JP-Morgan-McKinsey
Member
- Messages
- 2
- Reaction score
- 2
- Points
- 3
Nice to meet you, I'm a Japanese beginner. Please excuse my reliance on machine translation as I'm not a native English speaker(Because the machine translation is inaccurate, I have attached a txt file of the original text written in Japanese.).
In Japan, after the mandatory introduction of 3DS last April, most carders withdrew. Even the talented high schooler who taught me card games (he earned over 200 million yen, or over $1.4 million, in just six months—that's how easy Japanese card games were back then) lost motivation and now leads a serious life.
I learned card games from him last June, but hearing the party was already over was a huge disappointment. After that, I found forums like carder.su and carder.market on my own. I learned that in Western regions, people still battle cards even bypassing the 3DS restrictions. For several months, I lurked as a guest across the entire forum (I figured acting without knowledge would only strangle my own neck).
I want to join the card battles starting today. Therefore, I'd like feedback from the veteran gamers here on whether my current understanding of the situation is correct.
[Overall Card Game Sequence]
1. Environment Setup Phase
- As a precaution, intercept and analyze nearby residential Wi-Fi passwords using Aircrack-ng, connecting devices to those networks first
- Alternatively, obtain an SMS-enabled eSIM (acquired without KYC) and anonymize via tethering(I'm troubled because legal changes require KYC for SMS-enabled eSIMs starting this April)
- Alternatively, log into eduroam (a nationwide university WiFi network) using IDs and passwords obtained from hacking databases (university ID logins don't require 2FA, making them relatively easy)
- Subscribe to ProtonVPN's paid version and perform secondary spoofing using a data center IP
- Use a multi-login browser to spoof browser fingerprint (if you have recommended profile settings, please let me know)
- Acquire multiple ProtonMail accounts without 2FA from hacked databases
- I'm using an XSS-compromised txt file found on this forum, but it's likely from 2024 and not very fresh (though it was useful because some careless card gamers reused the same email/password across various target sites, leaving traces). If anyone knows of better free databases or paid sites, please let me know.
2. Acquisition Phase
- Acquire non-VBV and auto-VBV BIN information using Jerryclub.cc and binx.vip
-
- Send cryptocurrency purchased via a certain exchange through a mixer and store it in a self-managed wallet
- Strict regulations in Japan prohibit purchasing any cryptocurrency without KYC. Many people have been arrested for violating the Financial Instruments and Exchange Act. So, I think it could still be traced even after running it through a mixer once. However, I have limited funds, and if I erode my capital too much with fees and spreads, I won't even be able to buy cards. That's why I'm settling for this level.
- Joining a Marketplace
- Currently considering purchasing from lukiclown, but I want to save since my initial funds are limited. If you know of a cheaper, more reliable marketplace platform, please let me know. Ronaldo Club, recommended by many, is currently offline. Jerryclub seemed the easiest to use, but I gave up on purchasing due to my extremely limited funds.
- I'd appreciate a marketplace platform accepting XRP, SOL, TRX chains for fast transfers, or XMR for untraceable balance top-ups. However, most sellers only accept BTC or LTC (or demand extra fees for USDT). If anyone knows sellers accepting various cryptocurrency deposits, please let me know.
- Investigate any vendor within the marketplace
- Since many sellers handling Japanese cards have clearly unnatural information (like ZIP codes all being prefectural or municipal offices, or data center locations; using US-standard 6-digit ZIPs despite Japanese ZIPs being 7 digits; or names uncharacteristic of modern Japanese people), vendors selling these will be blacklisted.(I can't spot unnatural Americans, but I have a knack for spotting unnatural Japanese)
- Probably stalk vendors selling legitimate phishing CCs, then select and add to cart US CCs from those sellers that have matching CVV, phone number, ZIP, IP, etc. (But these are expensive for me. I'd like to know reliable vendors where I can get them for a few dollars each. Is that too good to be true?)
- CC Purchase & Validity Check
- I heard that running cards through the checker attached to marketplace platforms triggers fraud detection, flagging the hard-earned live cards (actually, my grandfather's CC was fraudulently used a few years ago; just a $0.10 charge, and the card company immediately detected the anomaly and contacted him). How does this actually work? Should I give up on refunds for dead cards and manually check everything myself?
- Many people recommend validity checks on LUX or donation sites, but no one mentions donating to Wikipedia—which I usually find annoying. (Assuming US cards aside, since dollar-denominated payments get flagged instantly as fraudulent for Japanese cards, I hypothesized that yen-denominated payments on wiki might be a good option).Is it safe, untainted by early-adopter card gamers? (Incidentally, Japanese people generally lack a donation culture, so their risk scores are likely high. Japan McDonald's mobile ordering was once used as a checker substitute, but it's now useless).
3. Post-Acquisition Maintenance Phase
- Building Fullz Independently
- Referencing the owner information of acquired CCs to search databases for SSNs, addresses, etc. (I built a local SQL database using the SSN database containing over 200 million leaked North American personal records found here).
- Acquiring geographically consistent static residential proxies (Socks5) by referencing ZIP and IP address data
- I heard Oxylabs is the best, but it's expensive and I'm struggling. Blackpass sells them cheaply, but how reliable are they? If anyone has verified them, please let me know
- Check IPs for contamination using abuseipdb
- Add acquired proxies to multi-login
- Is there any technology to impersonate a cardholder's IP if it's known? Even if geographically close, it's still different connection information than usual, right?
4. Browser spoofing
- Impersonate the owner's information for time zone, language settings, and device details
- Device info is usually untraceable, but setting arbitrary values would likely skyrocket the risk score. Is there a database that matches against high-quality phishing data? (I found an Instagram login database on this forum, so I'm thinking if I'm lucky, I might be able to use it...)
- Create cookie information tailored to the target site
- Initially, I only want to target eGift and Crypto vouchers. I have no money, can't afford dropouts, and my cash-out methods are limited.
- For now, would it be safe to visit sites like Apple, Amazon, Binance, NYTimes, eBay, Steam, IBM, and OpenAI extensively to build a reliable cookie profile? Also, would keeping a Google account logged into the browser lower the risk score?
5. Obtain CC session authorization
- Attempt multiple small payments to gain trust from banks and card companies
- I have almost no clarity on this phase! Please advise in detail
6. Purchase on the Target Site
- Pretend to be a user who spends several tens of minutes thoroughly examining the target site
- Enter the purchaser information accurately during checkout and complete the purchase
- Is a $50 transaction too risky for beginners? Would starting with $10 be safer???
- Use a low-risk email address for delivery
- Is Gmail better than ProtonMail for this?
- If an OTP is displayed, abandon that credit card
- Is this the correct approach?
7. Cash-Out
- Cash out gift cards or vouchers as quickly as possible on KYC-free platforms before they get flagged as fraudulent
- How long after a fraud report are gift cards or vouchers actually obtained through card games suspended? I want to know the shelf life
- Transfer cryptocurrency to an isolated self-managed wallet
- Store carding profits here
- Convert cryptocurrency into valuable assets via any method
1. Transfer to your exchange account and withdraw
- Once a sufficient amount is accumulated, route it through mixers or multiple XMR transactions to a wallet at a certain domestic exchange
- Avoid immediate cash withdrawal; keep it in the exchange and withdraw small amounts gradually
2. Use funds to purchase new CCs or tools
- Blackpass had many interesting items for sale. While the US has many rival gamers, Japan is currently a blue ocean. I want to buy various CCs, test them, and share findings on forums
- Acquiring a large number of stolen accounts might allow for bolder card game play?
- Mass-purchase disposable accounts and SIMs within Japan to obtain completely clean IPs and cash-out methods without proxies or XMR
3. Create a CryptoCard for everyday shopping
- Home delivery is risky if using stolen CCs. Dropout collaborators could betray us or get caught anytime, so they're unreliable.
- The goal is to eventually buy used rack servers legitimately, turn my home into a data center, and run card game multi-agents 24/7. Once AI's risk-based accuracy improves, humans won't stand a chance.
- Please recommend a CryptoCard for everyday use.
[Bin to use]
- JPMorgan
434769
414720
- Goldman
512230
521267
- MUFG
521486
- If you know of any other excellent BINs, please let me know. I'll offer a small token of appreciation if successful.
- These are all prestigious banks considered Tier 1 in the investment banking industry, so why are they generally such easy targets in card games???
[Target Sites]
- G2A
- Eneva
- I've heard this is the easiest, so I plan to make it my main target. Any detailed precautions would be greatly appreciated.
- Steam
- I think it should be easy since a friend was previously a victim of fraud there.
- ROBLOX
- I heard it has the weakest risk assessment system design among official platforms.
- Apple
- I suspect their risk assessment is strict, so I'll avoid it initially.
- Switchere
- I heard you can directly withdraw cryptocurrency if you have perfect Fullz and counterfeit prevention measures, but I don't want to risk losing valuable cards if it fails, so I'll avoid it initially.
[Cash-Out Sites]
- giftmecrypto
- cardcash
[Closing]
- Veteran card gamers, please share your feedback and advice.
- I plan to share card game information in Japan within my knowledge on this forum going forward
- I have lived as an upstanding citizen until now, but due to extreme financial hardship, I have decided to enter the card game scene with my limited resources. If anyone knows of free distribution information or creative workarounds, your help would be greatly appreciated
- The entities directly harmed by card games are multinational financial institutions operating legal yet fraudulent schemes, and the property and casualty insurance companies that sustain their business by collecting monthly premiums from them (these insurers are fundamentally no different from prediction market participants).
- It's undeniable that victims' personal lives will face inconvenience for a period, and we cannot ignore the reality that excessive gamer growth drives up annual fees, increasing the burden. However, victims are compensated for fraudulent amounts as long as proper procedures are followed. Therefore, I feel almost no moral or ethical guilt about card game activities. On the other hand, other types of fraud are structured to exploit individuals, which I find repugnant.
- Thank you for reading this long article. I look forward to working with you in the future.
In Japan, after the mandatory introduction of 3DS last April, most carders withdrew. Even the talented high schooler who taught me card games (he earned over 200 million yen, or over $1.4 million, in just six months—that's how easy Japanese card games were back then) lost motivation and now leads a serious life.
I learned card games from him last June, but hearing the party was already over was a huge disappointment. After that, I found forums like carder.su and carder.market on my own. I learned that in Western regions, people still battle cards even bypassing the 3DS restrictions. For several months, I lurked as a guest across the entire forum (I figured acting without knowledge would only strangle my own neck).
I want to join the card battles starting today. Therefore, I'd like feedback from the veteran gamers here on whether my current understanding of the situation is correct.
[Overall Card Game Sequence]
1. Environment Setup Phase
- As a precaution, intercept and analyze nearby residential Wi-Fi passwords using Aircrack-ng, connecting devices to those networks first
- Alternatively, obtain an SMS-enabled eSIM (acquired without KYC) and anonymize via tethering(I'm troubled because legal changes require KYC for SMS-enabled eSIMs starting this April)
- Alternatively, log into eduroam (a nationwide university WiFi network) using IDs and passwords obtained from hacking databases (university ID logins don't require 2FA, making them relatively easy)
- Subscribe to ProtonVPN's paid version and perform secondary spoofing using a data center IP
- Use a multi-login browser to spoof browser fingerprint (if you have recommended profile settings, please let me know)
- Acquire multiple ProtonMail accounts without 2FA from hacked databases
- I'm using an XSS-compromised txt file found on this forum, but it's likely from 2024 and not very fresh (though it was useful because some careless card gamers reused the same email/password across various target sites, leaving traces). If anyone knows of better free databases or paid sites, please let me know.
2. Acquisition Phase
- Acquire non-VBV and auto-VBV BIN information using Jerryclub.cc and binx.vip
-
- Send cryptocurrency purchased via a certain exchange through a mixer and store it in a self-managed wallet
- Strict regulations in Japan prohibit purchasing any cryptocurrency without KYC. Many people have been arrested for violating the Financial Instruments and Exchange Act. So, I think it could still be traced even after running it through a mixer once. However, I have limited funds, and if I erode my capital too much with fees and spreads, I won't even be able to buy cards. That's why I'm settling for this level.
- Joining a Marketplace
- Currently considering purchasing from lukiclown, but I want to save since my initial funds are limited. If you know of a cheaper, more reliable marketplace platform, please let me know. Ronaldo Club, recommended by many, is currently offline. Jerryclub seemed the easiest to use, but I gave up on purchasing due to my extremely limited funds.
- I'd appreciate a marketplace platform accepting XRP, SOL, TRX chains for fast transfers, or XMR for untraceable balance top-ups. However, most sellers only accept BTC or LTC (or demand extra fees for USDT). If anyone knows sellers accepting various cryptocurrency deposits, please let me know.
- Investigate any vendor within the marketplace
- Since many sellers handling Japanese cards have clearly unnatural information (like ZIP codes all being prefectural or municipal offices, or data center locations; using US-standard 6-digit ZIPs despite Japanese ZIPs being 7 digits; or names uncharacteristic of modern Japanese people), vendors selling these will be blacklisted.(I can't spot unnatural Americans, but I have a knack for spotting unnatural Japanese)
- Probably stalk vendors selling legitimate phishing CCs, then select and add to cart US CCs from those sellers that have matching CVV, phone number, ZIP, IP, etc. (But these are expensive for me. I'd like to know reliable vendors where I can get them for a few dollars each. Is that too good to be true?)
- CC Purchase & Validity Check
- I heard that running cards through the checker attached to marketplace platforms triggers fraud detection, flagging the hard-earned live cards (actually, my grandfather's CC was fraudulently used a few years ago; just a $0.10 charge, and the card company immediately detected the anomaly and contacted him). How does this actually work? Should I give up on refunds for dead cards and manually check everything myself?
- Many people recommend validity checks on LUX or donation sites, but no one mentions donating to Wikipedia—which I usually find annoying. (Assuming US cards aside, since dollar-denominated payments get flagged instantly as fraudulent for Japanese cards, I hypothesized that yen-denominated payments on wiki might be a good option).Is it safe, untainted by early-adopter card gamers? (Incidentally, Japanese people generally lack a donation culture, so their risk scores are likely high. Japan McDonald's mobile ordering was once used as a checker substitute, but it's now useless).
3. Post-Acquisition Maintenance Phase
- Building Fullz Independently
- Referencing the owner information of acquired CCs to search databases for SSNs, addresses, etc. (I built a local SQL database using the SSN database containing over 200 million leaked North American personal records found here).
- Acquiring geographically consistent static residential proxies (Socks5) by referencing ZIP and IP address data
- I heard Oxylabs is the best, but it's expensive and I'm struggling. Blackpass sells them cheaply, but how reliable are they? If anyone has verified them, please let me know
- Check IPs for contamination using abuseipdb
- Add acquired proxies to multi-login
- Is there any technology to impersonate a cardholder's IP if it's known? Even if geographically close, it's still different connection information than usual, right?
4. Browser spoofing
- Impersonate the owner's information for time zone, language settings, and device details
- Device info is usually untraceable, but setting arbitrary values would likely skyrocket the risk score. Is there a database that matches against high-quality phishing data? (I found an Instagram login database on this forum, so I'm thinking if I'm lucky, I might be able to use it...)
- Create cookie information tailored to the target site
- Initially, I only want to target eGift and Crypto vouchers. I have no money, can't afford dropouts, and my cash-out methods are limited.
- For now, would it be safe to visit sites like Apple, Amazon, Binance, NYTimes, eBay, Steam, IBM, and OpenAI extensively to build a reliable cookie profile? Also, would keeping a Google account logged into the browser lower the risk score?
5. Obtain CC session authorization
- Attempt multiple small payments to gain trust from banks and card companies
- I have almost no clarity on this phase! Please advise in detail
6. Purchase on the Target Site
- Pretend to be a user who spends several tens of minutes thoroughly examining the target site
- Enter the purchaser information accurately during checkout and complete the purchase
- Is a $50 transaction too risky for beginners? Would starting with $10 be safer???
- Use a low-risk email address for delivery
- Is Gmail better than ProtonMail for this?
- If an OTP is displayed, abandon that credit card
- Is this the correct approach?
7. Cash-Out
- Cash out gift cards or vouchers as quickly as possible on KYC-free platforms before they get flagged as fraudulent
- How long after a fraud report are gift cards or vouchers actually obtained through card games suspended? I want to know the shelf life
- Transfer cryptocurrency to an isolated self-managed wallet
- Store carding profits here
- Convert cryptocurrency into valuable assets via any method
1. Transfer to your exchange account and withdraw
- Once a sufficient amount is accumulated, route it through mixers or multiple XMR transactions to a wallet at a certain domestic exchange
- Avoid immediate cash withdrawal; keep it in the exchange and withdraw small amounts gradually
2. Use funds to purchase new CCs or tools
- Blackpass had many interesting items for sale. While the US has many rival gamers, Japan is currently a blue ocean. I want to buy various CCs, test them, and share findings on forums
- Acquiring a large number of stolen accounts might allow for bolder card game play?
- Mass-purchase disposable accounts and SIMs within Japan to obtain completely clean IPs and cash-out methods without proxies or XMR
3. Create a CryptoCard for everyday shopping
- Home delivery is risky if using stolen CCs. Dropout collaborators could betray us or get caught anytime, so they're unreliable.
- The goal is to eventually buy used rack servers legitimately, turn my home into a data center, and run card game multi-agents 24/7. Once AI's risk-based accuracy improves, humans won't stand a chance.
- Please recommend a CryptoCard for everyday use.
[Bin to use]
- JPMorgan
434769
414720
- Goldman
512230
521267
- MUFG
521486
- If you know of any other excellent BINs, please let me know. I'll offer a small token of appreciation if successful.
- These are all prestigious banks considered Tier 1 in the investment banking industry, so why are they generally such easy targets in card games???
[Target Sites]
- G2A
- Eneva
- I've heard this is the easiest, so I plan to make it my main target. Any detailed precautions would be greatly appreciated.
- Steam
- I think it should be easy since a friend was previously a victim of fraud there.
- ROBLOX
- I heard it has the weakest risk assessment system design among official platforms.
- Apple
- I suspect their risk assessment is strict, so I'll avoid it initially.
- Switchere
- I heard you can directly withdraw cryptocurrency if you have perfect Fullz and counterfeit prevention measures, but I don't want to risk losing valuable cards if it fails, so I'll avoid it initially.
[Cash-Out Sites]
- giftmecrypto
- cardcash
[Closing]
- Veteran card gamers, please share your feedback and advice.
- I plan to share card game information in Japan within my knowledge on this forum going forward
- I have lived as an upstanding citizen until now, but due to extreme financial hardship, I have decided to enter the card game scene with my limited resources. If anyone knows of free distribution information or creative workarounds, your help would be greatly appreciated
- The entities directly harmed by card games are multinational financial institutions operating legal yet fraudulent schemes, and the property and casualty insurance companies that sustain their business by collecting monthly premiums from them (these insurers are fundamentally no different from prediction market participants).
- It's undeniable that victims' personal lives will face inconvenience for a period, and we cannot ignore the reality that excessive gamer growth drives up annual fees, increasing the burden. However, victims are compensated for fraudulent amounts as long as proper procedures are followed. Therefore, I feel almost no moral or ethical guilt about card game activities. On the other hand, other types of fraud are structured to exploit individuals, which I find repugnant.
- Thank you for reading this long article. I look forward to working with you in the future.
Last edited by a moderator:
WHY YOUR PLAN WILL FAIL
Critical Flaw #1: Over-Engineering Infrastructure
Field Data:
Success Rate: 15%.
