Points I cover:
- What is carding?
- What are the factors relates to carding?
- How it’s done, I mean process?
- Precautionary measures Carder should take.
Hands-on learning with Infosec Skills:
Your Infosec Skills membership grants you access to:
- 270+ courses
- 40+ learning paths
- 100+ hands-on labs
- Certification practice exams
Nowadays, if we see the credit card fraud trend, it is being increased day by day and new techniques being discovered to hack the credit card info and use it for malicious purpose.
As everything goes cashless, the use of a credit card will be necessary for everyone. This is reason people should be aware of how carding fraud is done and learn how to become not to become a victim.
There are so many ways to get the credit card details available on the internet through Darknet sites as well as on TOR sites (Data Leak .etc.).
My aim is to spread awareness about carding, what is it, how the carder does it, etc.
I have referred many articles, sites and basic documentation which I feel will be useful to share it with you. I want the normal user to be aware of carding methods so they can be alert to it.
As we can see on social media sites and groups, most of the carders provide the offers which are collected from Online Sites and groups for your reference:
Be aware that you should never contact a ripper. A Ripper is a fraud who takes the money and never deliver the product.
￼Let’s start with the basics.
1 Introduction to Carding and Key Points:
There are multiple definitions available per different views.
Carding itself is defined as the illegal use of the card (Credit/Debit) by unauthorized people (carder) to buy a product. For educational purposes, I will now show how a carder is able to go about their illicit activities. Remember – carding is highly illegal, and should not be attempted under any circumstances.
2. Let start to understand each point one by one.
2.1 Computer (PC):
For doing carding always use a computer. I know some methods using a mobile device, but it is less secure and involves more risk.
SOCKS stands for SOCKet Secure. It is internet protocol which allows client and server traffic pass through a proxy server, so real IP is getting hidden and proxy IP get reflected.
This is useful while carding because carder wants to use the credit card holder’s location while doing it.
Users can buy SOCKS.
2.3 Mac Address Changer:
MAC stands for Media Access Control. It is the unique address of every Network Interface Card (NIC).
A MAC address changer allows you to change the MAC address of NIC instantly. It is required to be anonymous and safe .
It is very useful tool help in cleaning your browsing history, cookies, temp files, etc.
Many people ignore this part and get caught, so be careful and don’t forget to use it .
2.5 RDP (Remote Desktop Protocol):
RDP allows one computer to connect to another computer within the network. It is protocol developed by Microsoft.
Basically, carders use it to connect to computers of the geolocation of the person whose credit card carder want to use. It is used for safety and stay anon. Here carders using others’ PC for doing carding instead of their own.
DROP is an address which the carder uses for the shipping address in the carding process.
Let me explain in details with an example:
If I am carding with US credit card, then I use USA address as shipping address then my order will be shipped successfully, and I will be safe. If you have relatives/friends, then no problem, otherwise use sites who provide drop services only we have to pay extra for shipping it.
2.7 credit card (Credit Card):
This part is very much important so read it carefully. Any credit card it is in the following format:
| credit card Number |Exp Date| CVV2 code | Name on the Card | Address | City | State | Country | Zip code | Phone # (sometimes not included depending on where you get your credit card from)|
e.g.: (randomly taken number/details)
| 4305873969346315 | 05 | 2018 | 591 | UNITED STATES | John Mechanic | 201
Types of Credit Card:
Every Credit card company starts their credit card number with a unique number to identify individually like shown below
American Express (AMEX Card) – 3
Visa Card – 4
Master Card – 5
Discover (Disco) – 6
Company wise credit card details:
- Classic: The Card is used worldwide in any locations designated by Visa, including ATMs, real and virtual Stores, and shops offering goods and services by mail and telephone.
- Gold – This card has a higher limit capacity. Most used card and adopted worldwide.
- Platinum – Card is having limits over $10,000.
- Signature – No preset spending limit – great bin to get
- Infinite – Most prestigious card with having virtually no limit. There is less in circulation so be alert when buying these. Use only with reputable sellers!
- Business – it can be used for small to medium sized businesses, usually has a limit.
- Corporate – it can be used with medium to large size businesses, having more limit than a Business card.
- Black – It has limited membership. It has no limit only having $500 annual fee, high-end card.
- Standard – it is same as classic visa card.
- Gold – it is same as visa gold card.
- Platinum – it is same as visa platinum card
- World – it has a very high limit.
- World Elite – it is virtually no limit, high-end card.
- Gold – it usually has around a 10k limit.
- Platinum- is usually has a higher limit (around 35k).
- Centurion – it has a High limit (75k+). It is also known as the black card, note: do not confuse with visa black card.
Now we can start with some of the questionnaire and Basic concepts before start practical process of Carding.
Q1. What is BIN?
It is known as Bank Identification Number (BIN). It is a 6-digit number e.g.: 431408.
Some of the reference sites which give BIN info which I also refer:
Simply go to the site (www.bins.pro)enter BIN number and click on find to get the details. I have added first 4 digits only.
You can filter out the option as per requirement shown below.
We got most of the information from the site. Now the question is how to know the balance of CC. is it possible? and answer is Yes, I will let you know step by step using normal as well as Skype method .
Q2. What is the meaning of VBV, NON VBV and MSC?
VBV (Verified by Visa) – Extra level protection is added by Visa to protect the Card from fraud.
Like DOB, password, Social Security Number and Mother’s name, etc. also sending OTP (one-time password) as extra security level to card owner mobile number to validate the transaction.
NON VBV (Verified by Visa) –Handy to use. No need extra information as specified in VBV card while doing the transaction.
Note it down (IMP)- Carders mainly buy and use NON VBV cards for carding.
MSC (MasterCard Secure Code) – security level same as VBV card.
Q3. What is AVS?
It stands for Address Verification System
It is the system which is used to identify the credit card holder original address with billing address provided by the user while shopping or online transaction.
The system is used to identify the online fraud over the internet.
Q4. How to check credit card is live or dead?
There are many sites available on the internet to verify credit card is live or dead, but they charge for it approx. $0.001 (price may vary). Also, 80% websites kill the credit card so never use it.
There are tools also available on the internet to check the credit card status, but most of them are a backdoor or Trojan so prefer not to use it.
As such there is no easy method to check it. Carder uses own ways to find it out. One of the ways is…
Most carder go to Porn sites, buy a membership and confirm the credit card is live and proceed with carding.
Q5. How to check the credit card is live or dead? (Skype Method)
(Note: method is posted on March 16)
Login into Skype account and call on Magic number +18005xx5633 (masked). You will connect to voice mail (lady’s voice). Start by entering the credit card number, and voice mail lady will stop automatically.
After that enter Expiry date of a card like 01 16 (mm: yy format).
If your credit card is live then voice mail lady will speak like “Thank you for calling, we really appreciate your business, since u are a 1st-time caller we would like to connect you .. blah blah” then just hang the call.
But if the credit card is used and voice mail lady speak like “Ohh I’m sorry please re-enter your credit card number now” then the card is dead. You can repeat the same process as many time you want.
Note: You need a good internet connection for Skype calls.
Q6. What is Bill=ship/Bill=CC/Ship=your Address?
Kindly pay attention here as it is also the main portion in carding process. Any mistake will cancel the order and id get blocked.
BILL=SHIP (Billing address: Shipping address)
Take a scenario of normal online shopping scenario, when you are doing carding you will use billing address and shipping address are same. Means in both u will use your address. No need to use credit card address.
Bill=Shipping address, Ship=your address
When you are doing carding, you will use credit card holder address as your billing address, and shipping address will be your address. Most sites use this method.
Now we cleared basic concepts and start with the actual process of carding.
Setup SOCKS proxy in Firefox:
Follow the steps à open Firefox à go to options àadvanced options à network à
A pop-up will come. It will show options
No proxy 2. Auto Detect 3. Use system proxy 4. Manual proxy configuration
Select manual proxy configuration. Enter socks host: <> and port: <> e.g.: 126.96.36.199: 8080. Press ok and restart Firefox. Now you are connected to secure Socks5
Note: when you buy a socks always match with credit card holder address. If credit card holder is from California, USA then try to get SOCKS5 at least matching state, country.
Guys now time to start the Carding process. Kindly follow the steps:
- Create the email id matching with credit card holder name. If his name is John Cena (the random name was taken), then email id should be email@example.com or near about.
- Now Run RDP and connect to the credit card holder location system to proceed. If you didn’t have RDP, then follow following steps.
- Open MAC changer and change the address randomly.
- Run CCleaner and clean all the unwanted data (cookies/history/temp data etc.).
- Setup SOCKS5 proxy in Firefox. <>.
- Be sure to use SOCK5 is matching to the location of credit card holder and be aware not to use blacklisted IP. Check with www.check2ip.com
- Open the site for shopping. I want to recommend a website shop from your country because you don`t need to wait a lot for your package.
- Register with credit card holder information (John Cena), name, country, city, address, and email.
- Shop and choose your item and add to cart. Precaution: Select item not more than $500 at first step.
- In shipping address add your address or drop address where the product is going to deliver.
- Then go to the payment page and choose payment method like a credit card.
- Enter all details of credit card manually because most of site having copy paste detector script.
- Finally, in billing address add credit card owner address info and then proceed with the payment process.
- If everything all right then the order will get successfully placed.
- Once the order arrives at the shipping address, receive it from delivery boy.
- (Few carder arrange fake id if delivery boy ask for proof).
Carding method using mobile:
Extra pro carder uses mobile for doing carding. If you followed steps carefully, you would also do that.
- Require rooted Android mobile.
- Install few application require for carding (proxy apps, CCleaner, IMEI changer, Photo and Android ID changer).
- You can use any VPN for carding I recommend HMA or Zen mate.
- You can use SOCKS5 proxy with proxy droid apps.
- Also, proceed with IMEI and Android ID changer and do it.
- Now connect with proxy droid with SOCKS5 proxy and connect it.
- Now follow all the steps explained above J
CC from shop à www.validcc.su
Buy SOCKS from à www.vip72.com
Download CCleaner software à www.piriform.com/ccleaner
Download MAC address changer à www.zokali.com/win7-mac-
Download SOCKS checker à www.socksproxychecker.com
- BIN: Bank Identification Number
- CC: Credit Card
- CCN: Credit Card Number
- CVV/CVV2: Credit Verification Value (Card Security Code)
- SSN: Social Security Number
- MMN: Mother Maiden Name
- DOB: Date Of Birth
- COB: Change of Billing
- VBV: Verified by Visa
- MCSC: MasterCard Secure Code
- POS: Point of Sale
- VPN: Virtual Private Network
- BTC: Bitcoin
- Personal Advice:
- Normal users: Keep your credit card safe hands. Keep changing the credit card PIN on a monthly basis. Do not make the online transaction from unknown system/mobile.
- Who want to learn carding – I observed many of the newcomers try to be smart and got ripped multiple times. Don’t do it, it’s finally your loss.
- Carding is Illegal activity. Do not do it. If get caught, then, you will be in trouble.
- Be safe and have fun J
Quality CC/CVV to an address, full name, phone number, zip code, city, and state (don’t get junk cards pay good money for good cards)
Socks 4/5 to the state and if you can the city since that would be perfect. This sock must have never been used before so don’t be cheap and get a quality sock. Socks are just as important as quality cards!
You will need programs to cleanup cookies and other flagging shit. Get CCleaner – get the free version it has everything you need. Get the flash cookie cleaner – it is free as well
Antidetect 7 or FraudFox VM: These are not needed but they really increase your carding success to almost 100% if used correctly and setup properly which both are not very hard to do.
A drop address or if your carding digital items you don’t need that.
OK now let’s Card
First Method (Most successful)
Do this on a fresh reboot and make sure you have used ccleaner and flash cookie cleaner and they are running. Used disk cleanup in windows as well.
Go to Amazon and create a new account using the new fresh sock you have. Now you will need to act like a typical buyer so we can’t just jump right in. Go and search for a few items but don’t buy anything, just add anything to your cart small stupid items, not the items you going to card though.
Now logout, and leave your computer don’t do anything else on it. Put it to sleep. In 5 hours log back in. Clear out your shopping cart, now let’s card.
Go and find some items depending on your card limit that are anywhere between $30 and $150. Now using the credit card you have pay for the items in your cart. You may need to wait for amazon to approve your order or not. Sometimes it’s random I swear.
Now the order should have been accepted and shipped. If not then you either have a shitty card worth less than what you trying to card or you threw a flag. Go back and check your setup. This is pretty full proof way to card amazon. If everything is in place and you have your bases covered you should be in and out. Make sure you check to see if you IP leaking cause that would throw a flag as well: https://www.dnsleaktest.
Now we can also speed up this order if it’s in processing just so it doesn’t get charged back and flagged before it gets shipped. Send amazon an email from the email that you created for this account. Gmail is preferred email for this setup as it is much more trustworthy do to its security signed up measures. Use an excuse to make them speed it up. There is excuse kind of tie into what you are buying. So let’s say you want a 800 dollar cannon camera then tell them that you need it for — day for your college project or you will fail the class etc. Don’t forget it’s real person on the other end so make your excuse real and don’t go too in depth.
Now they may ask to call you on the phone number associated with the CC account. This happens maybe 30% of the time. Just say OK and hope no one picks up the phone on the other end and luck I on your side. If they send you another email saying they tried to contact you but no answer then simply say “I am so sorry I changed my number and I haven’t update it with my CC company yet” then give them a burner number where you can actually answer.
Now if all goes smooth then you have carded your first real item on Amazon. Now that you have done that your account is trusted and you can place an order between $500-$800 or until the card is maxed out. Stay below $2000 per order. Max the card out as quick as you can but be inconspicuous and act like a real buyer. The security for the most part are bots and the formulas they use are really intense so when I say act like a real buyer I mean that or you will get limited and blocked.
Just understand that these methods work 90% of the time and the majority of the success of carding I on the carder himself and the setup he has. With Antidetect or Fraudfox the carding success is closer to 95%. Amazon, eBay, and PayPal are getting harder and harder to card and fraud every day and pretty soon it won’t be possible so understand that you need to have everything in tip top setup and stay ahead of bots.
This method is a little better for low level cards or just an easier method then the above as the security is a little more lenient because the purchase amount is less. This method is also not as successful as the above method.
Everything is the same as above except this time purchase an item worth around $2.00. Get the lowest and cheapest delivery time as it throws less of a security flag.
Now once your order is approved just like the first one your account is now a trusted account. I recommend using FedEx for your shipping method as it has less security compared to UPS and USPS for the real order.
Now card a total of $600-$800 dollars and it should go right through.
You can also open a seller account and attach the CC to it and purchase through a seller account. It is a little more work but your success will be greater.
Thank you and don’t forget if a payment is declined it’s 50% of the time the card so make sure your cards are good.
Share it as much as you can so every will be aware of carding and they will not approach to rippers.