FULLZ: This is someone’s entire data cluster and it’s what is used to create bank
drop accounts, and for setting up payment processors on fake online stores. This
could also be used for many different things such as conducting an ATO (Account-
Take-Over) on someone’s bank account, opening new lines of credit under their
name, and much more. Fullz are extremely valuable information to us and in fact a
NECESSITY to be able to open bank drops. Fullz usually comprise of Background
Checks, Credit Reports, Credit Scores, Full Names, Addresses, Social Security
Number (SSN), Date of Birth (DOB), Driver’s License Numbers, and more.
CVV: This can either be someone’s full credit card details, or someone’s full debit
card details. CVV is simply a fraud slang for credit/debit card details, there’s not
much to it. We can use these details to “card” information on someone online,
such as background or credit reports that can be used for various purposes such as
opening bank drops and conducting an ATO (Account-Take-Over) on the victim’s
bank account, or we can use these CVV details to order physical/digital products
that will be sent to a drop address.
CVV DUMPS: A credit card dump, is an unauthorized digital copy of all the
information contained in the magnetic strip of an active credit card, created with
the intention of illegally making a fake credit card that can be used by
cybercriminals to make purchases. Credit card dumps are used by fraudsters to
capture valuable card data such as the card number and expiration date. These can
be obtained in a number of ways. The most popular method nowadays is
“skimming”, a process in which an illegal card reader is used to copy the data from
a credit card. Other methods include hacking into a retailer’s network or when a
malware-infected point-of-sale device is unwittingly used by a retailer, sending the
information to the criminals.
DUMPS SERVICE CODE: Many fraudsters think that there are only 2 types of
dumps, 101 and 201. The truth is there are many other types of dumps. Carders
usually work with either 101 or 201 but the majority will prefer 101. This is known
as the SERVICE CODE of a dump. The service code contains 3 characters and you
can find a dump service code just by looking at a dump, regardless of the fact if it
has both TRACK1+TRACK2 or just TRACK2. Example, let’s say we’re looking at the
dump 4256 746500930321=1402101700102054. The service code of this dump is
101, which is located right after the expiration date of the card, which in this case
is 1402 (FEB 2014). The value of the service code determines where the cards are
suitable to be used and in what way. Below is a detailed explanation of each
service code available today.
First digit (usage variables):
- 1xx: Worldwide use, usually doesn’t have a smart chip.
- 2xx: Worldwide use, does have a smart chip and required to use smart chip if the
card reader reads the chip
- 5xx: National use, a list of regions can be allowed by the bank (often called region
locks).
- 6xx: National use, a list of regions can be allowed by the bank but required to use
smart chip if the card reader reads the chip
- 7xx: Only useable according to what has been agreed with the bank
Second digit (authorization)
- x0x: Normal authorization, normal usage.
- x2x: Contact issuing bank.
- x4x: Contact issuing bank, exceptions rules by bank.
Third digit (services that the card can be used for):
- xx0: Can be used for anything, require PIN.
- xx1: Can be used for anything without PIN.
- xx2: Can be used to buy goods or pay a service, cannot retrieve cash, PIN not
required.
- xx3: ATM only ,PIN required.
- xx4: Cash only, PIN not required.
- xx5: Can be used to buy goods or pay a service, cannot retrieve cash. PIN
required
- xx6: No restrictions to use, will ask for PIN when possible.
- xx7: Can be used to buy goods or pay a service, cannot retrieve cash. PIN
required when possible.
TRACK1+TRACK2 DATA: There are up to three tracks on magnetic cards known as
tracks 1, 2, and 3. Track 3 is virtually unused by the major worldwide networks,
and often isn’t even physically present on the card by virtue of a narrower
magnetic stripe. Point-of-sale card readers almost always read track 1, or track 2,
and sometimes both, in case one track is unreadable. The minimum cardholder
account information needed to complete a transaction is present on both tracks.
Track 1 has a higher bit density, is the only track that may contain alphabetic text,
and hence is the only track that contains the cardholder’s name. The information
on track 1 on financial cards is contained in several formats that goes from A to M.
The “A” is only used by the bank itself, so we do not need to pay much attention to
it. The “B” is where the holder’s financial information is stored, the most
important section of the magnetic stripe. C to M, is used for the ANSI
Subcommittee X3B10, and N to Z is the information that is available for use of
individual card issuers. This is how the track 1 looks like.
%B5XXXXXXXXXXXXXX2^GEORGENULL/MAX^110310100000000100000000300000
0?;
• % for Start Sentinel
• B for Bank Type Credit Card
• 5XXXXXXXXXXXXXX2 is the Primary Account Number, which in most cases is
the number printed on the front of the card, but not always.
• ^ is the separator
• GEORGENULL is the card holder’s last name
• / is the separator
• MAX is the card holder’s first name
• ^ another separator
• 11 expiration year, 03 expiration month
• 101 SERVICE CODE
• 0000000010000000003000000 is the discretionary data
• ? is the end
So now that you’ve seen the information that is stored in track 1 and the letter
containers, you should have already figured out that credit card dumps are mainly
the first 2 tracks.
Track 2 data is used by ATMs, physical payment processors and in any online
website. There are a lot of components in this track, the layout is shown below.
| START SENTINEL | PRIMARY ACCOUNT NUMBER | FIELD SEPARATOR |
ADDITIONAL DATA | END SENTINEL | LONGITUDE REDUNDANCY CHECK |
With a more in-depth examination of the data, you can see how a credit card
number and holder’s main information is stored into the track 2 data.
5XXXXXXXXXXXXXX2=1103200XXXX00000000?* ^^ ^^ ^ ^ ^^ ||_ CARD NUMBER
|| | |_ ENCRYPTED||_ LRC |_ START SENTINEL|| | PIN*** |_ END SENTINEL || |_
SERVICE CODE FIELD SEPARATOR _||_ EXPIRATION
Now let’s break it down.
• ; : Start Sentinel
• 5XXXXXXXXXXXXXX2: Primary account number, the PAN. This would be the
credit card number you always see printed on the front of the plastic.
• 1103: Expiry Date. Always year first then month.
• 200: Service code.
• XXXX00000000: Discretionary data, which includes the PIN verification, the
card verification value and the last 3 digits on the back of the card aka the
CSC/CVV2 code.
• ?: The End Sentinel
• With ^^ ^^ ^ ^ ^^ begins the track 3 data, which as said previously is
completely useless.
Most carders and hackers, will only seek out the TR1 and TR2 data. That’s where
the term CVV dumps comes from.
WEB/ONLINE WALLETS: This is a program or web service that allows users to store
and control their online shopping information, like logins, passwords, shipping
address and credit card/bank details, in one central place. It also provides a
convenient and technologically quick method for consumers to purchase products
from any person or store across the globe. Such examples of web wallets are
PayPal, Google Wallet, and Venmo. We can use such wallets for many purposes
that will be discussed in further guides.
SKIMMER: This is a device made to be affixed to the mouth of an ATM and secretly
swipe credit and debit card information when bank customers slip their cards into
the machines to pull out money. Skimmers have been around for years, of course,
but fraudsters are constantly improving them. Card skimming accounts for more
than 80 percent of ATM fraud. Some sophisticated skimmers are even able to
transmit stolen data via text message.
EMBOSSER: A device that stamps the cards to produce the raised lettering where
the CVV holder’s name is, card number, etc...
TIPPER: A device that adds the gold/silver accents to the embossed characters.
MSR (MAGNETIC STRIPE READER/WRITER): Used by fraudsters to write dumps
into actual physical blank cards or gift cards (and driver’s licenses, student IDs,
etc..). If you want to use blank white cards, you will need a printer for the card
template, embosser and tipper, which can be pretty expensive, however it is worth
it if you know how to correctly use these things.
POS (POINT-OF-SALE) SYSTEM: This is the time and place where a retail
transaction is completed. At the point of sale, the merchant calculates the amount
owed by the customer, indicates that amount, may prepare an invoice for the
customer (which may be a cash register printout), and indicates the options for the
customer to make payment. It is also the point at which a customer makes a
payment to the merchant in exchange for goods or after provision of a service.
After receiving payment, the merchant may issue a receipt for the transaction.
ACH: This stands for Automated Clearing House, which is an electronic network for
financial transactions in the United States. ACH processes large volumes of credit
and debit transactions in batches. ACH credit transfers include direct deposit,
payroll and vendor payments. Moving money and information from one bank
account to another is done through Direct Deposit or via ACH transactions, credit
or debit. This is used a lot by fraudsters to siphon money out of the bank accounts
of unsuspecting victims, which is extremely easy.
PAYMENT PROCESSORS: A payment processor is a company (often a third party)
appointed by a merchant to handle transactions from various channels such as
credit cards and debit cards for merchant acquiring banks. They are usually broken
down into two types: front-end and back-end. Front-end processors have
connections to various card associations and supply authorization and settlement
services to the merchant banks’ merchants. Back-end processors accept
settlements from front-end processors and, via The Federal Reserve Bank for
example, move the money from the issuing bank to the merchant bank. In an
operation that will usually take a few seconds, the payment processor will both
check the details received by forwarding them to the respective card’s issuing bank
or card association for verification, and also carry out a series of anti-fraud
measures against the transaction. Additional paraments, including the card’s
country of issue and its previous payment history, are also used to gauge the
probability of the transaction being approved. Once the payment processor has
received confirmation that the credit card details have been verified, the
information will be relayed back via the payment gateway to the merchant, who
will then complete the payment transaction. If verification is denied by the card
association, the payment processor will relay the information to the merchant,
who will then decline the transaction. Such examples of payment processors are
Square, PayPal, Stripe and Flint
PAYMENT GATEWAYS: This is a merchant service provided by an e-commerce
website that authorizes credit card or direct payments processing for e-businesses,
online retailers, or traditional brick and mortar stores. The payment gateway may
be provided by a bank to its customers but can be provided by a specialized
financial service provider as a separate service. It facilitates a payment transaction
by the transfer of information between a payment portal (such as a website,
mobile phone or interactive voice response service) and the front-end processor or
acquiring bank. Here’s how a typical transaction plays out.
1. A customer places an order on a website by pressing the “Submit Order” or
equivalent button, or perhaps enters their card details using an automatic
phone answering service.
2. If the order is via a website, the customer’s web browser encrypts the
information to be sent between the browser and the merchant’s webserver.
In between other methods, this may be done via SSL encryption. The
payment gateway may allot transaction data to be sent directly from the
customer’s browser to the gateway, bypassing the merchant’s systems. This
reduces the merchant’s Payment Card Industry Data Security Standard
compliance obligations without redirecting the customer away from the
website.
3. The merchant then forwards the transaction details to their payment
gateway.
4. The payment gateway converts the message from XML to ISO 8583 or a
variant message format and then forwards the transaction information to the
payment processor used by the merchant’s acquiring bank.
5. The payment processor forwards the transaction information to the card
association (e.g. Visa/Mastercard/AMEX). If an American Express or Discover
Card was used, then the card association also acts as the issuing bank and
directly provides a response of approved or declined to the payment
gateway. Otherwise, the card association routes the transaction to the
correct card issuing bank.
6. The credit card issuing bank receives the authorization request, verifies the
credit or debit available and then sends a response back to the processor
with a response code (approved or denied). In addition to communicating
the fate of the authorization request, the response code is also used to
define the reason why the transaction failed (e.g. insufficient funds, or bank
link not available). Meanwhile, the credit card issuer holds an authorization
associated with that merchant and consumer for the approved amount. This
can impact the consumer’s ability to spend further (because it reduces the
line of credit available or it puts a hold on a portion of the funds in a debit
account).
7. The processor forwards the authorization response to the payment gateway.
8. The payment gateway receives the response, and forwards it on to the
website (or whatever interface was used to process the payment) where it is
interpreted as a relevant response then relayed back to the merchant and
cardholder. This is known as the Authorization or “Auth”
9. This entire process typically takes 2-3 seconds.
WEB DOMAIN: This is traditionally known as the name or URL of a website and is
sometimes called the host name. The host name is a more memorable name to
stand in for the numeric, and hard to remember, IP address of a website. This
allows the website visitors to find and return to a web page more easily. It also
allows advertisers the ability to give a website a memorable name that visitors will
remember and come to, hopefully leading to conversions for the web page. The
flexibility of website domains allows several IP addresses to be linked to the same
website domain, thus giving a website several different pages while remaining at
the easily remembered address.
VIRTUAL CARDING: This is the process of purchasing physical or digital goods
online using someone else’s credit/debit card details.
PHYSICAL CARDING: This is the process of purchasing physical goods by going to
an actual physical store in-person and using pre-made credit cards with dumps
punched in them to conduct the fraudulent transactions. Transactions are also
possible to be conducted with an Android phone using NFC payments with
TR1+TR2 data.
CARDING: Term used when referring to using someone else’s CVV details to
conduct a fraudulent purchase on an online website or physically in person in a
store using DUMPS. Example, we can CARD a cellphone using someone else’s
details through Amazon, or CARD a $400 belt at a Gucci Store using dumps that
were punched into a blank card using devices specifically made for such purposes.
CARD HOLDER: The owner of the CVV that we’re using to conduct the fraudulent
transaction.
BILLING ADDRESS: An address directly attached to a CVV. This is where the card
holder’s bank sends his bills, hence the name BILLING.
SHIPPING/MAILING ADDRESS: An address used exclusively to receive mail. Most
websites do not allow transactions to be accepted if the billing address on a credit
card and the shipping address provided to the website are different.
AVS & NON-AVS: AVS stands for Address Verification System. This is a system used
to verify the address of a person claiming to own a credit card. The system will
check the billing address of the credit card provided by the user with the address
on file at the credit card company. AVS is used by mostly all merchants in the US,
Canada, and UK. Because AVS only verifies the numeric portion of the address,
certain anomalies like apartment numbers can cause false declines; however, it is
reported to be a rare occurrence. AVS verifies the numeric portions of a
cardholder’s billing address. For example, if the address is 101 Main Street,
Highland, CA 92346, United States, AVS will check 101 and 92346. Cardholders
may receive false negatives, or partial declines for AVS from e-commerce
verification systems, which may require manual overrides, voice authorization, or
reprogramming of the AVS entries by the card issuing bank. Cardholders with a
bank that does not support AVS may receive an error from Internet stores due to
lack of data. All countries besides UK, US & Canada, are NON-AVS.
VBV & NON-VBV: This is an XML-based protocol designed to be an additional
security layer for online credit and debit card transactions. VBV stands for Verified
by Visa. This is used to validate the card holder’s identity and prevent fraudulent
transactions. It works by asking for additional information either from the card
holder directly or by analyzing data behind the scenes to see if the purchase fits
the usual payment behavior. When a website and a card have Verified by Visa, a
message box pops up on screen after you have entered the Visa card details. You
are then asked to identify yourself with your Verified by Visa password or a code
sent to your phone. What you need to do at this stage varies but your bank will tell
you about the method they use and what they expect from you. If you don’t notice
the VBV message box appearing but instead see a revolving wheel, all the security
associated with VBV is still happening but in the background. And you don’t need
to do anything. The bank is verifying the purchase by making background checks to
see that everything is at it should be. Any Visa card that does not have the above
feature in place, is known as NON-VBV and you should ultimately look for NON-
VBV cards instead of VBV, because as you can see this verification process is a
huge hassle.
MASTERCARD SECURECODE (MCSC): MasterCard SecureCode is very much similar
to Visa’s VBV. It is a private code for a MasterCard account that gives the card
holder an additional layer of online shopping security. Only the card holder and
the financial institution know what the code is, merchants are not able to see it.
Fortunately, the majority of MasterCard cards do not have this security in place.
AMERICAN EXPRESS SAFEKEY: This is one of the least used security measures
around, and it is not even available in the United States. However, it is the same
thing as MasterCard SecureCode and Visa’s VBV.
NEAR-FIELD COMMUNICATION (NFC): NFC technology lets smartphones and other
enabled devices communicate with other devices containing an NFC tag. It is
widely used as a payment method, all you have to do is swipe your smartphone at
the checkout in any store, and most stores support NFC. Apple Pay for example,
uses NFC.
SSN: Social Security Number. This is a nine-digit number issued to U.S. citizens,
permanent residents, and temporary (working) residents in the United States.
Although its primary purpose is to track individuals for Social Security purposes,
the Social Security number has become the national identification number for
taxation and other purposes. SSN is frequently used by those involved in identity
theft, since it is interconnected with many other forms of identification, and
because people asking for it treat as an authenticator. Financial institutions
generally require an SSN to set up bank accounts, credit cards, and loans-partly
because they assume that no one except the person it was issued to knows it.
MMN: Mother’s Maiden Name. This is the name of someone’s mother BEFORE
they got married, that is, her name with her original family name (or “surname”),
the name she used when she was a girl and a young woman. “Maiden” here means
“unmarried woman”. So “maiden name” refers to a woman’s name when she was
still an unmarried woman. In many cultures, when a woman gets married, she
takes the family name of her husband’s family, so her name changes. Example, let
us say your mother’s name was Mary and she was born into the Smith family. Her
maiden name would be “Mary Smith”. Then, let us say, she married your father,
whose name was Tom Jones. When she married him, she became Mary Jones.
That is her married name, but her maiden name will always be Mary Smith. This is
one of the most important aspects to conducting successful transactions online for
high value products, as most banks ask this as a security question for making any
changes to the account.
DOB: Date of Birth. This is one of the most important pieces of information you
can get on your victim. The reason for that because with the date of birth, full
name and hometown, you can easily find the person’s SSN. And also because you
need this information if the bank ever asks you for it.
MAIL DROP: A mail drop is a location where you are able to freely receive illegal
products that were either carded, or drugs. You never want to use your own house
for these purposes as it will bring a lot of headache for you in the future. With a
mail drop, you can use it let’s say a month, and never show your face there again.
This will make extremely hard for any law enforcement official to track you down
and arrest you or conduct an investigation into your life.
BIN: Bank Identification Number. This is the first four to six numbers that appear
on a credit card. The bank identification number uniquely identifies the institution
issuing the card. The BIN is key in the process of matching transactions to the
issuer of the charge card. This numbering system also applies to charge cards, gift
cards, debit cards, prepaid cards and even electronic benefit cards. This numbering
system helps identify identity theft or potential security breaches by comparing
data, such as the address of the institution issuing the card and the address of the
cardholder. The first digit of the BIN specifies the Major Industry Identifier, such as
airline, banking or travel, and the next five digits specify the issuing institution or
bank. For example, the MII for a Visa credit card starts with a 4. The BIN helps
merchants evaluate and assess their payment card transactions. After submitting
the first four to six digits of the card, the online retailer can detect which
institution issued the customer’s card, the card brand (such as Visa or
MasterCard), the card level (such as corporate or platinum), the card type (such as
debit card or a credit card), and the issuing bank country. BINs can be check
through the websites below.
• https://www.bincodes.com/bin-checker/
• http://binchecker.com/
• https://bincheck.org/
• https://binlists.com/
PROXY SERVER: Every time you reach out to a website or connect with anyone
online, your online connection gives your computer “address” to the site/person
you’re connecting with. This is so that the other end knows how to send
information back to your computer. That address is your public IP address. IP
stands for Internet Protocol and you can check yours by going to whoer.net.
Without an IP address, you wouldn’t be able to do any Internet/online activity and
others online wouldn’t be able to reach you. It is how you connect to the world.
Your IP address comes from your Internet Service Provider (ISP). Unfortunately,
there are a lot of privacy concerns when it comes to public IP addresses such as
• Your IP address identifies where you are in the world, sometimes to the
street level.
• It can be used by websites to block you from accessing their content.
• It ultimately ties your name and home address to your IP address, because
someone is paying for an Internet connection at a specific location.
A proxy lets you go online under a different IP address identity. You don’t change
your Internet provider; you simply get a proxy server. A proxy server is a computer
on the web that redirects your web browsing activity. Here’s what that means.
• Normally, when you type in a website name (Amazon.com or any other),
your Internet Service Provider (ISP) makes the request for you and connects
you with the destination-and reveals your real IP address, as mentioned
before.
• When you use a proxy, your online requests get rerouted.
• While using a proxy, your Internet request goes from your computer to your
ISP as usual, but then gets sent to the proxy server, and then to the
website/destination. Along the way, the proxy uses the IP address you chose
in your setup, masking your real IP address.
Proxy servers are commonly used by identity thieves to fake their location to the
cardholder’s billing address. The reason for that is because some websites will not
allow a transaction to be accepted, if the purchase is being made from a location
much farther away than the cardholder’s billing address.
BANK DROPS: Bank drops are bank accounts that are opened specifically for the
purpose of storing your dirty funds. Once you open them, you can decide whether
you wish to withdraw the funds directly from the account as cash by going to the
bank ATM, or possibly clean them with specific methods, and only after cleaning
them, cashing them out (my preferred method and much safer). It is important to
mention also, that all bank drop accounts, are opened ONLY with the information
of someone else (aka FULLZ), so there is absolutely no possibility of these dirty
funds ever being traced back to your real identity. To open one of these bank drop
accounts, you will usually require the person’s DOB + SSN + DL + BACKGROUND
CHECK + FULL CREDIT REPORT + MVR/DRIVING RECORD for maximum success.
PROXY SCORE: When it comes to fraud detection, finding proxies is a big topic.
Fraud detection begins with thinking intelligently about the IP address associated
with a transaction. Where is that IP address, and how does that location relate to
other transaction data? Whereas most IP addresses inspire confidence, those
associated with a proxy generate suspicion. As the name suggests, a proxy acts as
an intermediary, passing requests from one computer to other servers. But
although there are legitimate uses of proxies, fraudsters are well known to use
proxies. Detecting proxies comes with two challenges. The first is how to recognize
an IP address as a proxy. The second is how to distinguish a “good” proxy from a
“bad” one; since by definition, a proxy is merely an intermediary, a proxy is not
high risk in and of itself. To consider how best to address these challenges, it’s
helpful to look to the primary goal of ecommerce fraud detection: thinking
intelligently about the IP address associated with a transaction in order to assess
risk. Fraud detection uses transaction data as the basis for this thinking and risk
assessment. Using this data and analysis, they’re able to gain insight into the kind
of traffic on a particular IP address. The Proxy Score, is a summary of risk
associated with an IP address. You want this to be as low as possible (0.80 MAX).
Anything above 0.80, you should move on and look for another proxy as that will
lead to a declined transaction 70-80% of the time. You can check your proxy score
on the websites below. Ideally you want the lowest proxy score that you can find, I
have used RDPs with a proxy score of 0.01 many times.
• https://getipintel.net/
• https://www.maxmind.com/en/request-service-trial?service_minfraud=1
(FREE TRIAL)
FRAUD SCORE: Every online transaction is given what is called a “Fraud Score”.
This is a number ranging between 0 and 999. It gives the merchant a number from
which he can determine if a given transaction is fraudulent or not. Transactions
that are given high fraud scores (over 300), are placed under manual verification
by an agent, who will decide if they contact the cardholder or let it through. Scores
over 500 with auto-decline, will block the card and an agent will immediately
contact the cardholder. Some banks have different criterias but certain things that
can affect the fraud score are:
• Comparison with the usual spending pattern of the cardholder
• Location of the charge
• Amount
• Risk factor associated with the merchant
For example, a $15.56 charge in the cardholder’s local Walmart will not trigger
anything, while a purchase of $2000 on Newegg will have an extremely high fraud
score and probably auto-decline if the cardholder rarely makes purchases online.
RISK SCORE: This is a percentage given to each transaction that ranges from 0.00%
to 100.00%. The factors that determine this score are whether an IP address,
email, device and proxy used are high risk or low risk. This is determined by fraud
systems that websites have in place such as MaxMind, which establishes the
reputations of IP addresses, emails, geolocation and other parameters. This should
always be checked before purchasing an RDP. Anything above 1.00% will lead to
declined transactions most of the time.
MAC ADDRESS: Whether you work in a wired network, or a wireless one, one
thing is common for both environments. It takes both network software and
hardware (cables, routers, etc.) to transfer data from your computer to another-or
from a computer thousands of miles away to yours. In the end, to get the data you
want right to YOU, it comes down to addresses. So not surprisingly, along with an
IP address, there’s also a hardware address. Typically, it is tied to a key connection
device in your computer called the network interface card, or NIC. The NIC is
essentially a computer circuit card that makes it possible for your computer to
connect to a network. An NIC turns data into an electrical signal that can be
transmitted over the network.
Every NIC has a hardware address that’s known as a MAC, for Media Access
Control. Where IP addresses are associated with TCP/IP (networking software),
MAC addresses are linked to the hardware of network adapters. A MAC address is
given to a network adapter when it is manufactured. It is hardwired or hard-coded
onto your computer’s network interface card (NIC) and is unique to it.
Unfortunately, a MAC address can be used by law enforcement in combination
with Internet Service Providers, to find someone’s true location and consequently
his identity. Further in this guide I will explain how to mitigate this risk.
VIRTUAL PRIVATE NETWORK (VPN): An essential step of conducting a successful
fraudulent transaction, is having a VPN. Most of you already know what this is, but
for those of you who don’t, VPNs are used to funnel your entire traffic to an
encrypted tunnel. This way, none of your traffic is able to be captured by your ISP
or an attacker, and consequently sniffed upon. Nor can your real location be
revealed if you are using a good and reliable VPN that prevents DNS leaks. This will
be discussed in more detail further in this guide.
RDP: Remote Desktop Protocol. This is a protocol developed my Microsoft, which
provides a user with a graphical interface to connect to another computer over a
network connection. You can for example, be using a Linux machine, and connect
to a Windows 7 RDP. RDPs are absolutely essential to conducting a successful
fraudulent transaction, especially HACKED RESIDENTIAL RDPs. The reason for that
is because these RDPs are from a REAL PERSON, with a REAL LOCATION/IP, and
REAL COMPUTER and BROWSER FINGERPRINT. They will exponentially increase
your success rate. They will also be discussed in more detail further in this guide.
SOCKS5: This is a proxy server that allows us to fake our real location. This is very
good if let’s say, we have a credit card with a billing address in Miami, we can use a
SOCKS5 near the billing address in Miami so that the website we are conducting
the fraudulent transaction in doesn’t raise our fraud score because the transaction
is being conducted in another state/far away from the credit card’s billing address
as this will lead to a declined transaction most of the time.
VIRTUAL MACHINE: This is an emulation of a computer system. Virtual machines
are based on computer architectures and provide functionality of a physical
computer. They allow you to run an operating system using an app window on
your desktop that behaves like a full, separate computer. The most used software
for virtual machines are respectively, Virtual Box and VMWare. Unfortunately,
they are not as reliable as using an RDP, but they are very good to CONNECT to an
RDP, so as to leave no traces on your original computer. Windows and OS X are
still not reliable enough in the aspect of leaving no traces, as the virtual machine in
these operating systems, will leak information to the host OS, and consequently
leave a lot of illegal evidence/traces on your computer that could later be used as
potential evidence in an investigation. However, you should never let it get to that
point the first place.
drop accounts, and for setting up payment processors on fake online stores. This
could also be used for many different things such as conducting an ATO (Account-
Take-Over) on someone’s bank account, opening new lines of credit under their
name, and much more. Fullz are extremely valuable information to us and in fact a
NECESSITY to be able to open bank drops. Fullz usually comprise of Background
Checks, Credit Reports, Credit Scores, Full Names, Addresses, Social Security
Number (SSN), Date of Birth (DOB), Driver’s License Numbers, and more.
CVV: This can either be someone’s full credit card details, or someone’s full debit
card details. CVV is simply a fraud slang for credit/debit card details, there’s not
much to it. We can use these details to “card” information on someone online,
such as background or credit reports that can be used for various purposes such as
opening bank drops and conducting an ATO (Account-Take-Over) on the victim’s
bank account, or we can use these CVV details to order physical/digital products
that will be sent to a drop address.
CVV DUMPS: A credit card dump, is an unauthorized digital copy of all the
information contained in the magnetic strip of an active credit card, created with
the intention of illegally making a fake credit card that can be used by
cybercriminals to make purchases. Credit card dumps are used by fraudsters to
capture valuable card data such as the card number and expiration date. These can
be obtained in a number of ways. The most popular method nowadays is
“skimming”, a process in which an illegal card reader is used to copy the data from
a credit card. Other methods include hacking into a retailer’s network or when a
malware-infected point-of-sale device is unwittingly used by a retailer, sending the
information to the criminals.
DUMPS SERVICE CODE: Many fraudsters think that there are only 2 types of
dumps, 101 and 201. The truth is there are many other types of dumps. Carders
usually work with either 101 or 201 but the majority will prefer 101. This is known
as the SERVICE CODE of a dump. The service code contains 3 characters and you
can find a dump service code just by looking at a dump, regardless of the fact if it
has both TRACK1+TRACK2 or just TRACK2. Example, let’s say we’re looking at the
dump 4256 746500930321=1402101700102054. The service code of this dump is
101, which is located right after the expiration date of the card, which in this case
is 1402 (FEB 2014). The value of the service code determines where the cards are
suitable to be used and in what way. Below is a detailed explanation of each
service code available today.
First digit (usage variables):
- 1xx: Worldwide use, usually doesn’t have a smart chip.
- 2xx: Worldwide use, does have a smart chip and required to use smart chip if the
card reader reads the chip
- 5xx: National use, a list of regions can be allowed by the bank (often called region
locks).
- 6xx: National use, a list of regions can be allowed by the bank but required to use
smart chip if the card reader reads the chip
- 7xx: Only useable according to what has been agreed with the bank
Second digit (authorization)
- x0x: Normal authorization, normal usage.
- x2x: Contact issuing bank.
- x4x: Contact issuing bank, exceptions rules by bank.
Third digit (services that the card can be used for):
- xx0: Can be used for anything, require PIN.
- xx1: Can be used for anything without PIN.
- xx2: Can be used to buy goods or pay a service, cannot retrieve cash, PIN not
required.
- xx3: ATM only ,PIN required.
- xx4: Cash only, PIN not required.
- xx5: Can be used to buy goods or pay a service, cannot retrieve cash. PIN
required
- xx6: No restrictions to use, will ask for PIN when possible.
- xx7: Can be used to buy goods or pay a service, cannot retrieve cash. PIN
required when possible.
TRACK1+TRACK2 DATA: There are up to three tracks on magnetic cards known as
tracks 1, 2, and 3. Track 3 is virtually unused by the major worldwide networks,
and often isn’t even physically present on the card by virtue of a narrower
magnetic stripe. Point-of-sale card readers almost always read track 1, or track 2,
and sometimes both, in case one track is unreadable. The minimum cardholder
account information needed to complete a transaction is present on both tracks.
Track 1 has a higher bit density, is the only track that may contain alphabetic text,
and hence is the only track that contains the cardholder’s name. The information
on track 1 on financial cards is contained in several formats that goes from A to M.
The “A” is only used by the bank itself, so we do not need to pay much attention to
it. The “B” is where the holder’s financial information is stored, the most
important section of the magnetic stripe. C to M, is used for the ANSI
Subcommittee X3B10, and N to Z is the information that is available for use of
individual card issuers. This is how the track 1 looks like.
%B5XXXXXXXXXXXXXX2^GEORGENULL/MAX^110310100000000100000000300000
0?;
• % for Start Sentinel
• B for Bank Type Credit Card
• 5XXXXXXXXXXXXXX2 is the Primary Account Number, which in most cases is
the number printed on the front of the card, but not always.
• ^ is the separator
• GEORGENULL is the card holder’s last name
• / is the separator
• MAX is the card holder’s first name
• ^ another separator
• 11 expiration year, 03 expiration month
• 101 SERVICE CODE
• 0000000010000000003000000 is the discretionary data
• ? is the end
So now that you’ve seen the information that is stored in track 1 and the letter
containers, you should have already figured out that credit card dumps are mainly
the first 2 tracks.
Track 2 data is used by ATMs, physical payment processors and in any online
website. There are a lot of components in this track, the layout is shown below.
| START SENTINEL | PRIMARY ACCOUNT NUMBER | FIELD SEPARATOR |
ADDITIONAL DATA | END SENTINEL | LONGITUDE REDUNDANCY CHECK |
With a more in-depth examination of the data, you can see how a credit card
number and holder’s main information is stored into the track 2 data.
5XXXXXXXXXXXXXX2=1103200XXXX00000000?* ^^ ^^ ^ ^ ^^ ||_ CARD NUMBER
|| | |_ ENCRYPTED||_ LRC |_ START SENTINEL|| | PIN*** |_ END SENTINEL || |_
SERVICE CODE FIELD SEPARATOR _||_ EXPIRATION
Now let’s break it down.
• ; : Start Sentinel
• 5XXXXXXXXXXXXXX2: Primary account number, the PAN. This would be the
credit card number you always see printed on the front of the plastic.
• 1103: Expiry Date. Always year first then month.
• 200: Service code.
• XXXX00000000: Discretionary data, which includes the PIN verification, the
card verification value and the last 3 digits on the back of the card aka the
CSC/CVV2 code.
• ?: The End Sentinel
• With ^^ ^^ ^ ^ ^^ begins the track 3 data, which as said previously is
completely useless.
Most carders and hackers, will only seek out the TR1 and TR2 data. That’s where
the term CVV dumps comes from.
WEB/ONLINE WALLETS: This is a program or web service that allows users to store
and control their online shopping information, like logins, passwords, shipping
address and credit card/bank details, in one central place. It also provides a
convenient and technologically quick method for consumers to purchase products
from any person or store across the globe. Such examples of web wallets are
PayPal, Google Wallet, and Venmo. We can use such wallets for many purposes
that will be discussed in further guides.
SKIMMER: This is a device made to be affixed to the mouth of an ATM and secretly
swipe credit and debit card information when bank customers slip their cards into
the machines to pull out money. Skimmers have been around for years, of course,
but fraudsters are constantly improving them. Card skimming accounts for more
than 80 percent of ATM fraud. Some sophisticated skimmers are even able to
transmit stolen data via text message.
EMBOSSER: A device that stamps the cards to produce the raised lettering where
the CVV holder’s name is, card number, etc...
TIPPER: A device that adds the gold/silver accents to the embossed characters.
MSR (MAGNETIC STRIPE READER/WRITER): Used by fraudsters to write dumps
into actual physical blank cards or gift cards (and driver’s licenses, student IDs,
etc..). If you want to use blank white cards, you will need a printer for the card
template, embosser and tipper, which can be pretty expensive, however it is worth
it if you know how to correctly use these things.
POS (POINT-OF-SALE) SYSTEM: This is the time and place where a retail
transaction is completed. At the point of sale, the merchant calculates the amount
owed by the customer, indicates that amount, may prepare an invoice for the
customer (which may be a cash register printout), and indicates the options for the
customer to make payment. It is also the point at which a customer makes a
payment to the merchant in exchange for goods or after provision of a service.
After receiving payment, the merchant may issue a receipt for the transaction.
ACH: This stands for Automated Clearing House, which is an electronic network for
financial transactions in the United States. ACH processes large volumes of credit
and debit transactions in batches. ACH credit transfers include direct deposit,
payroll and vendor payments. Moving money and information from one bank
account to another is done through Direct Deposit or via ACH transactions, credit
or debit. This is used a lot by fraudsters to siphon money out of the bank accounts
of unsuspecting victims, which is extremely easy.
PAYMENT PROCESSORS: A payment processor is a company (often a third party)
appointed by a merchant to handle transactions from various channels such as
credit cards and debit cards for merchant acquiring banks. They are usually broken
down into two types: front-end and back-end. Front-end processors have
connections to various card associations and supply authorization and settlement
services to the merchant banks’ merchants. Back-end processors accept
settlements from front-end processors and, via The Federal Reserve Bank for
example, move the money from the issuing bank to the merchant bank. In an
operation that will usually take a few seconds, the payment processor will both
check the details received by forwarding them to the respective card’s issuing bank
or card association for verification, and also carry out a series of anti-fraud
measures against the transaction. Additional paraments, including the card’s
country of issue and its previous payment history, are also used to gauge the
probability of the transaction being approved. Once the payment processor has
received confirmation that the credit card details have been verified, the
information will be relayed back via the payment gateway to the merchant, who
will then complete the payment transaction. If verification is denied by the card
association, the payment processor will relay the information to the merchant,
who will then decline the transaction. Such examples of payment processors are
Square, PayPal, Stripe and Flint
PAYMENT GATEWAYS: This is a merchant service provided by an e-commerce
website that authorizes credit card or direct payments processing for e-businesses,
online retailers, or traditional brick and mortar stores. The payment gateway may
be provided by a bank to its customers but can be provided by a specialized
financial service provider as a separate service. It facilitates a payment transaction
by the transfer of information between a payment portal (such as a website,
mobile phone or interactive voice response service) and the front-end processor or
acquiring bank. Here’s how a typical transaction plays out.
1. A customer places an order on a website by pressing the “Submit Order” or
equivalent button, or perhaps enters their card details using an automatic
phone answering service.
2. If the order is via a website, the customer’s web browser encrypts the
information to be sent between the browser and the merchant’s webserver.
In between other methods, this may be done via SSL encryption. The
payment gateway may allot transaction data to be sent directly from the
customer’s browser to the gateway, bypassing the merchant’s systems. This
reduces the merchant’s Payment Card Industry Data Security Standard
compliance obligations without redirecting the customer away from the
website.
3. The merchant then forwards the transaction details to their payment
gateway.
4. The payment gateway converts the message from XML to ISO 8583 or a
variant message format and then forwards the transaction information to the
payment processor used by the merchant’s acquiring bank.
5. The payment processor forwards the transaction information to the card
association (e.g. Visa/Mastercard/AMEX). If an American Express or Discover
Card was used, then the card association also acts as the issuing bank and
directly provides a response of approved or declined to the payment
gateway. Otherwise, the card association routes the transaction to the
correct card issuing bank.
6. The credit card issuing bank receives the authorization request, verifies the
credit or debit available and then sends a response back to the processor
with a response code (approved or denied). In addition to communicating
the fate of the authorization request, the response code is also used to
define the reason why the transaction failed (e.g. insufficient funds, or bank
link not available). Meanwhile, the credit card issuer holds an authorization
associated with that merchant and consumer for the approved amount. This
can impact the consumer’s ability to spend further (because it reduces the
line of credit available or it puts a hold on a portion of the funds in a debit
account).
7. The processor forwards the authorization response to the payment gateway.
8. The payment gateway receives the response, and forwards it on to the
website (or whatever interface was used to process the payment) where it is
interpreted as a relevant response then relayed back to the merchant and
cardholder. This is known as the Authorization or “Auth”
9. This entire process typically takes 2-3 seconds.
WEB DOMAIN: This is traditionally known as the name or URL of a website and is
sometimes called the host name. The host name is a more memorable name to
stand in for the numeric, and hard to remember, IP address of a website. This
allows the website visitors to find and return to a web page more easily. It also
allows advertisers the ability to give a website a memorable name that visitors will
remember and come to, hopefully leading to conversions for the web page. The
flexibility of website domains allows several IP addresses to be linked to the same
website domain, thus giving a website several different pages while remaining at
the easily remembered address.
VIRTUAL CARDING: This is the process of purchasing physical or digital goods
online using someone else’s credit/debit card details.
PHYSICAL CARDING: This is the process of purchasing physical goods by going to
an actual physical store in-person and using pre-made credit cards with dumps
punched in them to conduct the fraudulent transactions. Transactions are also
possible to be conducted with an Android phone using NFC payments with
TR1+TR2 data.
CARDING: Term used when referring to using someone else’s CVV details to
conduct a fraudulent purchase on an online website or physically in person in a
store using DUMPS. Example, we can CARD a cellphone using someone else’s
details through Amazon, or CARD a $400 belt at a Gucci Store using dumps that
were punched into a blank card using devices specifically made for such purposes.
CARD HOLDER: The owner of the CVV that we’re using to conduct the fraudulent
transaction.
BILLING ADDRESS: An address directly attached to a CVV. This is where the card
holder’s bank sends his bills, hence the name BILLING.
SHIPPING/MAILING ADDRESS: An address used exclusively to receive mail. Most
websites do not allow transactions to be accepted if the billing address on a credit
card and the shipping address provided to the website are different.
AVS & NON-AVS: AVS stands for Address Verification System. This is a system used
to verify the address of a person claiming to own a credit card. The system will
check the billing address of the credit card provided by the user with the address
on file at the credit card company. AVS is used by mostly all merchants in the US,
Canada, and UK. Because AVS only verifies the numeric portion of the address,
certain anomalies like apartment numbers can cause false declines; however, it is
reported to be a rare occurrence. AVS verifies the numeric portions of a
cardholder’s billing address. For example, if the address is 101 Main Street,
Highland, CA 92346, United States, AVS will check 101 and 92346. Cardholders
may receive false negatives, or partial declines for AVS from e-commerce
verification systems, which may require manual overrides, voice authorization, or
reprogramming of the AVS entries by the card issuing bank. Cardholders with a
bank that does not support AVS may receive an error from Internet stores due to
lack of data. All countries besides UK, US & Canada, are NON-AVS.
VBV & NON-VBV: This is an XML-based protocol designed to be an additional
security layer for online credit and debit card transactions. VBV stands for Verified
by Visa. This is used to validate the card holder’s identity and prevent fraudulent
transactions. It works by asking for additional information either from the card
holder directly or by analyzing data behind the scenes to see if the purchase fits
the usual payment behavior. When a website and a card have Verified by Visa, a
message box pops up on screen after you have entered the Visa card details. You
are then asked to identify yourself with your Verified by Visa password or a code
sent to your phone. What you need to do at this stage varies but your bank will tell
you about the method they use and what they expect from you. If you don’t notice
the VBV message box appearing but instead see a revolving wheel, all the security
associated with VBV is still happening but in the background. And you don’t need
to do anything. The bank is verifying the purchase by making background checks to
see that everything is at it should be. Any Visa card that does not have the above
feature in place, is known as NON-VBV and you should ultimately look for NON-
VBV cards instead of VBV, because as you can see this verification process is a
huge hassle.
MASTERCARD SECURECODE (MCSC): MasterCard SecureCode is very much similar
to Visa’s VBV. It is a private code for a MasterCard account that gives the card
holder an additional layer of online shopping security. Only the card holder and
the financial institution know what the code is, merchants are not able to see it.
Fortunately, the majority of MasterCard cards do not have this security in place.
AMERICAN EXPRESS SAFEKEY: This is one of the least used security measures
around, and it is not even available in the United States. However, it is the same
thing as MasterCard SecureCode and Visa’s VBV.
NEAR-FIELD COMMUNICATION (NFC): NFC technology lets smartphones and other
enabled devices communicate with other devices containing an NFC tag. It is
widely used as a payment method, all you have to do is swipe your smartphone at
the checkout in any store, and most stores support NFC. Apple Pay for example,
uses NFC.
SSN: Social Security Number. This is a nine-digit number issued to U.S. citizens,
permanent residents, and temporary (working) residents in the United States.
Although its primary purpose is to track individuals for Social Security purposes,
the Social Security number has become the national identification number for
taxation and other purposes. SSN is frequently used by those involved in identity
theft, since it is interconnected with many other forms of identification, and
because people asking for it treat as an authenticator. Financial institutions
generally require an SSN to set up bank accounts, credit cards, and loans-partly
because they assume that no one except the person it was issued to knows it.
MMN: Mother’s Maiden Name. This is the name of someone’s mother BEFORE
they got married, that is, her name with her original family name (or “surname”),
the name she used when she was a girl and a young woman. “Maiden” here means
“unmarried woman”. So “maiden name” refers to a woman’s name when she was
still an unmarried woman. In many cultures, when a woman gets married, she
takes the family name of her husband’s family, so her name changes. Example, let
us say your mother’s name was Mary and she was born into the Smith family. Her
maiden name would be “Mary Smith”. Then, let us say, she married your father,
whose name was Tom Jones. When she married him, she became Mary Jones.
That is her married name, but her maiden name will always be Mary Smith. This is
one of the most important aspects to conducting successful transactions online for
high value products, as most banks ask this as a security question for making any
changes to the account.
DOB: Date of Birth. This is one of the most important pieces of information you
can get on your victim. The reason for that because with the date of birth, full
name and hometown, you can easily find the person’s SSN. And also because you
need this information if the bank ever asks you for it.
MAIL DROP: A mail drop is a location where you are able to freely receive illegal
products that were either carded, or drugs. You never want to use your own house
for these purposes as it will bring a lot of headache for you in the future. With a
mail drop, you can use it let’s say a month, and never show your face there again.
This will make extremely hard for any law enforcement official to track you down
and arrest you or conduct an investigation into your life.
BIN: Bank Identification Number. This is the first four to six numbers that appear
on a credit card. The bank identification number uniquely identifies the institution
issuing the card. The BIN is key in the process of matching transactions to the
issuer of the charge card. This numbering system also applies to charge cards, gift
cards, debit cards, prepaid cards and even electronic benefit cards. This numbering
system helps identify identity theft or potential security breaches by comparing
data, such as the address of the institution issuing the card and the address of the
cardholder. The first digit of the BIN specifies the Major Industry Identifier, such as
airline, banking or travel, and the next five digits specify the issuing institution or
bank. For example, the MII for a Visa credit card starts with a 4. The BIN helps
merchants evaluate and assess their payment card transactions. After submitting
the first four to six digits of the card, the online retailer can detect which
institution issued the customer’s card, the card brand (such as Visa or
MasterCard), the card level (such as corporate or platinum), the card type (such as
debit card or a credit card), and the issuing bank country. BINs can be check
through the websites below.
• https://www.bincodes.com/bin-checker/
• http://binchecker.com/
• https://bincheck.org/
• https://binlists.com/
PROXY SERVER: Every time you reach out to a website or connect with anyone
online, your online connection gives your computer “address” to the site/person
you’re connecting with. This is so that the other end knows how to send
information back to your computer. That address is your public IP address. IP
stands for Internet Protocol and you can check yours by going to whoer.net.
Without an IP address, you wouldn’t be able to do any Internet/online activity and
others online wouldn’t be able to reach you. It is how you connect to the world.
Your IP address comes from your Internet Service Provider (ISP). Unfortunately,
there are a lot of privacy concerns when it comes to public IP addresses such as
• Your IP address identifies where you are in the world, sometimes to the
street level.
• It can be used by websites to block you from accessing their content.
• It ultimately ties your name and home address to your IP address, because
someone is paying for an Internet connection at a specific location.
A proxy lets you go online under a different IP address identity. You don’t change
your Internet provider; you simply get a proxy server. A proxy server is a computer
on the web that redirects your web browsing activity. Here’s what that means.
• Normally, when you type in a website name (Amazon.com or any other),
your Internet Service Provider (ISP) makes the request for you and connects
you with the destination-and reveals your real IP address, as mentioned
before.
• When you use a proxy, your online requests get rerouted.
• While using a proxy, your Internet request goes from your computer to your
ISP as usual, but then gets sent to the proxy server, and then to the
website/destination. Along the way, the proxy uses the IP address you chose
in your setup, masking your real IP address.
Proxy servers are commonly used by identity thieves to fake their location to the
cardholder’s billing address. The reason for that is because some websites will not
allow a transaction to be accepted, if the purchase is being made from a location
much farther away than the cardholder’s billing address.
BANK DROPS: Bank drops are bank accounts that are opened specifically for the
purpose of storing your dirty funds. Once you open them, you can decide whether
you wish to withdraw the funds directly from the account as cash by going to the
bank ATM, or possibly clean them with specific methods, and only after cleaning
them, cashing them out (my preferred method and much safer). It is important to
mention also, that all bank drop accounts, are opened ONLY with the information
of someone else (aka FULLZ), so there is absolutely no possibility of these dirty
funds ever being traced back to your real identity. To open one of these bank drop
accounts, you will usually require the person’s DOB + SSN + DL + BACKGROUND
CHECK + FULL CREDIT REPORT + MVR/DRIVING RECORD for maximum success.
PROXY SCORE: When it comes to fraud detection, finding proxies is a big topic.
Fraud detection begins with thinking intelligently about the IP address associated
with a transaction. Where is that IP address, and how does that location relate to
other transaction data? Whereas most IP addresses inspire confidence, those
associated with a proxy generate suspicion. As the name suggests, a proxy acts as
an intermediary, passing requests from one computer to other servers. But
although there are legitimate uses of proxies, fraudsters are well known to use
proxies. Detecting proxies comes with two challenges. The first is how to recognize
an IP address as a proxy. The second is how to distinguish a “good” proxy from a
“bad” one; since by definition, a proxy is merely an intermediary, a proxy is not
high risk in and of itself. To consider how best to address these challenges, it’s
helpful to look to the primary goal of ecommerce fraud detection: thinking
intelligently about the IP address associated with a transaction in order to assess
risk. Fraud detection uses transaction data as the basis for this thinking and risk
assessment. Using this data and analysis, they’re able to gain insight into the kind
of traffic on a particular IP address. The Proxy Score, is a summary of risk
associated with an IP address. You want this to be as low as possible (0.80 MAX).
Anything above 0.80, you should move on and look for another proxy as that will
lead to a declined transaction 70-80% of the time. You can check your proxy score
on the websites below. Ideally you want the lowest proxy score that you can find, I
have used RDPs with a proxy score of 0.01 many times.
• https://getipintel.net/
• https://www.maxmind.com/en/request-service-trial?service_minfraud=1
(FREE TRIAL)
FRAUD SCORE: Every online transaction is given what is called a “Fraud Score”.
This is a number ranging between 0 and 999. It gives the merchant a number from
which he can determine if a given transaction is fraudulent or not. Transactions
that are given high fraud scores (over 300), are placed under manual verification
by an agent, who will decide if they contact the cardholder or let it through. Scores
over 500 with auto-decline, will block the card and an agent will immediately
contact the cardholder. Some banks have different criterias but certain things that
can affect the fraud score are:
• Comparison with the usual spending pattern of the cardholder
• Location of the charge
• Amount
• Risk factor associated with the merchant
For example, a $15.56 charge in the cardholder’s local Walmart will not trigger
anything, while a purchase of $2000 on Newegg will have an extremely high fraud
score and probably auto-decline if the cardholder rarely makes purchases online.
RISK SCORE: This is a percentage given to each transaction that ranges from 0.00%
to 100.00%. The factors that determine this score are whether an IP address,
email, device and proxy used are high risk or low risk. This is determined by fraud
systems that websites have in place such as MaxMind, which establishes the
reputations of IP addresses, emails, geolocation and other parameters. This should
always be checked before purchasing an RDP. Anything above 1.00% will lead to
declined transactions most of the time.
MAC ADDRESS: Whether you work in a wired network, or a wireless one, one
thing is common for both environments. It takes both network software and
hardware (cables, routers, etc.) to transfer data from your computer to another-or
from a computer thousands of miles away to yours. In the end, to get the data you
want right to YOU, it comes down to addresses. So not surprisingly, along with an
IP address, there’s also a hardware address. Typically, it is tied to a key connection
device in your computer called the network interface card, or NIC. The NIC is
essentially a computer circuit card that makes it possible for your computer to
connect to a network. An NIC turns data into an electrical signal that can be
transmitted over the network.
Every NIC has a hardware address that’s known as a MAC, for Media Access
Control. Where IP addresses are associated with TCP/IP (networking software),
MAC addresses are linked to the hardware of network adapters. A MAC address is
given to a network adapter when it is manufactured. It is hardwired or hard-coded
onto your computer’s network interface card (NIC) and is unique to it.
Unfortunately, a MAC address can be used by law enforcement in combination
with Internet Service Providers, to find someone’s true location and consequently
his identity. Further in this guide I will explain how to mitigate this risk.
VIRTUAL PRIVATE NETWORK (VPN): An essential step of conducting a successful
fraudulent transaction, is having a VPN. Most of you already know what this is, but
for those of you who don’t, VPNs are used to funnel your entire traffic to an
encrypted tunnel. This way, none of your traffic is able to be captured by your ISP
or an attacker, and consequently sniffed upon. Nor can your real location be
revealed if you are using a good and reliable VPN that prevents DNS leaks. This will
be discussed in more detail further in this guide.
RDP: Remote Desktop Protocol. This is a protocol developed my Microsoft, which
provides a user with a graphical interface to connect to another computer over a
network connection. You can for example, be using a Linux machine, and connect
to a Windows 7 RDP. RDPs are absolutely essential to conducting a successful
fraudulent transaction, especially HACKED RESIDENTIAL RDPs. The reason for that
is because these RDPs are from a REAL PERSON, with a REAL LOCATION/IP, and
REAL COMPUTER and BROWSER FINGERPRINT. They will exponentially increase
your success rate. They will also be discussed in more detail further in this guide.
SOCKS5: This is a proxy server that allows us to fake our real location. This is very
good if let’s say, we have a credit card with a billing address in Miami, we can use a
SOCKS5 near the billing address in Miami so that the website we are conducting
the fraudulent transaction in doesn’t raise our fraud score because the transaction
is being conducted in another state/far away from the credit card’s billing address
as this will lead to a declined transaction most of the time.
VIRTUAL MACHINE: This is an emulation of a computer system. Virtual machines
are based on computer architectures and provide functionality of a physical
computer. They allow you to run an operating system using an app window on
your desktop that behaves like a full, separate computer. The most used software
for virtual machines are respectively, Virtual Box and VMWare. Unfortunately,
they are not as reliable as using an RDP, but they are very good to CONNECT to an
RDP, so as to leave no traces on your original computer. Windows and OS X are
still not reliable enough in the aspect of leaving no traces, as the virtual machine in
these operating systems, will leak information to the host OS, and consequently
leave a lot of illegal evidence/traces on your computer that could later be used as
potential evidence in an investigation. However, you should never let it get to that
point the first place.
