Chapter 1 – Virtual Carding
This chapter is about virtual carding. Virtual carding is the art of ordering goods online using stolen credit cards, also known as “CVV”, “pizza”, any any other names the members of the community use to disguise their intentions. Although this seems easy, there are many pitfalls you might want to be aware of when doing that, especially since merchants are getting more and more aware of online fraud. Want to know how to get free goods? Let's get started!
Section 1.1 – How It Works
The first thing is to ask yourself, how much do you want to card, and what do you want to card? Then, you will have to pick one of those 3 levels. Each level represents a difficulty level and you will see the prerequisites.
Level 1: Easy carding
This level is used for very easy things to card, for example restaurants and small phone orders, mostly under $50. This is the entry point of most carders. For that, you will need:
• Credit card number
• Expiration date
Level 2: Intermediate carding
This level is used for online transactions that are slighly higher, like background reports, or a very small physical item. You will need:
• Credit card number
• Expiration date
• CCV code
• Cardholder name
• Full billing address
• Sometimes, phone number of the account
Level 3: Hard carding
This is not recommended for beginning carders. Here we are talking about everything above level 2, such as large physical items, or high-security websites like Newegg, TigerDirect, and sites that require Account Take-Over (for ATO, see section 1.2 of this guide). Computer parts, electronics, and many other items fall in this level. You need:
• Credit card number
• Expiration date
• CCV code
• Cardholder name
• Full billing address
• Phone numbers
• SSN
• DOB
• Recommended, background report
If you are aiming for level 1 carding, you just need to call for pizza and order pizza to another address, no need to write lengthy paragraphs on this one. This is easy and is pretty straightforward.
If you are aiming for level 2, you can card background reports or small physical items, mostly under $150. All orders are done online, and you will have to enter the correct billing address, shipping address, and card information.
Now, you must see if the websites says billing phone number on file with the bank, or simply contact phone number. If the website asks for billing phone number, you have to put the phone number on file with the bank for the cardholder, otherwise it is safe to put your burner phone number (see section 2.1 of this guide). Now, is the website going to call you? It depends on the order, their policy and their suspicion about you, so there's no safe answer to this question. Remember that carding is often trial and error.
When you use a card to hit a website, do not hit another website using the same card until your order has shipped. Making an order go though and having a charge approval is easy, but getting it shipped is often where the challenge lies.
A level 2 site that is often carded is peoplefinders.com. This is where carders get most of their background reports. It is a good playground to test your skills, and will prove useful later.
Now, on to level 3. You probably saw the information required, now how to get it?
First, if your subject is aged under 40, chances are that you are out of luck. Otherwise, read on. First, you need to get the right type of card. This is called finding the right BIN (Bank Identification Number). The BIN is the first 6 digits on the card and is used to identify the card type as well as the issuing bank.
To learn more, go to bindb.com, at the top go on Bin Search, and enter the first 6 digits of the card. They will tell you the issuing bank, and card type. You have debit and credit cards, and the card type can vary.
From the weakest to the strongest, they are:
• Secured: Very low limits, sometimes around $300
• Classic: Low limits, sometimes around $1000
• Gold: Average limits, can be around $3000
• Platinum: High limits, can be around $8000
• Business: Very high limits, in the 5 digits, often around $15,000
• Signature: The best ones, I got cards that had $30,000 of credit limit Note that those numbers are subject to change according to the cardholder's credit score, history, and spending patterns. For the benefit of this guide, we will only work with credit cards. By experience, debit cards often do not have funds, and have tighter security for online purchases. In other words, they are rubbish for level 3 carding, but may have other uses, like level 1 or level 2 purchases. Register an account on any SSN finder site such as ssnfinder.ru or ssndob.cc and look for your subject. At the same time, go on peoplefinders.com and get the full background report of your subject using a level 2 card.
Once you have the background report, look if the addresses and date of birth match on the report and on backstab. If everything matches, you can assume the SSN will be correct. Use your common sense to compare the backstab and peoplefinders results to make sure you didn't get the wrong information. About 80% of the subjects over 40 years old can be found.
You have the SSN and DOB? Great!
Now, time to get the mother maiden name. This is slightly harder and will work if your victim is in one of those states: Arizona, California, Delaware, Idaho, Indiana, Kentucky, Maine, Maryland, Massachussetts, Minnesota, Nevada, New Hampshire, New Jersey, Ohio,Rhode Island, South Dakota, Texas.
Go on archives.com and card an account, then look for your subject's mother (look at the background report for her name and date of birth), and try to look for her birth record. This is a trial and error case and works about 50% of the time. Why get all this information? Because many level 3 swites will have either VBV (Verified by Visa) or MCSC (MasterCard Secure Code) protection during checkout. This is a form that is presented by the issuing bank of the credit card and asks for additional questions.
Although every type of card is different, the commonly asked questions are:
• Date of Birth
• Last 4 digits of SSN
• Full name on card
• Billing zip code
If you fail any of those questions, the order will not go through. Now, why did we need all this information? Because we will perform a ATO on the account. This is tricky. Read the next section for a detailed description of Account Take-Over fraud.
Section 1.2 – Account Take-Over Fraud
Do you dream of carding thousands of dollars worth of computer hardware on Newegg? It's doable, but not easy. You have to follow the right steps. I carded a $10,000 gaming rig in under 2 weeks using platinum cards by following that guide, so I'm in position to tell you how.
First thing, check the balance of your credit card. Now, before going crazy, remember this rule of thumb: Do not use card checkers! They burn the card very quick.
Let me explain. Every transaction automatically gets a fraud score between 0 and 999. The system used to evaluate transactions is the same used by the big 4 banks and is called Fair Issac. Transactions having a fraud score over 300 will hit manual review by an agent, who will decide if they contact the cardholder or just let it though. Scores over 500 with auto-decline, block the card, and an agent will contact the cardholder.
Some banks have different criteria’s, but things that can affect the fraud score are:
• Comparison with the usual spending pattern of the cardholder
• Location of the charge
• Amount
• Risk factor of the associated merchant
Note: For example, a $20 charge in the cardholder's local Walmart will not trigger anything, but a large purchase of $2000 on Newegg.com will have a high fraud score and probably auto-decline if the cardholder rarely makes online purchases.
So how is this relevant? A small card-not-present charge followed by a big charge will make the fraud score very high, because they assume you are testing the card. If they see a small $1 charge, then a few minutes later a large purchase online, they will auto-decline the card and your plan will likely fail.
There are much better ways to check if a card works. The best way is to call the bank's toll-free number and use the automated prompts. This brings no danger, however use Spooftel to spoof your number to display the cardholder's number.
Once you do that, you are ready to call the issuing bank's number and check how much is left on the card. Let's get to it. Call the bank using your burner phone and have in hand the following information, according to the bank. The automated prompt will give you access to the transaction list, balance, and a few other options.
Here is the information for the biggest 4 banks:
Chase Bank – 1-800-432-3117
• Full card number
• Zip code
Note: If you correctly spoofed the phone number, you will only be asked for the last 4 digits of the card, otherwise you will be asked for the full card number.
Citibank – 1-800-627-3999
• Full card number
• Last 4 digits of SSN
Bank of America – 1-888-421-2110
• Full card number
• Zip code
Capital One – 1-800-955-7070
• Full card number
• Last 4 digits of SSN
If, for any bank, you enter the card number and the system immediately transfers you to an agent without additional questions, it means the account is closed and the card is burnt. No need to waste time on this one, just hang up and use another card. The agent will only tell you the same thing, and you will look dumb. It's always a good practice to take note of the last transactions and amounts, just in case you get asked for them later. Listen to them and write them down, I recommend up to 8 transactions for maximum safety.
So you have the balance and the available credit line now. Nice! So you know how much you can spend online. Before you go crazy though, there is one more obstacle you need to be aware of: many sites like Newegg or TigerDirect refuse to ship to an address that is not on file with the bank. And chances are that your cardholder does not reside at your drop address.
Here is how we will solve this problem, introducing the Account Take-Over fraud, also known as ATO. ATO is the process in which a fraudster (you) calls the bank to make whatever changes he wants to the account, without the cardholder knowing. This involves speaking with a customer service agent and using social engineering.
Before you even think about pressing 0 to speak to an agent, make sure you have, at the very least, the following information in hand:
• Full card number, expiration date, CCV code
• Full billing address of the cardholder (and county)
• Date of birth (and write down the age too, not just the DOB)
• SSN
• MMN (Mother Maiden Name)
• Employer name (facultative, if possible, try to find it on Facebook)
• Car make and model (facultative, if possible, try to do a Google StreetView on the CH's house)
• House size and value (facultative, if possible find it in realestate.com as this is public information)
• Driver's license number, expiration, state (facultative)
• Previous addresses Background report
In case you do not have the MMN, try to guess using common last names in the background report. If you really cannot find it, sometimes it is possible to get around it with other questions.
Once you have this information in hand, study it, try to remember it. Remember, you are the cardholder, the card is yours, and you are confident, just like when you call your own bank for a legitimate request. When you call the bank, you will be usually asked for 3 security tokens.
Those tokens can be, but are not limited to:
• DOB
• SSN
• Address
• CCV code
• cellphone
• MMN
Note: If you fail 1 token, you will be asked 2 more.
At this point, 2 things can happen:
1. You did it correctly, so the agent will listen to you and will do whatever request you have to do on the CH's account, and no flags will be raised.
2. The agent suspects an ATO is occuring, and transfers you do the security department.
Note: This is called the Verid department, and you will be asked 2 OoW (Out of Wallet) questions. Those are multiple-choice questions based on the cardholder's credit history and public records. They can be easy or tricks, it's random every time it happens. If you fail those, they will tell you that they can't help you and will suggest you show up in person at your bank. They will also ring the cardholder. So if you fail this one, forget this card, it's burnt to a crisp.
The first thing you want to do on the account is change the billing phone number. Only that. Do nothing else, as making too many changes will raise a red flag on the account. Call to change the main billing number and let the card sit still for at least 5 days.
All right, are you ready?
Relax, sit in your favorite couch, call the bank, listen to the prompts, and press 0. The message goes on, this call may be recorded for quality purposes.
Example 1 -if you have the correct MMN (this is the most frequently asked token).
Agent: Thank you for calling Chase, my name is Bob, who am I speaking with?
You: James R Layton.
Agent: Thank you mister Latyon, and for security purposes, may I have the mother's maiden name on the account?
You: Lucile.
Agent: Thank you, and what is your date of birth?
You: October 1 st , 1965.
Agent: Thank you mister Layton, what can I do for you today?
Example 2 -if you do not have the MMN.
Note: Guess it, and do not hesitate. You know yourself better than the agent does, and they can only rely on the information they have on their screen to validate your answers.
Agent: Thank you for calling Chase, my name is Bob, who am I speaking with?
You: James R Layton.
Agent: Thank you mister Latyon, and for security purposes, may I have the mother's maiden name on the account?
You: Smith.
Agent: I actually have something different here, it starts with C.
You: With C? It's impossible! Her name was Lucy Smith, she never used any other name!
Agent: Well, you do not have any other name that might start with C? (if you have a last name starting with C on the background report)
You: My aunt's maiden name is Charlotte, but I doubt that's the answer you have on file. (if you have nothing like that on the report)
You: No, no one in my family uses such a name.
Agent: Oh well, let me take note of this for you, can you confirm the last 4 digits of your social security number?
You: 4456.
Agent: Thank you, and what is your date of birth?
You: October 1 st , 1965.
Agent: And you billing address with the zip code?
You: 123 Fake Street, Fakeville, NY, 10008.
Agent: Thank you Mr. Layton, how can I help you today?
Note: If you hear that, it means you got in. Otherwise, you will be transferred to the security department for the multiple-choice questions, have your report in hand. If you fail, the card is dead. Make sure you spoofed the cardholder's number, otherwise you could be asked for other questions like driver's license number, vehicle plate number, etc. Those are questions you probably do not have the answer to.
Now, what you want to do is change the billing phone number. A sample dialog with the agent can go as follow:
Example
You: I would like to change my phone number. This phone will be disconnected tomorrow and I want to give you my new primary number so you can reach me if there is something.
Agent: Okay I see, what is the number?
You: 234-567-8901.
Agent: Thank you, is there something else I can do for you?
You: No thanks.
Agent: Thank you for calling Chase, have a wonderful night.
Note: Once you passed the verification part, the rest is pretty straightforward and is relaxing.
Now that you changed the billing number, let the card rest for at least 5 days. Do not make any transaction. The cardholder will continue to use his card normally too.
During your call, at the end, if you failed the MMN question, you might want to remind the agent to change the MMN on file to avoid problems next time you call. Also take note, at any point, if the agent wants to put you on hold, or says he needs to verify something and will be back, wait for him to put you on hold, and hang up. It basically means they are going to ring the cardholder.
Download Full Guide From Below Link
 |
CONTACT-ME:
Join my Telegram Channel
Join my YouTube Channel
Youtube-Channel
Post a Comment