections. In this case, you will either need to change the number to contact the store, or hope for luck. Knowledge of the language can play a special role in this case - moreover, it must be good, without an accent. Otherwise, you will most likely receive a denial of service from the store.
However, if the store started operating recently, then they do not know such features yet, and each purchase for them brings huge profits that they need. They may even close their eyes to strong differences if they notice them. However, there is no need to hope for this - each purchase from someone else's card often leads to a refund of funds to the holder, and the store incurs losses, which rather quickly teaches them to check billing information.
A little about anonymity
Almost every modern store retains your visit information. They need it to offer you the products you need most, to improve usability. Used by everything - browser, IP address, actions, behavior, JS data, window size. All this needs to be passed on to shops, however, it must be fake.
Use regular TOR as a browser, but pass traffic through pure proxies, preferably from the IP of the country where the bank is located. Run the equipment on WM and transfer only those JS data that will not lead to your deanonymization. Fake the rest of the data - use the standard size of the browser window, repeat the typical visitor behavior. Use antidetect software - for example, LinkenSphere. And remember - anonymity is the main thing for you.
