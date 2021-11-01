The purpose of writing this article is very clear. It serves as a "compass" for those who really want to understand this industry. Of course, all aspects of knowledge only involve the basics. Reading this article can only give you a preliminary understanding of the CVV SHOP. If you think carding can "graduate" by reading a few more articles on the Internet, too young to simple.

What I want to say about nouns: All nouns and classifications may have multiple names due to different translations or personal opinions, such as dump literal translation, which literally means to record one thing and transfer it to another place. Some people call it copy, some call it track, and some people classify the fake card as Dump. Here is an example: 3+4=7, 2+5=7, 6+1 is also equal to 7. As long as the result is the same, it is Ok.

Domestically, the process of stealing credit cards is called washing materials. The materials are divided into many types, including CC, copy (Dump), one online and one offline.

Carding (CVV) Online shopping for cards in some countries

A complete outside material (not fullz)

1. The composition of CVV ​​is 16-digit card number, 4-digit valid date (month/year), 3-digit cvv2 (security code)

2. BIN refers to the first 6 digits of the card number. The region and issuing bank of the card can be judged based on the BIN.

3. SSN-US Social Security Number, for example 517920249. Can be understood as an ID card.

4. Library materials-"Hackers" use unconventional means such as violating the library and hitting the library to hack the online trading website server to obtain the user information of the website. Advantages: large quantity, cheap, disadvantages: low survival rate and incomplete information.

Risk control

Risk control-the simple point is that the bank's risk control system uses big data analysis to determine whether verification is required. According to experience, it can be roughly divided into the following methods

1 : Data correctness: it is the basic verification card number|cardholder name|expiration date| cvv2

2: Log in IP verification: cardholder transaction IP on your current IP belong to the same city, it will trigger validation.

3 : Input method: some websites have copy detectors, if it is copied information, it will trigger risk control and refuse to pay

4: The payment website has its own risk control library, most of which have been used by everyone . The BIN payment inside will generally be verified or directly rejected, and you need to manually contact the website for activation or authorization. Of course there are access third-party risk control data library.

5 : Your registration time: Some websites have a high level of risk control for newly registered users. I won't elaborate on this value, I understand!

6 : Correspondence of data, for example, your registered account email address is 123465789@qq.com, the name of the cardholder who pays is Debbie

7: Account change abnormal: One IP logs into N accounts on the website or one account changes IP multiple times, it will definitely be triggered.

8: Device verification: also frequently change logins, window 7 for a while.

Payment environment

RDP remote desktop-many hackers leave a backdoor on the computer of a real user, and you can access the computer at any time and perform all operations. If you can raise pigs by yourself, it's a different matter otherwise you'd better buy them from others. For example, you use a US card to pay on a Japanese website, but your browser is a 360 browser and your IP is German. Then your transaction will definitely be verified or rejected this time. If you are using DRP operation, these problems do not exist.

The most received private messages mean how to configure the payment environment? All I can tell you is the method of operation. You must think more about how to match it. The risk control conditions have been listed, and you can look up and see it without saying more.

In addition, as long as the actual collection rather than the storage material should have the operating environment currently used by the cardholder, editors often purchase foreign servers, and several times use commonly used computers to pay, and the use of domestic bank cards does not trigger SMS verification. So there are browser, IP and other information. Having these is equal to getting twice the result with half the effort. Fullz materials are usually several times the price of ordinary materials.

DUMP

Dump-tracks, physical cards, and copy cards are all dumps. Early bank cards used magnetic strips to store information with three tracks. Few bank cards in the world used three tracks.

Since magnetic stripe cards have a high risk of leakage, since 2018, domestic magnetic stripe card transactions using Union Pay POS machines will require secondary identity verification. In addition, all bank cards have not processed the new Union Pay standard magnetic stripe card.

