THE BIG QUESTION: WHAT IS CARDING?
- Well, defined loosely, carding is the art of credit card manipulation to access goods or services by way of fraud. But dont let the "politically correct" definition of carding stop fool you, because carding is more than that. Much more.
Although different people card for different reasons, the motive is usually tied to money. Yea, handling a $9,000 plasma television in your hands and knowing that you didnt pay one red cent for it is definitely a rush.
But other factors contribute to your personal reason for carding. Many carders in the scene come from poor countries, such as Argentina, Pakistan, and Lebanon where $50 could mean a weeks pay, on a good day. Real carders (the one that have been in the scene the longest) seem to card for something more, however. The thrill of cc manipulation? The rush that the federalles could bust down your door at any minute? The defiance of knowing that everyday that you are walking among the public is another day that you have gotten away with a federal crime?
Whatever your persona reason for carding is, this tutorial should answer a few noobie questions and take the guessing out of the entire carding game. The resources and techniques mentioned in this tutorial are NOT, I repeat, NOT the only methods of carding. Experience in carding is key. You have to practice your own methods and try out new techniques in carding to really get a system that works for you. This tutorial is meant to get you on your way.
THE BASICS: WHAT DO I NEED AND WHERE DO I GET IT?
Credit Cards: Yes, CCZ.
"do you have any ccz"
"where can I hack CCZ"
"where can I get a list of valid CCZ?"
You need money to make money. Plain and simple. Which means that the only way your gonna be able to get ccs if you have ABSOLUTELY NO MONEY is if you successfully rip a noobie with 100 cards (but what noobie has 100 cards?), if you have any background in database hacking, if you trade for your ****, or if you know someone that's willing to give you ccz all day.
I know thats a discouraging statement to all of you, but we have to keep **** realistic. The easiest way to get ccz is to purchase them.
"but I cant get a job/I dont wanna work!"
Having a regular 9 to 5 job is not a bad idea in the carding scene. Not only will you have some sort of alliby to why you have all this expensive **** in your house, but you can also use the money (who cant nowadays) to pay bills. You cant card forever, and you cant sustain yourself by carding alone.
If you are REALLY strapped for cash, you have to go through the alternative: trade for your resources. you have to be resourceful in carding, meaning you have to use what you got. Got a psybnc admin account? Offer psybnc user for a cc or two. Got shells? roots? Can you make verification phone calls? just ask yourself "what do I have that might be valuable to someone else?" and work with that. It dosnt have to be big, it just has to get you a few cc's in your palms.
Once you've run your first successful cc scam, DONT SPEND ALL YOUR EARNINGS. Save $200 and re-invest back into the carding community. head to SC and get better cards. If you have level 2 cards, I suggest carding C2it/Paypal and using that $$ to buy ccs. (successful C2it/PP scamming techniques will not be discussed in this tut, sorry)
To other minor pointers on rippers and legit sellers, please scroll down to "SELLERS, TRADERS, AND RIPPERS, OH MY!"
"where can I check my CCZ?"
Knowing wether your cc is valid or not is really important for saving some time and energy. if you want the lame pr0n site check, you can check them under [You must be registered and logged in to see this link.]
The idea way for checking ccz is through an online merchant (authorize.net, linkpintcentral.) These merchants can verify cc amounts without charging your ccs. Good luck finding one. People on IRC want a ridiculous trade for These merchants (cvv lists, cash). So if you run accrosss a legit merc, dont give it out! even to your best buds! online mercs are gold in the world of carding.
Other methods for verifying cc amounts include registering your cc on an online bank. (You will need at least a level 2 card, level 3 for ATM cards). alot of online banks can give you limit, billing addy, ect ect but they require at least a level 2 cc (more info on ccz below)
CREDIT CARD FRAUD: INFORMATION IS KEY.
I want to make something clear right now. The secret to carding is not the number of cards you own, its what you can do with the cards. What do I mean by that? Simple.
Hypotherical situation: My name is Johnny and I have 3 ccs with SSN, DOB, CVV NUMBER, MMN, NAME, STREET ADDRESS, CITY, ZIP, AND BILLING TELEPHONE NUMBER. I have a friend named Billy. Billy has 300 CCCZ with CVV, MMN, NAME, STREET ADDRESS, CITY, ZIP, AND BILLING TEL. NUMBER. Whos more likely to successfully card something?
Simply put, I (Johnny) am. Why? Because I have more information that can prove that I am the person who owns this CC than Billy does with his 300 CCVZ. Does that mean Billy's not gonna card anything? No, that just means Billy's gonna have a hard time carding anything without verification.
So to sum up this lesson, you have to get information on your mark (the person that youre impersonating.) #1 rule in carding is: the more information you have on a person, the better chances you have for a successful transaction. Here is the information you're looking for(note: the levels of a card is not a tehcnical carding term, I' just used L1 L2 L3 to simplify **** throughout the tutorial.) :
TEL. BILLING NUMBER:
CARD EXP DATE:
(LEVEL 1: REGULAR CVV. If you have this much info, youve got yourself a regular cc. Nowadays you need this much info for carding ANYTHING worth mentioning. If you have any less than this information, youre **** outta luck. :\)
Social Security Number (SSN):
Date Of Birth (DOB):
******s Maiden Name (MMN):
(LEVEL 2: (PARTIAL FULL-INFO) If you have this much info, your ccz are on another level. With this info, you should be able to card PayPal, C2IT, and other sites without too much of a h***le.)
BANK ACCOUNT NUMBER:
DRIVERS LICENSE NUMBER:
PIN NUMBER (For CC or ATM card)
(LEVEL 3: (true full-info) If you have this info, youre cc is ready to card anything your heart desires)
Now if all you have is a regular cc, dont discourage. Just do some research and build your cards as much as possible:
First, go to whitepages.com and try to lookup your marks street address and phone number. Make sure it matches the info you have on your cc..
Last, but not least, take a quick look in ancestry.com. Ancestry.com is a bit of a *****, but you can lookup DOB and MMN (ie, if your marks name is anthony hawkins, his father is david hawkins and his ******s name is bella donna, Donna is the MMN)
So size up your cards and move on to the next lesson:
ATTAINING HIGHER LEVELS OF ANONYMITY:
Safety is key. No one wants to give the federalles the satisfaction of busting us and shutting down production, so we gotta stay as anonymous as possible.
First let me start off by saying theres no 100% safe way to card. Dont let people fool you into thinking that. You can be behind all the proxies, wingates, socks, and whatever else in the world, but you leave "digital fingerprints" wherever you go. For my personal benefits, I use a carded ISP combined with an anonymizer account ([You must be registered and logged in to see this link.] and a level 1 proxy. But I dont reccomend that for everyone.
[You must be registered and logged in to see this link.] offers excellent services for those that want to remain anonymous. The setback is that its a service, and like any other service provided, you have to pay for usage and they will restict your account due to fraudulent usage. Just card another one rite? If youre planning to use anonymizer, just concentrate on keeping your IP secret from their services instead of the site youre carding. The only set-back to the service is that they have some issues with sites using Java Applets, meaning you might have to skip out on some major sites that require JAVA.
proxies and such: I use a private hidden proxies, and dont really **** with any other proxies, so I cant comment too much on this topic (maybe someone will paste a seperate proxy faq?) As far as I'm told (thx red and hit), proxies differ from level 1 to level 3, 1 being the most anonymous, 3 being the least. You can also get free proxies from [You must be registered and logged in to see this link.] this is a descent site which ranks their proxies from "transparent" (leaks your ip) to "highly anonymous." they also do real-time proxy tests and other ****.
Stealther: Theres a prob out there that will actually link your proxies together for maximum anonymity. This program is called Stealther. Stealther can be registered via key (so you can go to #serialz on efnet and get a key) and is a descent anonymous program.
EvidenceEliminator: If you're really serious about carding, this is a program you NEED to have installed on your HD at ALL TIMES! Federal agents have several programs that allow them to extract information from your PC, such as the pages you have visited, the files you have deleted, and the emails you have written. Everytime your PC restarts, EE kicks in, providing you with the safety of erasing any tell-tale logs and history files. You always want to be prepared for the worse.
JAVA: Reguardless of what stealth method you are using, always be sure to disable JAVA on your browser.
CARDED ISP: I dunno if carding an ISP is safe or not. I've heard mixed feedbacks about this idea. However, I can testify that I've had expirience with such a matter and I havent had a problem as of yet. Some popular ISPs to card are Earthlink Pre-paid (you can pre-pay it up to a year, look for the link on their confusing website) and America Online (better used for a quickie card, just get out one of their 849308490383904 free 10000000 hour cds and input a few ccs into that *****)
These arent the only stealth methods out there: these are just the popular ones ATM. If you feel you have an anonymity method that works, by all means try it out. You never know what works and what dosent until you experiment.
If you need to know how anonymous you really are, there are some simple ways of testing this.
[You must be registered and logged in to see this link.] the first (and most basic) test you should take. whatismyip.com is a simple method of knowing what your ip is on the web. This does not run though JAVA so you cant really tell if your anonymous or not from this site alone.
[You must be registered and logged in to see this link.] This is actually a pr0n site protected by ibill. When you try to sign-up, there is a java applet that tells you "your current IP of blahblahblah is being recorded. Any fraudulent blahblahblah will be reported." If its not your real IP, you p***ed the second test. (you can also check your ccs here)
[You must be registered and logged in to see this link.] this is a basic check of your anonymity level. Must have JAVA enabled -- the true purpose of the site is to promote their software (multiproxy) which works in similar fashion to stealther.
DROPS AND VERIFICATION TECHNIQUES:
The right drop is essential to your scamming needs. Finding legitamite drops inside and outside of the US is hard. Many people keep your **** and dont send, or some people dont pick up the package at all! (theres nothing worse than watching your hard-earned laptop going back to the store because it was refused by the recepient)
If you live inside (or even outside) the USA, youre better off scoping a drop out on your own. A drop is basically an empty home that looks to be inhabited. This is the shipping address you use for your carding needs. Your items should only picked up at night. As awlays, be sure to have a cover-story in case someone asks why youre snooping around an empty home. "I'm picking up a package for the person that used to live here" is a legit excuse. Or even "my father is the real-estate agent." is good. Just keep in mind that if you order anything over $500, it will USUALLY need to be signed for, (this statement is based upon FEDEX/UPS policies. I've gotten feedback from people that state they have gotten their local UPS employee to drop merchandise worth 1k at thir doorstop using a note, but these are uncomfirmed rumours.) Wether youre willing to sit and wait all day on the doorsteps of your drop, or you rather leave the postman a note that says you'll pick it up at the nearest postal station, its up to you. (Dont panic if you have to pick up a package at the station. When you walk in, you need to be calm so it dosent arise suspicion. If the clerk asks you to wait more than 3 minutes, PLEASE dont stand there waiting to get busted, tell him/her you have a prior engagement and quickly exit stage left. )
If you live outside the USA, youre just gonna have to trust someone. The easiest way to get a legit drop in the USA is to ask around for people that have had successful experiences with a drop. Most drops hold a 50/50 or "you card something you card me sommething" policy. If youre talking so someone thats trying to cut themselves in to the deal "Ie yes, I know someone but you have to card me something too" just move on, they're wasting your time.
Just a quick note, if youre carding something like a plasma television, youll have better luck using a drop from the same state, changing the billing addy (you can change a billing addy with a level 2 card, youll need a L2 card for carding a plasma tv neways) and acting like you just moved. (have that mindset when you call in: I am (name of cardholder) and I just moved from (city a) to (city b)) Once you have the item in your possession, you SHOULD GUESS THAT YOUR DROP HAS BEEN FLAGGED. What does this mean? YOU SHOULD NOT - I REPEAT SHOULD NOT RETURN TO A DROP ONCE YOUVE CARDED EXPENSIVE **** TO IT. Reguardless of wether your drop is flagged or not, do you really want to take the chances?
The cellular phone: The anonymous cell phone is the carders sword. With it, you will make several calls to several companies using several names. You should keep this cellular phone for carding ONLY. (just in case you become confused and forget who youre talking to.) If you have a phone phreaking connection, youre a lucky SOB. For the rest of us, we gotta go out and get a pre-paid cellular phone. (a phone which dosent require much info to purchase and use.)
THE SITES: WHATS CARDABLE AND WHATS NOT?
Ok, so you got your ccs, your drop and youre as anonymous as you can make yourself. Now what sites are cardable? This is the easiest question I have to answer on this FAQ.
-ANY AND ALL SITES ARE CARDABLE- (THX CIA AND `Q_)
Why do I say that? because it's true. Like I said in chapter two of this little tutorial, its not about how many cards you have, its what you can do with them. Alot of this has to do with your mindset as well.
If you have a card from Johnny Knoxville from Texas, you must be Johnny Knoxville from texas. Depending on the information that you have acquired from Johnny Knoxvile, you must convince merchants and I-stores that you A R E Johnny Knoxville.
When approaching these I-stores, you want to scope things out first. Ask yourself a few questions:
-whats their policy on different shipping address than billing addess?
If they have a "must call" policy, make sure to give them an anonymous number where you can be reached (have your anon cell phone ready for this.)
-do they accept other payments besides credit?
If they accept other payment methods, sometimes its easier to card with a different payment method. (Ive had more luck on Dell.com with online checks that I have with credit cards.)
Whatever you card, make sure that you have all your info prepped before carding it. If youre carding something over 1k, get on your anonymous celly and call up the banking institution of the person's card youre holding. Make sure to let them know that youre making a purchase of a large limit, so they dont deny your card.