What carding is:
Carding summed up quickly is the act of obtaining someone?s credit card information, from the CC#, CVV, CVV2, CVN, and the billing address, along with the expiry date and name of the person the card belongs to along with a signature.
Online carding is the purchasing of goods done over the internet with the CVV2. Now for you n00bies you?re probably wondering what a CVV2 is, it?s simply just the database of basic info for the card such as the card type (e.g. Mastercard) First and last name, address and post code, phone number of the card owner, the expiry date (and start date if it?s a debit card or prepaid CC), the actual CC number and the CVC (card verification code, which is the 3 digits on the back of the card).
This is the format you usually get them in when you buy off IRC:
:::MC ::: Mr Nigerian Mugu ::: 1234567890123456 ::: 09|11 ::: 01/15 ::: 123 ::: 123 fake street, fakeville, ::: Fake City ::: DE24 TRH ::: 01234-567890 :::
SOCKS and why we use them
Now with ANY fraud at all you have to take precautions so you don?t make it easy for anyone to catch you in your wrong doings. As usual I swear against TOR for carding/scamming because most nodes are blacklisted by websites and because TOR cycles through various different proxies; and even if you configure it to go straight through an exit node of your choice it?s still not worth it. You can use JAP but make sure you?re using some constant sock proxies from the same city, town or area that the card is from; also go war-driving and use a VPN (don?t trust anyone off IRC with these, won?t comply with LE).
You can get good SOCKS here (people are selling accounts for the site in IRC all the time), that?s the best place but even I ended up losing the account eventually.
want FRESH proxies every time you card.
Finding a cardable site and what cardable means
Basically a cardable site holds these characteristics and what you should be looking for to determine an easily "cardable" website:
The top one you need to look for on the site?s TOS is that they send to any address they don?t, with a COB, photoshopped verification (will go into detail later) or some social engineering over the phone).
Secure code (most of the time if you ask your vendor they?ll include them in your CVV2 details textfile), if they do have one of these you have to put in and you don?t have them then don?t waste your time
If they ship internationally (for obvious reasons, but you can just stick to local websites and order to your local drop)
If they leave packages at the door when no one?s in, or around the back in a safe area (I know of one site in the UK that has all these qualities including this one, it is perfect for carding clothes) to call you up to verify or want a utility bill, passport or a scan of the actual CC)
It is hard to find websites online now that have most of these qualities, therefore we carding "non cardable websites" with fake CC scans and other fake documents the card, but they want verification either through phone or scans of a utility bill, credit card or passport.
For this you?ll want to get a pay as you go deal for a cheap shitty mobile all in fake to help you. Hell if the person?s details you?re using is local to you and you?re daring then go to their home and beige box from there; it?d be very convincing.
Carding, have some bullshit story if you?re having it sent to a diff address such as a family member?s birthday and you need it there as quick as possible as it?s a last it?s easy to get them mixed up, so make sure who it is calling you 1st.
For CC scans and how to do them check the attachments at the end of this file, they tuts have said to do, you then tilt them a little bit so it does actually look like a scan. To make it even more believable put some paper in the scanner (dark shade if you it and then do the same with the back, then send the scans to them via e-mail or post. Same goes for utility bills (can be got through trashing or your own, and then edited in PS).
Do not use the same designs when making your CC scans, otherwise it will become too I?m giving you a globe hologram image so you won?t have to buy them in IRC; unfortunately all of my visa hologram pics are shit, but I?m working on getting a good one soon.
Carding whilst on the job
Getting CC, CVV, CVV2 through use of mobiles
Believe it or not giving your information out to anyone anywhere is not a wise choice, you can not trust anyone in this day and age. Yes there are carders working on the and using them freely without a care in the world. The most common of places for a carder to work at are brand label clothing stores such as Limey?s, Charlie Brown?s and all the other trendy shops.
Ever noticed when yourself or someone else has paid at the desk with a debit card or credit card that they bring out a keypad from under the desk, then put your card into under the desk with it to get the keypad, they are doing more than just that; just because they?re not taking the card and running off with it does not mean they?re not stealing your information. A friend of my dad used to card and work in a clothing store, he used to have a piece of play doh stuck under the desk and he used to press the card onto the piece of play doh, unfortunately he began doing it too much and a co worker and from what I know he is still doing time. The moral is, be careful with already put on to the play doh. Also you can?t get the CVC through this method, I was just giving a classic example from the olden days.
But there is a new wonderful invention called cameras, video recording, and mobile phones and they are even all working on the same thing. It?s best to test it out 1st and have a camera on your phone that is at least over 2 megapixel and allows long enough video recording times. The phone is set to video record and on a lighting if needed, and taped underneath the desk for you to record both sides of the card for all the information you need, as well as being quick you can get a lot more than 2 on,
You need good reason to be going under the desk to get the chip and pin machine, so make the desk look cluttered up and put shit in the way of everything, such as coat hangers and various other items; or you could just flat out bullshit the customer and say that the chip and pin machine on the desk isn?t working so you need to get the other one, take their card and then go under searching the desk and quickly show it to the camera phone and then get the chip and pin machine and put the card in it and then hand to the customer to put in their pin as normal, unaware you have a CVV2 to later use when shopping online.
Skimming whilst on the job
For skimming you?ll want a mini portable MSR500M reader that can be fitted on your waistline belt or of course once again under the desk, if you?re a cashier. But you?ll also want a MSR206 writer if you plan on writing the tracks to an embossed CR-80 piece of plastic later (you can make these yourself but embossers are expensive and it?s an expensive procedure, so wait a while until you do that yourself and buy them from IRC (be careful, people like to rip with plastics, or you?ll get shit quality if you don?t watch out).
If you plan to just sell the dumps on IRC then that?s fine, but you?ll still need the PIN as well, so if you?re a waiter you can get a cheeky peek at them putting their pin into the chip and pin device while you keep hold of it slightly (have them put the pin in while they?re sat down and you?re standing up). It?s much easier to skim in a as much. You can keep the MSR500M in your front pocket of the uniform you?re wearing and pretend to be giving the card a clean on the sleeve (bullshit and say the device won?t read it), while really you?re giving it a swipe into your reader. This way the person doesn?t even get suspicious because you don?t take their card out of sight with them. I guess you could do that technique with clothing retail too when you get their card in your dirty little hands, but peeking for the PIN is harder or you?ll have to have a friend shoulder surf for it (or if they?re on the next register have them use a Sony cyber shot c902 camera phone and pretend to have them talking on the phone while really they?re recording the person next to them putting in their PIN; cybershots are really inconspicuous looking with their cameras and VERY clear [5mpixel]).
Keylogging for CVV2s
First of all it?s best if you use hardware keyloggers here that you put into the keyboard of a computer belonging to an area where a lot of people are going online a lot and logging into e-mails, ebays, paypals etc, pretty much giving you enough info for you to go searching through if you get in their e-mails, or maybe you?re lucky
And come back within 2 days time or so and collect the keylogger after doing some browsing yourself (as to not look suspicious just coming in and then leaving a few seconds later).
Or of course you could set one up in a business and do the classic call in and do some social engineering from the credit card company or secret service and have them go to the bank online and have them log in to verify, or maybe even have them log in to a fake bank online made by yourself that will collect anyone?s info who logs in on it.