The Ultimate Beginners' Carding Course (Updated March, 2022)
By reading through the Cashout.Guide fraud courses you’ll join me on a journey as I dive deep into the realm of credit card and bank account fraud. The information and knowledge we’ve collectively obtained throughout all of our cybercriminal careers here at Cashout.Guide will be of great benefit to you when looking to learn the topics discussed. I’ve made my profits and are looking at creating something new with all the bullshit nonsense out there so time to pass the tradecraft down to the next.
What a fucking time to be alive. Enjoy!
This course has been written by me, Funshine. However, to ensure this course was up to date and relevant it has been collaborated on from individuals I know personally and professionally over quite a long period of time. I’ve had to re-write some things as language barriers can be an issue for everyone so this course is written in my writing style but co-authored by friends whom I know are successful and through my own experience. Moving forward when you’re reading this the course will be a combination of that. If that makes any sense.
First off there is no one way of doing things. These courses are not the word of law when it comes to fraud but they are told from our perspective so if you have something to add, have a better way of explaining things, or anything you think that I don’t know that pertains to the topics in these courses send me a god damn email and let me know what is WAT. That way we can keep it all updated for everyone to enjoy and cause a fuck show against companies. Fuck yes.
Looking back when I was starting out with fraud I probably spent roughly $3000 – 4000 USD on various items for my initial fraud operation including spending money on useless shit. To be honest most of that budget was blown on every “decent” fraud guide I came across within a (6) year period which ranged from $40 – $500 USD per guide and the ID printer I purchased wasn’t cheap. I went through every carding guide that I purchased to determine if the information was valid, was I successful with what I learned, was the risk worth it, was there any information I was missing out on, and whether it was up to date.
When you gain experience in fraud and you look back on the guides you purchased you realize just how terrible they truly are. The more experience in fraud I obtained the more I realized almost all of the guides I purchased were complete garbage and really didn’t give me the confidence in what the fuck I was doing. Maybe you’ve also purchased some guides and realized the same but these course I’m releasing are as relevant as you’ll ever come across with the experience behind them.
Trust me, this is what you’re looking for.
Everything at Cashout.Guide is up to date and relevant for you so don’t spend any more money on useless shit until you’ve finished this course because it will save you a lot of money and headache this I can assure you. This course is written factual, from experience, from success, and with a story line vibe for helping you understand fraud better.
Make no mistake that you will need some sort of starting budget to get your fraud operation off the ground and running. A realistic budget is important because you’re going to be purchasing things such as stolen credit card information, bank accounts, burner cell phones,s credit card reading and writing equipment, printing equipment, embosser machines, VPNs, RDPs, socks, other equipment,s, etc.
Just like any other business it takes some investment of your own money to get things going so if you’re reading this right now thinking everything will be handed to you for free I want you to go out and buy an orange construction pylon, take pants and underwear off, spread ass cheeks and do a cannonball as if you were jumping into a pool right onto the pylon with DAT ASS.
Don’t be so naive thinking everything in this world is free. Things in life are not free friends. Information is power don’t you know?
I decided to take a fun journalistic approach when writing the fraud course series so you can learn how to commit fraud with modern day methods and tactics in an enjoyable way. Just like the Cashout.Guide hacking courses the fraud courses are designed in a way to get you up to date with proper information along with focusing efforts in order to be successful in 2020.
People should be wondering why am I releasing this information? Why do this? If I’m making millions of dollars cash bills money why even try to create a place like Cashout.Guide? I know some may doubt this but believe it or not I’ve made quite a large sum of money mostly in the hacking world but some with fraud and have been coasting for a long time. Any hacker that has been in the game in the past 5-10 years with RATs, ransomware, and infecting everyone and everything has made a significant amount of crypto you can trust that. Plus, while making BTC during the time it went through the roof in price was a fun ride. amirite?
Honestly the reason I’m quitting the fraud game is because of the fuck faces at ClearView AI. I’m an instore carder and have been since I realized online carding was too time consuming for the amounts I was profiting and just sick of my eBay accounts getting shut down lol. ClearView AI has completely spooked me because no doubt they have my face someone on a security footage and some fuck face cop is going to plug it into the big data machine and out comes my Facebook linked to me. Fucking awesome. See ya in 20 guys. You get what I mean so I’m retiring from my carding life given the nature in how I operate. This is my gift to people wanting to learn carding so fuck it. Enjoy this shit.
Truth be told most companies are actually getting more cyber secure while operating on the internet. Wow! No shit! Mother fuckers like us are getting a little out of control so this makes sense. The window of opportunity is closing so let’s maximize this together! You don’t have to go full tits out right away with carding but the amount of online fraud that happens is fucking mind blowing. Why miss the boat?
I’ve taken the time to do all the leg work for you and have put together this fraud guide series to rocket ship your knowledge ahead of the rest so you’re in a position to make money. The year is 2020 and it’s time to get up to date information and caught up with everything fraud related.
I hope you enjoy part one of the fraud courses and if you’ve read the Cashout.Guide hacking series then I know you will enjoy this. Stop wasting your time learning shit from 2011 so sit back, smoke crack, relax, and enjoy.
Part 1 of the Cashout.Guide fraud courses will focus on credit card fraud.
Before we begin please read the PDF below to get your level of knowledge surrounding fraud up to where it should be before you continue on with this course.
Welcome to the Carding course you fucking animals. And away we go…
This chapter is a brief summary of my background and experience that was used to help develop and create this carding course with Funshine. You can consider this chapter as my “resume” and although my methods and tactics discussed may not work for everyone this is just from my carding career perspective. Ride your own wave friends. Hello and welcome to 2020.
I have much experience with carding for the past 4 years and have been riding the wave for quite some time. In my younger years I was carding everything from electronics to clothing but once I matured I realized this was bullshit and learned about other credit card fraud schemes that were much more profitable, easier, but a little more riskier. We will discuss carding in detail shortly but first a little about myself.
I’m an experienced carder and have been able to profit literally hundreds of thousands of dollars without really encountering any major issues once I figured out a good method for the place I was carding against. My opinion is carding items online is not where your efforts should be focused but we’ll still discuss all types of carders in this course for you to decide what is best for you and your situation. I think it’s beneficial to learn everything about credit card fraud to give you a solid foundation to build on towards whatever level of carder you choose to be.
People that are carding and performing fraud are just average people like me and you, for the most part. They’ve accumulated the right knowledge and skills needed for them to succeed. If they didn’t have that knowledge or skill set they simply figured out a way to either purchase or obtain it. Pretty straight forward right? If you can’t hack a website to skim credit card data then you’re forced to purchase credit cards from others who can. This should make sense, right? It’s also about networking sometimes and knowing the right people. Timing, just like in life, can be everything. Carders and fraudsters aren’t super master criminals. The only difference between you and them is they know how to do it, and you don’t. Yet.
I got into the carding scene around 2014. Well actually longer then 2014 but 2014 I consider my “real” start in making money. Anyways, I was in my small ass studio staring out the window debating on next step in life you know? Current situation wasn’t good. I know my rent is due next week and I don’t have it. I know I need to buy groceries but I can’t afford them. I logged into my bank account and I had $7.96 USD (actual number) left to my name. I’m right above rock bottom ish kind of level? Not really. I guess just financially rock bottom ish if you know what I mean? Maybe you can relate who knows.
I had some hacking skills at the time but I needed to learn more about fraud because I was hearing about the success of other people with carding and I wanted in on that shit. How do I learn this craft? Where do I start? And how do I become successful with this?
I already spent way too much time in many other forums trying learn carding/hacking from the WRONG people, buying the wrong items, and sending my Liberty Reserve (LR) to everyone I shouldn’t have. Liberty Reserve was before Bitcoin which was a fraud diamond in the rough at the time. Google that shit.
Anyways, I know I needed proper information or just a little nudge in the right direction so I decided to reach out to an old friend who I knew was career criminal. He’s been in and out of jail for committing credit card fraud, bank fraud, and a whole bunch of shit really for as long as I’ve known him. Obviously he wasn’t good at it because he got caught multiple times but the last I heard about him was he seemed to be doing very well in the fraud game so I figured that was a good place to start my learning.
Within 24 hours of the first thought of “how can I commit some type of fraud?” I sold as much of my shit as I could on craigslist, packed clothes and my laptop, and bought a one-way ticket to Portland to meet up with my fraud friend for a week. I put myself in a situation where failure was not an option. Eminem really got that lyric right. That week I spent with him was my fraud diploma school as I call it. It was my moment when I looked at the fraud world differently and realized the way I can make a good living off of it. I also realized my “potential” or my “skill level” in fraud. We all have our own potential and max skill levels with fraud. All of us know something different and think a little differently. Anyways, until the opioid crisis sucked that dude down and buried him like so many people I knew he made a ton of money in a small amount of time.
We all say “once I make money I’m going to lay low don’t worry” at the beginning like somehow we’re immune to greed or some shit. Umm yeah OK I think we all THINK we’re going to lay low when we start making money but when all of a sudden it’s raining dollars you’re gonna go on a maniac spree like the rest of us. I will bet on that shit man.
Before meeting my friend when I first started in fraud I was ballz deep in the forums talking with so many people trying to get my shit off the ground and get rich. I came to realize that most people that had input on carding, fraud, etc. didn’t know anymore than I did. The people I talked to had some sort of idea but the real carders were long gone and the people giving me information didn’t really know what the fuck was going on. I knew the basics and knew I needed to obtain a stolen credit card (CC) number, expiry date, CVV, Date Of Birth (DOB), name on the card, address, telephone number, and location of the card holder to be successful. I knew the basics, which I’m sure you do too. What I started off doing in the beginning was trying to card high priced items from major online retailors with stolen credit card details but didn’t realize how stupid that was but that’s where I started out. I think most carders start out at thinking that that’s how they’ll be successful too. Starting out I didn’t know where to purchase the items I needed for carding from a trusted source. Having legitimate places that you can purchase valid carding items from is a huge part of being successful with any level of carding.
Anyways, I think all of us have moments in life where something just “clicks”. My week with that dude was my moment. You know? Those Aha! moments that changes how we think, view a specific problem, idea, or crazy money rich fraud plan.
After that week of learning fraud out east in Portland I put my new knowledge to use and went full fucking tilt into anything credit card fraud related. I’ve committed fraud from that first day and haven’t worked a day since. My income is only from committing fraud and from fraud only. I made my own “work” schedule and make good money but this can vary some months. This is my story and this can be your story to if you choose to make shit fucking happen.
You don’t know how to commit fraud because you don’t know exactly how to, right? Obviously! You don’t know how to drive a car until you fucking learn how to drive a car? Yes? The only difference is you don’t want to make a mistake with fraud or you go off to jail ass fuck land. I guess you don’t want to make a mistake in a car either but you get what I’m saying.
Right now let’s do a little exercise. I want you to take a moment and think to yourself. Can you think of people who commit fraud? Any people come to mind? I know you know people who commit credit card fraud because you hear about them all the time… You hear about them all the time because they’re on the news, getting charged with fraud, and going to jail. It’s not like it’s not impossible. Obviously it is, people are doing it! The problem is those idiots don’t know how to fully get away with it. Those people didn’t have that key piece of the puzzle needed to be successful and stay out of jail.
How many times do you read about a crime where they netted quite a large sum of money only to be arrested for mental retardation? For example, this bloke pulls off a wicked fraud scheme and gets millions of dollars but used his personal email to sign up for the PayPal account he uses to cash out. Like OK buddy? Are you sure? They didn’t even take into consideration anything going upside down on them? Fuck! It baffles me nuts right off my body. Not only do you want to learn how to commit fraud but you want to get away with it. Put some efforts into getting the right knowledge before fucking yourselves over.
I hope you enjoy this carding course and the other fraud series coming soon at Cashout.Guide.
Let’s get into it before the coronavirus gets into all of us shall we.
Mindset & Reality
This chapter is meant to get you into the mindset of a carder and fraudster. Reading this chapter will help you succeed and make you understand fraud much better in order to commit it properly. Don’t skip through this course and read through it chapter by chapter as it was designed to be read.
First things first. Don’t aim for a 1,000,000 USD a year because that’s fantasy land friends. When you’re starting out in carding or hacking for profit you should be aiming for a few hundred dollars a month and then work your way up to a few thousand a month before aiming your sights bigger once you have a handle on the horse. This should be your goal when going through these courses at Cashout.Guide. Baby steps. You need to walk before you can run and understand what is reality for you. There’s no point in reading a guide that talks about something that is way the fuck beyond your grasp or even possible for you. It would be awesome if I could find a guide that taught me how to build a jetpack and fly off to the fucking moon in no time too but that isn’t fucking reality. Thinking like that all you’re going to do is set yourself up for failure, in everything. Be realistic within your skill set and you’ll have much success.
I realized that by purchasing other guides, going through the forums, talking with experienced members, and meeting my friend the harsh reality was I wasn’t all of a sudden going to be making millions of dollars over night by reading one carding guide. I hate to burst your bubble but this is why most guides disappoint everyone. I realized fairly quickly with carding, as will you, that no one is going to reveal a profitable method on how to card or commit fraud. Think about it. Why would anyone release their methods on how they commit credit card fraud?! Would you? If they revealed their own methods they would burn that method and stop making money. This is something you will not find, for obvious reasons.
Again, no one is going to tell you their private methods of carding. This should make sense to you and it’s important to know this. Now with all that being said you don’t need to know anyone else’s carding methods. You really don’t. What you need to know is the right information in order to develop your own method. I have included a chapter on how I found my methods that explains everything which will give you much insight into building your own private method. This carding course is the real deal comrades and will show you what is your reality should you choose to card until you go full tard.
Stop buying the other guides on “How to card $100,000, 6 Ferrai’s, and 18 hats” for $7 on whatever bullshit dark market you’re desperately looking on. It’s fake and the creator of those shit guides want you to purchase a bullshit guide that’s trash and doesn’t work. Avoid this as it will just discourage you and play some fuckery in your mind. This is the only carding guide you require. Trust that my friends.
Each carder has their own methods on how to card successfully and each method will vary greatly depending where you live in the world. It’s impossible to create a carding guide that encompasses everything for everyone in the world but by finishing this carding course you’ll have the knowledge, expertise, and experience needed in order to find your own method that works for you. To be honest finding a method when you have the right knowledge is not difficult by any means. Understanding how fraud works, how it’s performed, and the logistics of it all is what you need to learn in order to be successful. It’s really not that difficult once you have the right information but it will come down to whether you have the balls to commit it and pull it off.
The advice I was given when I started in 2014 and the advice I’m going to give you is don’t try learning how to commit fraud in countries that you don’t reside in or aren’t familiar with at first. There are too many financial institutions in the world and each financial institution has different anti-fraud protections in place. This is silly. The best way to understand and and perform fraud successfully is to make it relevant to your life and what you know.
Want to know how to open up a bank account that can be used for your fraud life? Walk into the bank you want a fake account in and open an account with your real identity and close it a week later or just fucking forget about it. By going through the process of opening a new bank account you’ll see exactly what will be required in order to open up a fake bank account. Did they ask for ID? Did they ask for letter of employment? Did they need an address to send your credit/debit card to? What tools and equipment are you going to need in order to open a fake bank account? Understand yes? Think like this.
In order to be successful in carding, or any fraud for that matter, you need to know the ins and outs of what you’re doing. Obviously. So let’s get into this.
Grab your purse and take out your OWN credit card and look at it. Just imagine your credit card was stolen and you’re the thief that took it. You have the physical card in your possession thus you have the credit card (CC) information you’ll be needing to attempt an online purchase and potentially an in store purchase. Since it’s your own CC you obviously know your home address and the details required to proceed with the checkout. With that information you can, in theory, use that card to make an online purchase. This is the mindset. Before you commit fraud think of how you make the purchase legitimately and the logistics required to make the purchase. You want to become the card holder and appear to make a legitimate purchase.
Everything you see on your CC is what you’re going to need to commit online fraud. Got it? We need type of card (VISA, Mastercard, etc.), CC number, CC expiry date, card verification value (CVV/CVV2), and the name on the card. With these details we can now attempt to card.
The part you don’t know, yet, is how to card with success. If you’re logging into a website over Tor and using a stolen credit card to make an online purchase. Guess what? That shit isn’t going to work. Of course not. If someone has your CC details and they attempt to make a purchase from Nigeria it’s not going to go through. This shouldn’t surprise you. The point is, even though you have the proper details (your CC information) to make an online purchase you need to know how to make that purchase fraudulently.
Want to know how to make a CC fraud purchase? A good start as a beginner is testing everything on yourself first. If I’m writing malware I first test it out on myself to make sure it’s going to function to my liking so why not everything else?
Here’s what I mean by test it on yourself. I have my own credit card so I have the CC details and I know the address and name on the card because the card is mine. I drive over to the next town, find a coffee shop, connect to their Wi-Fi network, load up a fresh Ubuntu virtual machine, connect to the website with Firefox, and try to make a purchase online with my own credit card to see what happens. Did it go through? Did it matter I was using a VM? Does it matter if I’m making a purchase from a different location then my address on the CC? Did I get an email of text from my financial institution about the purchase? See what happens when you do this. This will give you much insight on what you’ll need to perform carding successfully and by doing these “tests” you’re not doing anything illegal. Make a simple online purchase from XYZ website to see what’s what.
Now re-do all the above when you’re using a VPN from the same geolocation as you. Do it again using a VPN in a different geolocation then you and finally try it over Tor. If you get a phone call from your CC provider just say you’re using a VPN or proxy service to make the purchase online. The conversation will be informative and interesting but remember you’re not doing anything wrong. You’re simply using a VPN/RDP or Tor to make a purchase with your own credit card online. This is not fraud. This is fine. Most important, you’ll know what will go through and what will cause issues.
I’m not saying commit credit card fraud against yourself I’m simply stating for you to make a legitimate purchase online with your CC with different variations of your setup to see what gets flagged, declined, or accepted in order to solidify what you’ll need to be most successful. Will using a VPN cause more suspicion than an open Wi-Fi network at a coffee shop? Do you even need a VPN? If so, does it need to be close to the card holders address? If you choose not to test this on yourself I hope you understand my point of doing this and get what I’m trying to show you. This is very valuable. Trying things on yourself will give you great insight into what you’ll need to replicate to be successful with whatever fraud you’re trying to pull off. More importantly, like I said we all know something different and think differently, maybe you know of a store in your town/city if you were to card one of their items you can sell it for high value or use it. Testing a small legitimate purchase first with various setups is a good way to see what works and what doesn’t work real quick, and legally.
Once you know the “proper” process of how something works then you’ll know what’s needed to card successfully which will help you develop your own carding method. This is why you don’t need other people’s carding methods because knowing how something works will give you the knowledge to card like a boss using your own method. You think everyone is just copying each other’s methods?! Of course not. We, just like you will, create our own.
To make a purchase with a stolen card you will require:
- Credit Card (CC) including name, CC number, CC expiry date, CC provider, and CVV number.
- Name and address of the card holder.
- Connecting from an IP close to the card holders address (this depends but we’ll get into it).
- Connecting from an IP that isn’t blacklisted or flagged as malicious
- Using a “normal” operating system with a normal web browser to make the online purchase.
- Think about the process needed in order to be successful.
- The ability to clone a credit card
- Social engineering abilities and social skills.
You should be well aware there are anti-fraud policies, procedures, and mechanisms in place within every company designed to prevent theft and online fraud. There are a lot of things happening behind the scenes trying to prevent people like us from making money the way we do. It’s so out of control though that most companies understand fraud is now a cost of doing business as their profits exceed their losses so fraud is somewhat of an acceptable risk. Businesses can’t fully stop people from carding because it would actually hinder real customers from making an online purchase from their website so it’s a fine line companies must walk when designing their anti-fraud policies that allow the purchase and checkout to be user friendly yet stop fraud from occurring. The harder it is for people to navigate and make a purchase from a website the more inclined those customers are to go somewhere else where it’s easier to checkout. The more you increase security the less user friendly it all becomes. This goes for everything really.
No company wants any of their customers upset because their credit card is always being declined when they’re trying to make an online purchase. Anti-Fraud mechanisms can be viewed as a firewall on a computer. The firewall has to let some things in and out but will block anything suspicious or if it’s setup to do so. We just need to find those holes that allow us to be successful.
Not all merchants today have the same anti-fraud protections in place and each website will have different anti-fraud protections with various different setups. Some businesses will process every transaction that comes their way while others have advanced fraud prevention in place which will scrutinize each transaction. Let’s take a look at some well-known anti-fraud protections out there currently so you have an understanding of what you’re up against when you’re carding like a maniac.
Europay, Mastercard and Visa (EMV) Credit Cards
This is commonly referred to as CHIP and PIN credit cards. When you’re making a purchase with these types of credit cards you must insert the CC into the Point-of-Sale (POS) machine (the machine you stick your CC into) and enter your PIN to complete the purchase. These CCs usually have the “Tap” feature as well for purchases that are <$100.
Using these types of credit cards is the standard that most merchants have been accepting since 2015. In fact, some countries have made CHIP and PIN mandatory across all merchants. If there is a fraudulent purchase and it turns out the merchant was not using a CHIP and PIN POS machine when doing the transaction the merchants are indeed liable for the loss.
Picture every online transaction is assigned a fraud score number automatically through algorhythms by computers in order to determine if an online purchase is of high risk for fraud. For arguments sake let’s say this level is between 0 – 100 and is based on many factors that you’ll be learning about in this chapter.
So, if a transaction has a fraud score of say 50 this will trigger a manual review within the CC issuer which an agent (a real person) will review and decide to deny or allow the purchase. Some factors will include contacting the card holder, comparing spending data, location of purchase, amount, risk assessment, etc. whereas higher fraud scores will simply get the transactions automatically declined. Makes sense right? Don’t need to pay an employee to review a CC purchase coming from Pakistan when the card holder lives in Maine and has never bought anything outside of USA in their whole purchasing history with that credit card company. A red flag wouldn’t you agree? Algorithms detect all this shit going through each client’s spending data, online shopping habbit’s purchase amounts’ etc. Don’t under estimate big data people. Having a transaction manually reviewed from an employee is slowly becoming a thing of the past.
If you carded a $40 USD item from some low-level company website compared to carding a $1000 USD item from Amazon these will have a different fraud score. Forget about carding Amazon as too many people already have accounts there already and by-passing Amazon Anti-Fraud measures requires access to the CC holder’s email. The point to take away is if the cardholder rarely makes any online purchases and only uses their CC for filling their cars with petrol and you make an online purchase from Apple for an iMac it’s not going to work. The CC holder spending habits and online behaviors are factors as well but people seem to forget what’s happening in the background with these companies.
Some people talk about “testing” the CC before using it to ensure it’s valid and working. I found using the CC checkers out there along with some of my own methods I wasn’t sure if it affected success or contributed to failure. Issuing banks are well aware of the fraud tactics used today and aren’t fully retarded. They can detect a “testing” on a CC from their bank like if a small purchase of $1.50 is made from one place and then (5) minutes later a larger purchase is done somewhere else this is a classic sign of fraudsters “testing” to see if the stolen credit card just purchased is valid and works. I don’t recommend this. Just assume the CC is valid that you’ve purchased because you know the source where you bought from is legitimate which is in Chapter 7.
By connecting to a website from an IP that is associated with malicious behaviour in the past will increase your fraud score on the website or from the financial institution and will contribute to getting your transaction declined and the card burned.
This makes sense yes? If you’re connecting to a website you plan on carding on from your RDP but the IP of the RDP you’re connecting from is associated to evilness then it’s safe to say your efforts won’t be successful. The companies s can see that you’re connecting to their website from a VPN, Tor exit node, or other IP addresses which they deem suspicious and malicious. Other hackers have been up to no good too from the socks, RDP, or Tor exit node you use and some IP’s are flagged as malicious by numerous cyber security companies (Big names) that share this data to protect their customers against fuck faces like us. Understand that when you connect to a website you’re revealing a lot about your browser, location, extensions, configurations, etc. that will be used against you in anti-fraud mechanisms.
Some items that contribute to a higher fraud score when making an online purchase are:
- Is the customer using services identified as a VPN or blacklisted IPs.
- Are the shipping and billing countries different?
- Is the order being shipped to Pakistan or Nigeria type countries far from card holder location.
- Is the BIN from a different country than the IP address used to order?
- Is the shipping address an identified mail forwarding company?
- Is the IP address from proxy or socks?
- Is the e-mail address from a free provider like Yahoo, Yandex, or Hotmail.
Remember, it’s important to understand certain transactions get flagged for certain things. To hammer this point home let’s review it again.
- Is the user ordering from a free e-mail address?
- Does the customer phone number match the user’s billing location?
- Does the BIN number from the card match the country the user states they are in?
- Does the user’s inputted name for the bank match the database for that BIN?
- Does the customer service phone number given by the user match the database for that BIN?
- Does the country that the user is ordering from match where they state they are ordering from?
- Is the user ordering from one of the designated high risk countries?
- What is the likelihood that the user is utilizing an anonymous proxy?
- Is the user ordering from an e-mail address that has been used for fraudulent orders?
- Is the user utilizing a username or password used previously for fraud?
- Is the user specifying a known drop shipping address
You want to be a normal customer and appear like the actual card holder when making an online purchase which can reduce your fraud score once you have an understanding of what will trigger it.
I think everyone knows about IP geo-location and if you don’t you really need to understand this. You can’t just go and buy CCs without knowing the card holders name or address (this actually depends) because when you’re making an online purchase with a stolen credit card you must be connecting from as close as you can to the legitimate card holder’s address to make success more. Just like we talked about before you’re not making a purchase from Nigeria if the card holder resides in New York City and has never made an international purchase like it before. It’s going to get declined and you’re going to burn that card.
If you’re attempting make an online purchase but connecting nowhere near the card holders address or location this can contribute to getting the CC you bought burned and rendered useless. This is an important thing to know!
Depending on whether you’re using a laptop or mobile device will dictate whether you’ll require a Remote Desktop Protocol (RDP)/socks location, Virtual Private Network (VPN) location, or burner cell phone that is as close to the card holders address as possible for best success. You want to tunnel all of your web traffic to appear to the website and credit card company to be coming from the CC holder location making sure whatever location the RDP, VPN, socks, or mobile is the same. You should be buying CC details with the card holders address and you would select the location of your RDP/socks to be as close to the location as the card holder as possible.
If you want to make meaningful money with carding you need to put yourself in the card holder shoes so you know what’s going to be required in order to be successful with decent sized purchases. Making a purchase from the location the card holder resides in will increase your chance of success and decrease your fraud level score with whatever website you’re carding on.
Web Browser Fingerprinting
You want to be using normal web browsers when browsing the website you plan on carding and may want the ability to change the User-Agent string of the web browser when visiting the website you plan on carding on. You can use Windows 7 or 10 in a VM freshly installed each time. A good idea is to always use a “New Private Window” when visiting the target you’re going to be carding and changing the User-Agent to that of a Windows, macOS, or mobile device if you’re using Linux before connecting to the website. Most customers are Linux users. Blend in with the herd.
There are so many different User-Agent add-ons for every browser out there so if you’re comfortable with Firefox, Safari, etc. then just research which User-Agent add-on you’ll need. You can learn how to do this under the “Equipment Needed” in Chapter 7.
Also, it’s important to note that if the CC holder has already used that card on amazon or whatever website you’re carding on their web browser would have already been finger printed so when you try and use the User-Agent changer and connect to the website it will know a different web browser is logging on and will notify the users account of the change with an email of some sort preventing you from accessing. Many different things at play which is why you avoid big name companies because we assume everyone has already signed up for Amazon already. We want smaller sites.
Web browsing habits
It’s safe to say the websites you’re visiting are tracking, analysing, and assessing your movements when on the website for a variety of different reasons such as marketing, product placement, product improvement, and also to prevent fraudulent purchases. Most eCommerce websites track how long you were browsing the website for, which pages you went to, which pages you stayed on the longest, and what products you were most interested in.
There are some websites that will deem a purchase to be suspicious if that person spent a whole 30 seconds on it before making a $8000 USD purchase. This appears a little odd considering you didn’t spend time on the website and instead just went right away with committing fraud against the website in question. Think like the card holder…Would a normal user make a purchase so quickly? Wouldn’t they spend time first viewing the items before making a purchase?
You want to become the card holder and as such everything about them including normal browsing habits. Act like a human and not a bot.
Card holder purchasing habits
Financial institutions have learned from people committing credit card fraud against them over the years and have implemented various anti-fraud techniques to combat credit card fraud. They’ve learned how people commit fraud against them and begin to develop methods to counter this. They do this by learning the CC holder’s purchasing behaviours. By knowing the card holders purchasing habits’ websites they purchase from’ the financial institutions can detect fraud fairly quickly and prevent the transaction from going through pretty easily.
For example, the CC you just purchased from the Empire (they’ shutdown now) or White House marketplace is valid but the CC holder only uses that CC to make specific online purchases so when you go off to card $500 USD worth of dildos it’s flagged as suspicious and the transaction declined with the credit card being put on hold until the owner can confirm or deny this purchase. The card holder never makes a purchase like the one you’re trying to card which results in the CC being burned. Understand?
Another example is if the card holder only uses that credit card to buy gas or groceries and you’re attempting to purchase something that isn’t normal for that specific card holder then expect the transaction to be cancelled and the CC flagged. This is important to understand as just because you have the right CC to make the purchase doesn’t mean you have the same purchasing habits as the CC holder to make that purchase successfully.
This also goes for how often the CC is used. If the card holder hasn’t used the CC in the past little while and now you’re carding some website that’s unusual for that card holder this will get it flagged as suspicious contributing to your failure.
same goes for if the card holder has historically made only small purchases with their CC and now you’re trying to card a large purchase which is larger than the card holder has ever made before with that CC guess what? You got it. The transaction will most likely fail and the CC will be burned.
When you’re assuming the card holder you’re not just assuming their identity with a CC, geolocation, and address but you’re assuming their whole purchasing behaviours online. Of course this is difficult for you to know about since you wouldn’t know the card holders purchase history at all. Tricky things you see?
Address Verification System (AVS)
AVS is an anti-fraud system that’s used by many merchants to ensure that the billing address is correct and matches the card holders address. AVS works usually by comparing the numerical part of the address (address and zip/postal code) against the address on file with the CC issuer or bank to make sure it’s accurate. In my experience when I’ve made legitimate purchases online with my own CC I’ve mis-spelled my own street name but put the correct number of my address and zip/postal code and it went through. For the most part just assume AVS will automatic decline the transaction if the AVS does not fully match.
You want to enter the right address of the card holder when asked for it when making an online purchase. Entering the wrong information, depending on the website, will get the CC flagged and the transaction declined.
Also, if you’re entering a different shipping address then the card holders address this will raise your fraud score and may get the transaction flagged especially if this is the first time the “card holder” is making a purchase from the website in question. Make sense? Picture it from the website or companies point of view OK? A new customer has just made a relatively large purchase and wants the product shipped somewhere that’s different then the card holders address. By allowing anyone just to show up, make a purchase, and have it sent somewhere else has an increased risk of fraud occurring. Right? This is common sense shit and eCommerce websites aren’t as retarded as they once were. That being said there are ways to have the item shipped to a different location than the CC holder’s address that will appear “normal” and low risk to the merchant you’ll learn in Chapter 8.
Furthermore, depending on what location or country you’re trying to get the carded item shipped will also contribute to getting the transaction declined. Again, if the card holder lives in Texas and you’re carding an item to Iceland things probably aren’t going to work out the way you want them to all the time now are they?
3DSecure, Verified By VISA (VBV) and SecureCode
Alright this really is one of the most important Anti-Fraud measures in place and probably will be the majority of what you’re going to encounter in 2020. Much problems for beginner carders out there but very important to know.
3DSecure is a XML type protocol which is sent across the internet over encrypted SSL channels which was designed to add an additional layer of security for online debit and credit card purchases. Every company defines this 3DSecure shit as something different such as VISA has Verified By VISA (VBV), Mastercard as SecureCode, Discover as ProtectBuy, and so on.
For the remainder of this course we’ll just refer to the common name of “VBV” when talking about this shit because it’s all the same really. It’s safe to say all major online retailers would have VBV since 2010 ish which is why you want to avoid larger companies and find those non-VBV sites. They’re out there you just have to find them ;)
This section on VBV is fairly long but goes into much detail about VBV so please read it all the way through so you have an understanding of what the fuck is happening when you’re presented with a VBV window trying to checkout with a stolen CC.
VBV is an opt-in service for both ends of a transaction being the customer and merchant but can be put onto most card holders these days. It will be on transactions involving the cardholder and merchant who have opted-in to the service but you should assume making any decent sized purchase you’ll encounter VBV as this is getting put on to more and more merchants to assist with combating credit card fraud online.
When you’re making an online purchase if the transaction has a high fraud score level determined by the bank/website you will get re-directed to a VBV page to confirm the transaction. VBV will ask for additional password information from the customer or will attempt to confirm past previous purchases of that CC. More tricky shit yes? Card holders may register and sign up for VBV (sometimes the first time they are presented with a VBV window they’re asked to sign up) in which they have to identify with an extra password or some sort of code.
Common VBV questions asked include:
- Date Of Birth
- Last (4) digits of card holder SSN.
- Full name on card.
- Billing zip or postal code.
- Certain characters of their password request (4th character of their password that was setup when enrolling in VBV, etc.).
Non VBV credit cards only have one level of protection which is your CC, CVV/CVV2 number, and expiry date whereas VBV adds another layer of protection with an extra password/authentication method. Every time you make a purchase with VBV present the transaction will display a different pop-up window which usually consists of questions to prove you are indeed the actual card holder. The screenshots below are from different VBV windows that are prompted when trying to complete a purchase.
Each financial institution displays their VBV window a little differently to customers but typically the end result requires a password which is tied directly to the CC. The VBV password that is created by the card holder is known as the personal assurance message (PAM) but you could be asked for email, fourth character in your password set, mother’s maiden name, etc. Whatever the extra password field they’re asking for will be directly related to the card holder. Since this VBV window may be different from provider to provider this tends to make it easier from a phishing campaign perspective since it’s not standard.
Too many popups can be confusing to people which can lead to a phishers wet dream so the financial institutions started to implement the VBV within an iframe in the HTML source on the merchant’s site. Doing this within an iframe makes it quite difficult for any customer to verify that the VBV window is genuine at all. Do you know what an iframe even is? This is basic HTML shit but let’s take a second to explain it.
In a nutshell an iframe is just a HTML document embedded within a HTML document. Just picture it like a website within a website. You know when you go to a website and you get all those fucking ads displaying all over the god damn place? Those ads are most likely iframes that contain content from another source on the web page. Many iframes can contain an entire webpage which advertisers include tracking code within that iframe that will help them with data collection for the advertiser and publisher. YouTube videos, Google Maps, and similar windows that are on a webpage are often just an embedded iframe within the webpage.
Important to note that VBV presents a whole set of different problems when people are making purchases from their mobile devices online. This is because most websites aren’t designed for mobile devices and tend to render the VBV window incorrectly for the device failing to display the VBV window properly. Mobile carding as of now I find easier than traditional online carding. Moving along…
The problem for cardholders is trying to figure out if the VBV pop-up windows or iframe windows are really from the card issuer and whether it’s legitimate. Customers have no way of fucking knowing if that VBV pop-up window is a fraudulent website attempting to phish their credentials or whether it’s actually legitimate. These VBV windows don’t have any security certificates or way of letting the customers know whether they’re legit or not. Classic.
As you can imagine those factors can lead for customers being vulnerable to phishing and other attacks from fuckers like you and me. Mostly from you ;) That all being said the VBV protocol recommends the bank’s verification page to be loaded after the transaction to assist with the customer feeling that indeed the VBV pop-up window was legit. Sometimes this happens sometimes it does not.
VBV has evolved significantly and it’s fairly common now for a one time password to be sent by SMS text message to the customers mobile phone or sent to a separate email for authentication in order to confirm the purchase is legit. In my experience this is more common in the USA and Canada.
Thousands of online merchants have enrolled in VBV with the intent of adding an extra layer of protection to make shopping online safer for their customers. Ok let’s get into some of the process of how the VBV system works behind the scenes so you have a full understanding of what’s happening.
This additional VBV security check is based on a 3-domain model (hence 3DSecure – 3 domain Secure). The 3 domains are:
- The acquirer domain – This is the bank and merchant to where the money is being paid.
- The issuer domain – This is the bank which issued the CC being used.
- The interoperability domain – This is the infrastructure provided for VBV. It includes the merchants plug-in for those VBV windows, access control servers, and other third party software providers.
The advantage for merchants implementing VBV is reducing the number of unauthorized and fraudulent transactions on their websites. Make no mistake VBV was designed solely to protect the financial institutions and not the actual card holder as it doesn’t offer any more additional protection to the customers since the extra questions being asked can easily be phished as well. VBV gives the banks the ability to claim that a transaction was made by the card holder because they were able to supply their PAM and thus no fraudulent transactions should take place.
We all think that performing carding or any type of fraud is only hurting the banks and other financial institutions but this is not the case. Most financial institutions will attempt to shift the blame onto the card holder if they’re able to do so. For example, if there is CC fraud and the bank calls the card holder and the card holder admits they clicked on a link within their email that resulted in their CC details being stolen the blame will be put onto the card holder. This does vary but depending on the conversation with the card holder and the financial institution supplying the cards will dictate what occurs here. Do not think banks are always on the hook for the losses because they are not. VBV and other policies attempt to shift the blame of fraudulent activity onto the people and away from the banks. They claim is protects merchants from CC fraud. Sure but what about the people?
Most major websites and companies will most likely have VBV enabled and will have the customer confirm the transaction through SMS text message or confirm via email. VBV popups in my experience in US/Canada weren’t that common. This is why selecting the website you’ll be carding on is important and understanding why targeting smaller companies is where your efforts should be focused.
VBV is a funny thing though since the CC and CVV number are no longer considered secure yet it’s difficult to see how the CC, CVV number, and VBV login would be any more secure since all these details can be phished just as easily as phishing the CC, CVV, and expiry date but what the fuck do I know.
One final thing. There are times when you’ll make an online purchase and the VBV window will pop-up but just present you with a spinning wheel in the middle of it and isn’t asking for any other password before confirming the purchase. When you see this the card issuer is performing various fraud checks on the online purchase you just made and will determine whether to ask for the PAM, other details, or just let the transaction through. When you see this wheel pray to the carder gods and wait for it to determine if you’re fucked or good to go.
Are you starting to see what’s happening? You should begin to understand there are many reasons as to why your carding efforts will fail since there are many things in place to prevent this type of fraud from happening. We’ve only talked about the major anti-fraud protections that are in place but the reality is no one is %100 sure on what is happening behind the scenes besides VBV. It’s important to note then when you’re having trouble carding the things talked about in this chapter will contribute to your transaction being flagged as fraudulent. When you’re starting out with carding you’re going to have a lot of failures but hopefully by completing this course you can limit those significantly with the new information you’ve learned at Cashout.Guide. Remember, carding is trial and error and much like gambling when trying to be successful until you find that groove and method that works for you.
I’ve been carding for quite some time and consider myself to be more experienced than the average bear and guess what? I still get cards declined online. All the time. There are so many things happening in the background that vary from bank to bank that will get your cards declined and you’ll literally never know or understand why it got declined because you did everything right. What you don’t release is the day you went to use the stolen CC that morning the bank was notified of the breach of certain cards and deactivated the one you just bought. You don’t know this at all because how could you? How could anyone? I’m just putting this here so you know the reality of carding successfully because you’re going to have a lot of failures when you’re starting out until you begin to fine tune your own methods and maximize your successes.
Truth be told if you carding using a mobile device you’re able to bypass a lot of these Anti-Fraud measures with ease and don’t require RDP, socks, VPN, etc. which we’ll get more into by the end of Chapter 6.
In this chapter you’ve learned:
- You need to appear to be as the legitimate card holder as much as possible
- It’ best to connect from an IP that is as close to the card holders address.
- Using proper browsing habits to appear as a human making a normal purchase.
- The IP you’re connecting from is associated to an IP score that determines if the IP has been linked to anything malicious in the past.
- The card holders purchasing history will affect your ability to card successfully.
- VBV is like 2FA for credit cards.
There are so many reasons as to why your carding efforts are failing. Let’s touch on some of the more common reasons.
If you’re using a stolen credit card don’t go overboard and start carding multiple websites or places at the same time with the same card. Pick the target and use the CC once and move on but make sure the purchase is worth it for you. There’s no point of carding like a fucking maniac when all your orders haven’t shipped because you’ll just end up burning the CC. Making an order go through and having it get approved is sometimes the easy part whereas getting the item shipped to where you want it to be delivered can be a whole other problem.
Credit card companies user their own proprietary technologies that look for anomalies in card holder’s spending habits and online behaviours. These companies might be using 100+ data points to determining the likelihood that the transaction is fraudulent or not. If everything doesn’t add up on their end then your shit will be declined, CC holder contacted from their financial institution, and CC burned.
Everything you’ve learned about in Chapter 3 will contribute to your failures. This plus the fact that you have no idea the CC information you’re purchasing is valid or new. Right? Unless you’re obtaining your own CCs you’re relying on others to sell you proper information. Which may be fresh stolen CCs or old as fuck from last year trash ones. Just like drugs the better quality is closer to the top of the supply chain. Move up the ladder brothers.
You’re going to want to refer to Chapter 3 regarding all the anti-fraud mechanisms in place as you should be aware there are so many reasons why your CCs aren’t working or being burned. Without knowing truly the ins and outs of what you’re trying to card you can associate failures to one, if not all, of those anti-fraud mechanisms talked about.
Remember, everyone wants to say they have a great supplier of CCs but unless you’re obtaining them yourself you truly don’t know if the vendor you’re buying from is re-selling the cards, are the CCs fresh, has the organization where the Vendor is getting the CCs from been notified of a breach and is now going through each customer to notify them to cancel their cards?!
It’s all good when you’re buying stolen CCs but if you’re buying them from a breach that happened a year ago then you’re not going to be successful. CC suppliers matter.
Why do people sell CCs?
When I first started in fraud I would always think to myself why the fuck are these people selling stolen credit card information and not using it for themselves?! Well it came pretty clear once I started rolling in different hacker circles and hearing their inputs on the matter.
All hackers and fraudsters have their hands in so many honey jars trying to make the most money. A hacker who compromises a company and steals 5,000 credit card numbers doesn’t have the time or desire to use them all. At the same time, there are organized groups who specialize in buying stolen credit cards and making money from them, but lack the skills to hack a company to get their own. It’s a beautiful supply chain just like any other business.
Also, people live in different places all over the world so if I’ve hacked a company in the US and have a bunch of American credit cards I can’t really use them in my area so I might opt to sell them instead.
Everyone is selling whatever they’re able to in order to maximize their income. It’s much easier to sell the stolen credit card data you have at a fixed amount and move onto your next hack then it is to use them yourself.
It all depends where you are in the supply chain which will dictate what you do with that type of data but most opt to sell. When buying CCs you want to purchase them from reputable places and people. Once you’ve purchase them you should use them ASAP. Do not buy them and sit on them for weeks.
Having a proper source for your CC’s is obviously crucial to success. Links to proper sellers and reputable vendors can be found in Chapter 7 for Cashout.Guide members.
Levels Of Carding
Believe it or not there are different levels of being a carder once you get your footing with all of this. We all have our own methods, opportunities, and ideas that lead us to success. We’ll discuss these carder levels but please note this is just a simple generalization so you’re able to see the differences in carding leveas. I want you to understand where you want to take this AND whether or not this is even possible for you.
Consider anything to do with credit card fraud to be broken down in (5) levels excluding mobile carding. Depending on your goals and abilities will dictate which level of carder level you fall in. We’ll get into the levels shortly.
Levels 1 -3 get more difficult as you level up through them but once you realize how fucking stupid those level of carders are you’ll begin to see that levels 4-5 are much easier and more profitable. We’re going to talk about carder level 1-3 first and then get into the juicy shit but before we do I want to say something about people who are aiming to be a carder level 1-3. Ready? FUCK THAT!
Don’t fucking aim to be a level 1-3 carder ever because it’s bullshit and you’ll waste your fucking time on doing that. The easiest way to be successful with online carding is mobile carding. I’ll let that sink in while you’re reading this portion but anything to do with using a stolen CC online and ordering items from a website can fuck right off seriously. No joke. I’ll push everyone who’s reading this course to where you should strive to be. This is the secret sauce we’re going to get into. This course is not just about educating and getting you up to speed with being a credit card fraud master but this course is also designed in a way to make you think differently about credit card fraud. I’m hoping to give you those Aha! moments that lead you to success so you’re able to get an escort every night and do as much cocaine as your face can handle. My friends stay with me and you’ll realize carding levels 4-5 is where the big boys are. Truth be told being a level 4-5 carder is much easier than anything else along with mobile carding. Different risks of course.
Remember my friend in Portland that taught me the credit card fraud ways? That fucker let me try all his “special methods” for the first 2-3 days when using stolen CCs and showed me how difficult that shit actually was. I ordered a bunch of shit to a drop address and then had to sell it to other people to make money. Pretty fucking annoying and had a lot of moving parts I didn’t like. Turns out the best method was to create a website or eBay account that sells whatever products you plan on carding so that people make the purchase first and then you card the item right to them. Even that becomes unmanageable. eBay, craigslist, second hand websites, etc. all became very important in moving stolen goods and became more work than I expected. Wasn’t for me.
I wasted my fucking time doing all that which I’m sure some of you have wasted your time with those methods as well. It wasn’t until roughly half way through of hanging out with him that he told me the real deal with credit card fraud. He wanted me to see the beginnings of CC fraud in order to open my mind up and change my outlook on this shit. It opened my eyes and blew my fucking brain which sent me on a cybercriminal fucking spree across the world like a fucking maniac. This is what I’m trying to do with everyone reading this in order to show you the right way with credit card fraud. Alright let’s break it down.
Level 1 carding difficulty level = Easy
Level 2 carding difficulty level = Intermediate
Level 3 carding difficulty level = Hard to Very Hard
Level 4 carding difficulty level = Easy to Intermediate
Level 5 carding difficulty level = Easy to Intermediate
Carding level 1 earning potential = <$100 USD per card
Carding level 2 earning potential = $0 – $500 USD per card
Carding level 3 earning potential = $0 – $3000 USD per card
Carding level 4 earning potential = $0 – $5000 USD per card
Carding level 5 earning potential = $0 – $10,000+ USD per card
Level 1 carder: Easy
This is easy time and is a good place to start out if you’re homeless learning carding basics. This level of carding is for people who want to order pizza, small orders for food over the phone from restaurants, and very minor shit. Teenage level things you see? If you’re planning on being a level 1 carder then you can go ahead and order Chinese food with the CC details you have acquired. Pretty straight forward you broke bastard. If you’re able to make an online order for food with basic CC details then you’re within reach of the level 1 carder. This is minor shit and really is pretty stupid if you’re learning carding in order to do that. It’s just as simple as taking your friends CC from their wallet and placing an order to your local pizza shop over the phone so you can eat that pepperoni pizza like a boss. Congratulations you’ve made it man!
Level 1 carders need to obtain:
- Credit Card Number (CC)
- Expiration Date on the card
Level 2 carder: Intermediate
This is the level most people jump into when starting off with carding which is another good starting point for new commers to credit card fraud. If you’re planning on being a level 2 carder you’re aiming to card items that are mostly under $500 USD and are from smaller businesses online. These websites should be unique and not well known when being selected to card on while avoiding VBV. I’d recommend on getting into the mindset of thinking locally about which small businesses in your area may have an online merchant shop. You want to card on low level targets (clothing stores, shoe stores, etc.) so start thinking what you consider to be a lower level target. These orders are all done online with stolen CCs.
Level 2 carders need to obtain:
- Credit Card Number (CC)
- Expiration Date on the card
- Card holder name
- Billing address
- Drop address to pick up your stolen goods
- Telephone number (depends)
- RDP or socks IP that is as close to card holder address as possible
Level 3 carder: Hard to Very Hard
Level 3 carders are experienced individuals who have a great understanding of carding online and have a method they’ve determined to be viable when ordering items online. This would be for online orders from any major retailor for higher value items such as electronics, laptops, small appliances, etc. and have acquired the details to get around VBV bullshit.
Level 3 carders need to obtain:
- Credit Card Number (CC)
- Expiration Date on the card
- Card holder name
- Billing address
- Telephone number (depends)
- Credit report/Background report (in an attempt to answer VBV questions)
- Drop address to pick up your stolen goods
- Sometimes require a fake ID in order to pick up items shipped
- Email of the card holder or ideally access to the email account of the card holder
- RDP or socks IP that is as close to card holder address as possible
Level 3 carders are where everyone thinks they want to be and is that typical image in your head when you’re thinking of “carding”. Right? This is what everyone thinks about when they hear credit card fraud. They think about someone obtaining stolen CC details which were stolen from whatever website, CC details sold on the marketplaces, and someone else used the details to order a laptop to an address in the Bronx. Right? This is what everyone probably thinks and wants to strive to be. Which is fucking wrong and probably not going to happen with ease.
The main problem when level 3 carding is you’re making purchases online that are usually of higher value which means those websites, businesses, online merchants, etc. will have VBV waiting for you when you click “Checkout”.
I realized when I was a “level 3 carder” that ordering items online takes A LOT of trial and error that comes with failure around every fucking corner. Lots of time spent on buying the right cards, ordering online, orders cancelled, drops being burned, requiring ID to pick up the item, etc.
Level 3 carders usually get very frustrated and end up abandoning the craft even if you have a few successes. After doing this a few times you begin to see the amount of moving parts to this type of CC fraud and the amount of work involved. Ordering shit online with a stolen credit card isn’t as easy as it once was. Those times are long gone. Not completely gone per se but they are to some degree. If you go down this route you’ll need a drop address for your goods to get shipped to and then of course you still need to sell this shit yourself to get DAT MONEY. Depending on your age and intelligence this might sound pretty sweet to you, maybe.
I’m not saying you can’t make money carding at this level but I’m just saying the amount of time you’ll spend on whatever bullshit carding operation you want to get going can be better spent on actually making money. If you’re committing that type of credit card fraud why aim for the lowest level of a credit card fraudster? Are you the type of criminal that robs a gas station instead of something actually worth it like a bank? What are you doing man?
Most of us all think that once we get into carding we’re going to make all this cash dollarz but you soon realize that ordering items online with a stolen credit card, getting them shipped successfully to a drop, and then re-selling that item isn’t going to be a way of doing that. There are a lot of moving parts that are difficult to lock down and make work in your favour in this type of fraud. I’m not even going to go into any more detail with this level of carding because you should be thinking much higher than this.
Honestly, unless you’re a teenager or have an opportunity to easily commit this type of fraud just understand that yes people do it and know how they do it but I wouldn’t spend too much time on this shit if you want to make a career out of fraud. Sure people might be making a bit of money here and there but it’s an operation just like anything else which requires time on task. Use your time wisely my friends. Seriously though fuck level 3 carding.
Level 4 carder: Easy to Intermediate
Level 4 carders are the individuals who clone people’s credit cards, walk into a store like a savage, make a purchase in person, and walk the fuck right out of there. At a later time they either sell the item online or keep it for themselves but these items are of high value. This is a generalization of this type of carder as you’ll some come to learn there are many variations with a level 4 carder.
Level 4 carders are the types of carders that usually are more mature, older in age (>25), knowledgeable with fraud, and have life experience behind them. These individuals are that type of demographic because they have a better understanding of what’s needed in order to be a successful level 4 carder, or any serious fraudster for that matter. Level 4 carders are going to be “acting” to some degree, have good social skills, and are excellent social engineers. Like any level of carding you’ll need to develop your own method but developing your own method is fairly trivial once you have an understanding of how to card at this level. When you’re done this course you’ll have a greater understanding of how to create your own methods and just how simple that actually is. Don’t buy anyone else’s method from the interscams. Fuck that. Create your own. If you don’t create your own you will never succeed with where you want to take this. You can count on that. You can create your own. Trust me you can.
Level 4 carders need to obtain:
- Credit Card Number (CC)
- Expiration Date on the card
- Track 1 and 2 data (CVV DUMPS)
- Credit card reading/writing equipment (MSR605x, MSR605, AMC722)
- Blank cards/PVC cards
- Credit card/I.D printer
- Embossing machine
Anything that involves you personally being in a location that will have cameras, witnesses, and basically every IoT device recording your face while you’re committing a crime and sending it back to mother Russia for analysis tends to bring with it much more risk. I think we all can agree that committing crimes over the internet is much different then committing crimes IRL yes? ClearView AI shattered my mentality what can I say.
So if you’re 12 and reading this fraud course then I’m afraid you have limits in what you’re capable of doing which means, for now, you’re stuck in the level 1-3 carder level. Don’t stress though because you’re probably going to learn a fuck ton by reading this which will help educate you on how to be a professional in the credit card fraud realm as you become an adult. Good for you.
Even if you’re a level 3 carder and you’re reading this we both know how annoying being a level 3 carder is. Sure’ at first you think shit is gonna work out but then you realize the risk involved, the drops, pickups, re-sells, all that shit is shit. I’m sure we all have different experiences but to me it wasn’t worth the risk in what I was doing and the amount of time I was dedicating to my carding operation for the profits just wasn’t making sense. I was on average making $1000 – $3000 USD every few months give or take. Honestly, I was better than that. I had bigger hopes and dreams but it was good being there because it helped with solidifying my fraud mentality and being able to understand things a little more.
Ok time to rant dudes. The point of this rant is to make you think a little outside of the box which will help you understand how to develop your own carding methods with anything fraud related. Specially after you educate yourself and mature by reading this course.
Here’s one of the many examples of how to change your mindset and think about carding METHODS. Let’s dive deep baby.
Here’s what I mean. In the past I remember this pivotal moment in my cybercriminal career. Actually, being interviewed for this fucking carding course with Funshine triggered a memory back in the day for me which made me realize it was a very crucial learning point in my fraud career I must say. This aha! moment triggered a cascade of events that made me a lot of money really fucking quick. No need for applause I lost most of it and everything that mattered to me so no need for clapping you can sit down friends.
This was one of my first “test” methods when I graduated into a level 4 carder. I like to travel. So when you’re travelling you get to see how different bars, restaurants, shops, keeps, castles, bunkers, dens, lairs, and stores operate around the world. Many are different and handle credit card transactions differently depending on their business model. I noticed at a few places I would frequent they would ask to physically hold onto my credit card when I dined at their restaurant, bar, club, etc. I began to keep track of these places and tried to find more that would operate in this manner. I kept a list of multiple places that operated this way in specific locations I would travel through and used that knowledge to go on my first ever carding spree.
- Blank cards/PVC cards with chips in them
- Credit card/I.D printer
- Embossing machine
I didn’t have a CC number, EXP date, CVV, or proper name. I just had the ability to make a fake CC look like a real one. That’s it. I even printed my real name on the printed CC just in case I was asked for ID. When I travelled to areas that were frequented by hundreds if not thousands of tourists daily I would only eat, drink, and party at these specific locations that would hold my CC. These places were la de da and I had to dress the part but these locations just wanted to physically “hold” my credit card while I was in their establishment and settle up after I was done. Nothing too crazy right? Pretty straight forward. The demographic that came to these types of places wasn’t the one of the scamming type you see? False trust they had in their clientele but good for someone like me.
At first it sounded pretty stupid for me to commit this type of fraud but then I thought if I only did these methods when appropriate I could spend more money on my accommodations when I travelled through these countries. I looked at it from a point of view that I’d save on spending money on drinking my dick off, eating, drugs, billiards, dancing, etc. Understand?
Instead of spending $1000 euro that week or so on entertainment I’d spend the $1000 euro on better hotel rooms and luxury living. I did that type of carding for the week I was in those locations and had that taste of having hotels rooms that were wayyyy beyond my league and I thought to myself fuck me I need to think how to do this better and keep this going. Again, I thought to myself I’m better than this. Aren’t you?
I know that story probably isn’t that interesting to most but the point is it made me realize that credit card fraud at certain levels all depends on the risk you’re willing to take, whether there’s an opportunity to commit fraud, the knowledge you have in that “method”, and the planning and execution of your scheme. For me this scheme was of low risk since I knew how most of the establishments I planned on carding operated and since I don’t look like a thug or homeless person I didn’t encounter any real problems. I dressed the part, I acted the part, and when the time was right, I went to the bathroom or went outside for a smoke break and simply left. I just walked the fuck down the street and continued on with my night. They kept my printed credit card and I gave zero fucks. It felt awesome.
Let’s take another look at one of the same articles you read earlier on in this chapter. Search for “The cards had the scammer’s names on them” and read that sentence.
What about the cameras man! Fuck that mans! Like I’m going back to those countries anyways fuck if I care. Yes of course it was risky but how far do you think those investigations went into tracking me down? Maybe they have a photo of me so they have a photo and description? Did they send my photo out around the world? No they didn’t. Maybe locally I made the news but it’s not going far. I was OK with the risks involved and it made me think differently about selecting my targets to commit fraud against. Up until ClearView AI and other companies started to make it super easy to identify a suspect from a still image. Fuck man. Just fuck.
Anyways, that was my moment of thinking differently with carding. I realized developing profitable methods starts of just like this. Figuring out better methods then just bars, restaurants, clubs, dancing, etc. and turning it into better profits. As stupid as it sounds what I just talked about is actually a carding “method”. Right? Maybe you can think of places that do this and maybe where you live that isn’t the “norm”. Either way start to think outside of the box of what’s possible for you in your area.
People are always looking for new carding methods and are blinded easily. Looking for cashout method for PayPal, looking for cashout method for amazon, Hey! does anyone have a cashout method for Apple need fullz lol. Right? There are a lot of PayPal cashout guides, fraud amazon guides, private method %100 fraud guides, and every other %100 working no joke PayPal to bank card cashout guides only for $400! Yes? You’ve seem them. They are everywhere.
By looking for those types of guides you’re hoping that someone is going to sell you something that you can then turn around and make kazillions of dollars! Would you like to buy my “gold” beans for $1000 sir?! Come on now. You don’t need anyone else’s methods that’s for sure. The only person you need in order to develop a very profitable method is yourself. Cashout.Guide is about investing into yourself and educating you in the realm of cybercrime from my experience which was profitable. Tad on the illegal side I guess but fuck man do whatever YOU think is best.
You probably realized while reading about my first level 4 carding experience that I just printed fake information on a CC and didn’t atually clone anyone else’s credit card or anything. I just made the fake CC I printed on appear to be an actual credit card physically and the places I went to simply held the physical credit card thinking it was some sort of collateral. Why would anyone skip out on the bill if we have their credit card mentality right? It was my light bulb moment on how to create my own methods. In order to develop my own profitable methods I knew needed to know a little more about the places I was targeting and how they operated…
Alright rant is over. Let’s get back on track.
A level 4 carder requires obtaining “DUMPS”, writing the track 1 and 2 data to a blank CC, and using that CC in person to make a purchase. Right away you’re probably thinking WTF man that shit isn’t possible where I live! Cool story bro. Right? CHIP and PIN credit cards have killed this right? Wrong. Truthfully this depends greatly on the merchant in question and your geographical location in the world. In my experience stores that have a lot of foot traffic, tourists, people, etc. tend to have more relaxed policies when it comes to processing credit card transactions. Those types of businesses literally deal with so many CC providers, CC cards, etc. it can be different for every transaction.
Before we move forward, we need to focus on some things that you must learn when aiming to be a level 4 carder. First, you’re going to need to be able to purchase DUMPS that contain track 1 and 2 data from whatever source you plan on purchasing them from. Let’s talk about DUMPS in details.
DUMPS are the data that skimmers have captured from someone’s credit card when they’ve swiped it somewhere to make a purchase with it. A DUMP is an electronic copy of the magnetic stripe data of a credit card. DUMPS are the raw information collected from the credit card magnetic stripes which are stolen via skimming, a point-of-sale device infected with malware, or from some sort of data breach.
Instead of me explaining all of this I’m going to refer you to the link below.
Both Track 1 and Track 2 contain enough basic information for processing payment card swipes by merchants. Most card readers will be able to read both Track 1 and Track 2 data, in case one of the tracks has become unreadable. You’ve already read from an article in the beginning of this course about how Track 1 and 2 data are displayed when it’s captured from a card reader and being sold on the marketplaces. There are a lot of characters and random letters/numbers you noticed yes? Let’s take a deeper look into all of this.
Track 1: %B4096654104697113^ABHINAV/SINGH ^08061012735900521000000?
Track 2: ;361344212572004=0512052335136; ABHINAV/SINGH
Let’s see what they mean. For payment cards, Track 1 Data will be formatted like this:
|Start Sentinel (SS)||1 character||Indicates the beginning of Track 1; set to “%”|
|Format Code (FC)||1 character||Indicates the card type; “B” indicates a credit/debit card|
|Primary Account Number (PAN)||up to 19 digits||Always numerical; usually set to the credit/debit card number|
|Field Separator (FS)||1 character||Delimits Track 1 fields; set to “^”|
|Name||2-26 characters||Account holder’s name|
|Field Separator (FS)||1 character||Delimits Track 1 fields; set to “^”|
|Expiration Date (ED)||4 digits||Always in the format YYMM|
|Service Code (SC)||3 digits||Indicates what types of charges can be accepted|
|Discretionary Data (DD)||Variable*||Determined by card issuer–may include Card Code|
|End Sentinel (ES)||1 character||Indicates the end of Track 1; set to “?”|
|Longitude Redundancy Check (LRC)||1 character||Used to verify that Track 1 was read accurately|
Track 1 Data cannot exceed 79 characters, including all Sentinels, Field Separators, and the LRC. The length of Discretionary Data is restricted as a result and tends to hold fairly short values.
The format for Track 2 Data was developed by the American Banking Association (ABA) and tends to be much shorter and holds less information:
|Start Sentinel (SS)||1 character||Indicates the beginning of Track 2; set to “;”|
|Primary Account Number (PAN)||up to 19 digits||Always numerical; usually set to the credit/debit card number|
|Field Separator (FS)||1 character||Delimits Track 2 fields; set to “=”|
|Expiration Date (ED)||4 digits||Always in the format YYMM|
|Service Code (SC)||3 digits||Indicates what types of charges can be accepted|
|Discretionary Data (DD)||Variable*||Determined by card issuer (may include Card Code and/or PINs)|
|End Sentinel (ES)||1 character||Indicates the end of Track 2; set to “?”|
|Longitude Redundancy Check (LRC)||1 character||Used to verify that Track 2 was read accurately|
Track 2 Data cannot exceed 40 characters, including all Sentinels, the Field Separator, and the LRC. The length of Discretionary Data is restricted as a result and tends to hold fairly short values.
As a level 4 carder you’re purchasing CCV DUMPS, encoding them yourself onto a blank CC, printing the proper images of the right bank/CC onto the blank CC to blend in while using it, and using it at stores to purchase items.
You have someone who works in an industry that is capable of swiping customers credit cards with their own little hand held card reader. There are many ways to obtain the CC details needed to function as a level 4 carder.
Some people might be thinking “I know someone who works at a restaurant that could use a little card reader and swipe all the customers data!”. Right? Then you don’t need to purchase any DUMPS or rely on anyone else! Yes! Wait, fuck no!
The problem obtaining CCs that way is when people report the fraud it would be trivial to determine if those people were at a single point that could link where the cards are being skimmed. This actually does happen so be very cautious when swiping peoples cards yourselves and not using them all from one place. You’ll bring some heat faster than you know it.
OK. Back to mindset talk. Having more life experience behind you teaches you that when making real purchases with your own CC sometimes things don’t go exactly how they’re supposed to go when making a transaction. Think about how you would use your CC when walking into a store. You don’t just fucking fly in with dark sunglasses and a hoodie on trying to make a purchase with a blank CC card right? Of fucking course not. Hopefully not.
My other aha! moment with credit card fraud was when I had a CC from TD Bank which had a chip and required a PIN when making purchases in person. However, over the years the chip appeared to be visibly worn down from general use and from me constantly taking it out of my wallet and putting it back in again. Eventually my credit card just stopped working one day when I went to pay for something that was just over $700 USD (auto repairs) and my CC kept coming up with an error which the clerk wasn’t sure about. I explained the situation to the clerk and that my working theory as to why my credit card was all fucked up was the chip on the credit card had been worn down which had been causing me issues when using my card. Before I knew it the clerk was swiping the card at the POS instead and I was being presented with a receipt for me to sign. After that I thought holy fuck man another CC method I can leverage potentially. Another trigger for me when it comes to creating your own carding methods. This place accepted my credit card but it didn’t work in the POS since the chip was damaged so they ended up swiping it. That was it. Again, simple shit but it made me realize it’s all about opportunity being a level 4 carder and what I’m willing to pull off. Won’t shit in my backyard but I’ll take a flgiht somewhere and card like a fucking kamikaze.
We’re assuming all CCs these days are, or will be, CIP and PIN so we’re gonna focus on updated shit. Also, most people use that “tap” feature on their CC but for anything over $100 USD this feature isn’t allowed. Why $100 limit? You guessed it. To prevent fraud.
Think of your own CC and how you make purchases with it at a store. Picture it in your mind. You’re at a store making a purchase so you present your CC to the clerk, the clerk gives you the Point Of Sale (POS) machine, then you put your CC in the machine and enter your PIN. All good? Daily life right?
Now it’s time to begin to think of what is realistic for you and what you’re capable of doing. This is very important because if you’re going to be successful not only does it depend on you getting around anti-fraud protections but it also depends on some key personal features such as:
- How old you are.
- Your social skills or social engineering abilities.
- Your physical appearance, demeanor, maturity levels, and mannerisms are important.
- If you’re tweaking from a meth binge don’t go in to a store thinking you look “fine”. You don’t.
Everyone thinks that CC fraud usually it just for online items. This isn’t actually the case. I think it’s important to know what you’re capable of and what you’re wanting to do with carding. We all want to make the money out of our asses but depending on your situation, where you live, your intelligence, etc. you might not be capable of some of these things.
Mobile carding: Easy to Intermediate
Mobile carding is by far the easiest method to use when performing carding online and requires little setup to get your operation going. You still require valid CC details when making online purchases but can negate the fact you need VPN, RDP, socks, VMs, cleaners, etc.
Mobile carders need to obtain:
- Credit Card Number (CC)
- Expiration Date on the card
- First and Last name of the card holder
- Address of the card holder
- SIM card purchased with cash
- Mobile device
By using a mobile device you’re coming from that geographical area and thus if you make the right purchases of CCs you don’t require all whole setup.
Before we go into any more details about mobile carding, level 4, and level 5 carder, we must unfortunately take a break.
I realized that when I was creating these hacking and fraud courses that people have many questions, expect excellent quality, and want the proper resources in order to be successful (vendors, tools, resources, etc.). That means access to the right tools whether that’s purchasing stolen credit card information right through to purchasing ransomware for your money making campaigns. I realized I cannot do what I’ve planned on other forums&, marketplaces, or other various circles I run in. It’s too difficult to manage and keeping everything up to date with proper resources to make purchases from is time consuming. On top of that other forums go down, information gets lost, thread gets shutdown, etc. Around and around we go and it’ annoying.
I decided to make a cybercriminal platform that will house all “useful” information surrounding hacking and fraud meant for people of all skill levels. Reality is unless you have no clue where to purchase CCs or have no idea on how to create your own carding methods then joining Cashout.Guide will help you. If you feel confident on where to purchase the right items and confident in moving forward you probably can be successful on your own. If you want all the information along with the places to make the proper purchases needed to be successful then join up! Cashout.Guide isn’t just about credit card fraud but has many courses from my experience as a success cybercriminal I think many people can still make money like I did.
This is an excellent opportunity to level up your knowledge and focus on giving yourself the skills needed to be successful in cybercrime. Joining Cashout.Guide will give you the full carding course which includes the equipment required along with proper links to make the purchases.
I’ve decided to branch out and turn Cashout.Guide into a new cybercriminal platform that will contain detailed hacking and fraud courses, items for sale, experienced and knowledgeable staff to assist you with whatever questions you may have surrounding the courses released at Cashout.Guide. No random topics besides the courses released will be in the forums. Very specific information.
I’ve been out of the game for a bit enjoying my retirement from my cybercriminal efforts and all I see is complete bullshit these days on the dark web surrounding proper information and reputable people. This is why Cashout.Guide is here. Real shit so stop spending hundreds of dollars on bullshit guides and terrible products. Cashout.Guide is created for the intermediate level of cybercriminal out there who’s looking for the right information and gear to get shit done. All the courses at Cashout.Guide are based on my experience as a cybercriminal. When you’re wanting more specific cybercriminal knowledge and are willing to take that next step Cashout.Guide will be there for you.