Investor
Professional
- Messages
- 106
- Reaction score
- 78
- Points
- 28
CC (card) - also known as a credit card.
The 3 digits on the back of the card are the CVV code on cards such as Visa/MC/Discover.
Amex has a 4-digit code. (Amex also has a CVC2 code, which is located on the back of the card after the number).
CH - card holder - card owner.
Socks (proxies, socks) - changing the territorial location on your system (masquerading as a person).
Socks5, ssh, PPTP are all network protocols.
SSH-tunnel (Tunnel, Tun) - they last a long time, 1-3 weeks. They are cheap, costing from $0.5 to $5. It is very, very difficult to find clean ones.
45.76.221.153:22|test123|test12345|United States|Washington|Seattle|98121
The connection to the tunnel is made via Proxifier+BitviseSSH. Proxifier is launched and minimized; we need it as auxiliary software for BitviseSSH to work.
Insert the tunnel into BitviseSSH
Host - 45.76.221.153
Port - 22 (may not be specified, if so, enter the standard port - 22, as specified for this tunnel)
Username - test123
Password - test12345
United States|Washington|Seattle|98121 - geo tunnel.
Socks5 (Socks) - don't last long, usually rented for a day. Cost $1-2. They're pretty clean. Easy to find.
47.148.10.110 91.236.132.18:52479 2f802869:19290hd8 United States CA Murrieta 92563
You need Proxifier to connect to Socks.
Launch Proxifier. In the upper left corner of the program, you will see the Profile tab, then ProxyServers... then Edit.
Address - 91.236.132.18
Port - 52479
Username - 2f802869
Password - 19290hd8
United States CA Murrieta 92563 - geo sock
PPTP - long-lasting, 1-3 weeks. Cost $2-4. Finding a clean one should not be a big problem. PPTP will always have port 1723 open.
115.75.282.117 admin1 admin1 Arizona Scottsdale 85260
Go to Control Panel -> Network and Internet -> Network and Sharing Center -> Set up a new network connection -> Connect to a workplace -> No, create a new connection -> Use my Internet connection (VPN)
OVPNconfig (configs) - long-lived, 1-3 weeks. They cost $10-50.
It's pretty easy to find a clean one.
Config requirements:
up to 10 maxming.
up to 28 ipqualityscore
We get the config as a file. Install OpenVPN GUI from the website - openvpn.net/community (https://openvpn.net/community-downloads)
Place the configuration in C:\Program Files\OpenVPN\config and run OpenVPN GUI as an administrator.
Select our server from the context menu and connect.
I recommend downloading OpenVPN GUI.
OVPNconfig - there are also northern ones (those on your server) and home ones.
Home ones involve gaining access to a vulnerable router and deploying an exploit there, followed by configuration.
Home ones are suitable for self-registration, hacking, etc.
Dedicated (vnc) - a dedicated server. Similar to Socks and tunnels.
There are two types:
1) Virtual dedicated servers are dedicated servers hosted on their own hosting or server. They are not suitable for high-quality hacking because they are not real systems, and we cannot select the right city, etc.
They are good for hacking into games/software/etc.
Or for very weak shops.
They are also good for testing all kinds of viruses.
-The price is attractive.
-The speed is good.
-They last about a month.
Many fraud systems can find out the IP and go to the server where the dedicated server is located (in pursuit of money, don't forget to keep an eye on your security).
2) Home dedicated server - a real system of a real person - when buying a home dedicated server, we can buy ss for the dedicated server and hack into kh - it will be very cool - pickup/reroute with a bang.
Home dedicated servers are obtained through hvnc, botnet, brute force.
An expensive combination is socks + the dedicated server itself.
The lifespan of a home dedik can be increased by creating your own account on top of it.
Cons: sometimes there are dediks without admin rights, they don't let you open a browser, they don't let you do anything.
As for cleaning up old data, you won't be able to clean it up completely; the connection log will still remain.
Therefore, I advise you to dump it in the freebies section of forums or Telegram chats.
A drop is a front man; a person picks up the package and redirects it using a fake ID.
Drop panels are the same in many services:
Click on “couriers” - select the drop and add it to the panel. It all depends on what methods you will use.
In order to get a drop panel, most normal services require registration on thematic forums for at least 3 months, many may require a deposit, and some give it right away.
To get access to the panel, find the one you are interested in, write to the drop panel admin to give you access.
Usually, we are asked what we do and what kind of goods we sell. We write that we sell Makita and Dewalt tools, for example.
We are asked about the store - we open Google, enter the name of the product, find it - you can link directly to the store with the product.
Only the store is not Amazon or eBay, but a regular one. Less popular (3-4 pages on Google).
After that, you will be given a panel.
After your store has shipped the item, click on “New Shipment” and fill in the form. If it's a buyout, select ‘Buyout’; if it's a middleman or other drop, select “Forwarding.”
ASIN is needed to verify products sold on Amazon. When you search for shops, you will find the same product, but it may differ in color, shape, etc.
ASIN on Amazon:
If you have not been paid for a package or have any other questions, don't hesitate to contact support with the package ID (the ID is displayed in the panel for each shipment).
An intermediary is an office located in a certain country, usually in Europe. The warehouse provides a certain storage unit where we place our goods, and this is how the intermediary understands that these are our goods.
PS: Shops have an address field 2, where you can enter the storage unit number. You can enter #1234, apt 1234, suite 1234, etc. 1234.
Also, in the SS itself, the address may contain Unit A, Unit P-3026 - these are all storage units.
The intermediary is a legally operating warehouse that earns money on shipping.
We register the intermediary with a fake passport. Use your own number, but it's better to use a fake SIM card. We pay with our own money and don't put the carton in the package, otherwise it may not arrive if there is a charge. If they have any problems, they work with the local police.
They won't be able to figure it out, but the phone number and registration details will be on file.
Also, not all shops send to intermediaries. Many shops simply won't send because they know the addresses of intermediaries. And they know that it's not a person.
Killing and working on the side
Registration:
1) Find a set of documents for your country.
2) Buy a left SIM card somewhere in the subway. An SMS will be sent to the phone number you specified from the post office.
3) Register for a set of documents on the side. Create an email address and enter your phone number. Then confirm everything.
4)The warehouse provides the address.
Enter this information in the shipping section. Don't forget to include the street address 2, which is the box number. If you don't specify this, your package will not be displayed in your account.
If you want to use a middleman, you need to find a shop. It's better to start with small shops. And СС - buy under ZIP middle name. You can also open Google Maps and check the distance.
You can also search for intermediaries not only on the website but also directly through Google: type in “top 10 intermediaries usa.”
A buyer is a person who accepts goods from dropshippers. They buy them up.
Chargeback is a payment refusal.
Enroll is the same as CC, only with access to your personal account.
SSN - Social security number
SSN is usually used for bank calls - breaking through VBV shops, creating rollers, etc.
DOB - date of birth of the CH, usually used in shops, we enter the DOB and then they request documents. And if it doesn't match, they cancel the order.
SSN and DOB are not included with the purchase - and we don't need them for regular use (they are needed to access mobile banking - to at least know the card balance - which is convenient).
MMN - mother's maiden name
Background report (BG) - Reference report on the CH. This report contains information about all of their new addresses, phone numbers, possible relatives, criminal records, etc.
In our case, we don't check the BG completely (we don't need a full report).
If you come across a card with a crooked billing address, then we go and check the BG.
We can also find out the phone number/email address for further flooding.
You can use old numbers when hacking.
Credit Score - The level of trust the banking system has in a person.
Checking BG and Credit Score:
fastpeoplesearch
truepeoplesearch
truthfinder
instantcheckmate
experian
peoplefinders
spokeo
annualcreditreport
- I linked CC from work to some services.
BIN - the first 6 digits of the card, absolutely any - Contains a lot of information. The first 6 digits of the card 405383 - this is the BIN.
Knowing only one digit of the card, we can determine what type it belongs to.
If the card number begins with:
Currently, seven-digit and eight-digit BINs are being issued. Don't be alarmed—shops mainly use 6-digit masking.
Knowing the bin, we can find out whether it is a debit or credit card. Check the card level.
Since we have the card, we only have basic information about it—we cannot find out the balance. The balance can be found out by calling public banks (they will ask for additional information) or by creating an account (enroll).
Once we know the card level, we can determine the approximate balance and, based on that, select goods for that amount.
Naturally, the higher the card level, the higher the balance on the cards may be.
Card levels + approximate credit amounts:
There are many card levels, and privileges and limits depend on the bank. The higher the level, the stronger the protection.
I do not recommend taking prepaid, gift, or electron cards—you can't guess with these credit cards.
Credit cards come in two types: credit and debit.
Credit cards have better balances, but they have stronger bank protection (they give less).
Debit cards have a lower balance but are easier to get.
Note on debit cards: it's better to look for CU FCU, and even better to get bin cards that work as debit cards — they sometimes have good balances.
Why doesn't it work?
Protections in the shop and + card validation checks.
Shops can be:
1) A shop can be self-written.
2) A shop can use a ready-made CMS (CMS - a store engine to which products, payment systems, design, shop themes, and much more are added).
When it comes to self-written shops, protection can usually be added/hidden somewhere in the code. It may not be present on the shop itself, but it will be on the merchant's side.
Merchants are usually linked via API keys.
Extensions are also added to CMS — fraud detectors — which are also usually linked via API. But CMS can also hide the fraud detector in the code.
And there is protection from the bank if the bank sees something suspicious.
Here are a few cases from my experience with auto-blocking:
How are CC checked?
To check a card for validity, simply perform a transaction on the card; if successful, it is valid.
The checker may debit a small amount from the card, $1-5, and return it.
Also, linking to a service such as Yahoo, Google, or Microsoft.
But linking to Google is risky.
How to check a CC?
You can check if a card is valid:
1) With a credit card checker—a service that is usually available in shops selling credit cards. That is, you simply copy the card details into a special field on the website and click “check cc.” In response, you will be told which credit cards are valid and which are not.
The advantages are that it is fully automated and you can check many cards at once.
The disadvantages are that because many cards marked as fraudulent pass through this service, it quickly ends up on all kinds of blacklists, and therefore may not pass validation for some bins, or worse, kill the credit card.
2) Donate - a regular donation website, where you set a minimum amount and make a payment. If the donation is successful, the card is valid.
3) Installing antivirus or other software (eset nod32, doctor web, wise cleaner, malwarebites, and others).
4) “Authorizers” (you can call them that) - services where you can link cards to your account, but not make purchases. An example of this is PayPal, where you cannot link a dead card, but you also do not need to pay for goods.
Decline codes:
01 Refer to card issuer. (You need to call the bank to complete the transaction)
02 Refer to card issuer. (You need to call the bank to complete the transaction)
03 Invalid merchant. (Incorrect merchant ID)
04 Pick-up card. (Card blocked by bank due to fraud)
05 Do not honor. (Transaction declined by bank without explanation)
06 Error. (Unknown error on the bank's side)
07 Pick-up card, special condition. (Card blocked by bank due to fraud)
08. Honor with Identification - The bank requested additional identification to complete the transaction.
10. Approved for Partial Amount - The transaction was approved for only a portion of the requested amount.
11. Approved (VIP) - The transaction was approved due to the customer's VIP status.
12 Invalid transaction card / issuer / acquirer (The merchant does not accept cards from this bank)
13 Invalid amount (The amount exceeded the bank's transaction limit)
14 Invalid card number (Incorrect card number or card blocked by the holder or bank)
15. No Such Issuer - The bank that issued the card does not exist or cannot be found.
16. Approved, Funds Available - The transaction was approved and the funds are available for use.
17. Customer Cancellation - The transaction was canceled at the customer's request.
18. Customer Dispute - The customer has disputed the transaction.
19 System Error (System error on the merchant's side, transaction must be repeated)
or 19. Re-enter Transaction - Transaction must be re-entered.
20. Acquirer Error - Processing error
We only refund money using these codes.
AUTHORIZATION CODE — AUTHENTICATION RESULT
04 — Pick up card (no fraud)
05 — Do not use (we DO NOT refund money using this code for the UK, Switzerland, and EU countries)
07 — Pick up card; special condition (fraud account)
14 — Incorrect card number
15 — No such issuer
33 — Expired card, seizure
39 — No credit account
41 — Lost card; pick up (fraudulent account)
43 — Stolen card; collect (fraudulent account)
46 — Closed account
54 — Card expired
55 — Incorrect PIN code
57 — Card transaction not authorized
59 — Transaction not authorized — Merchant
62 — Restricted card
63 — Security breach
65 — No account
76 — Invalid date
96 — System malfunction
97 — Incorrect CVV
H7 — CVV2 value provided is invalid
We do not refund money for these codes.
AUTHORIZATION CODE — AUTHENTICATION RESULT
00 — Approved and completed
03 — Incorrect merchant ID
08 — Honor MasterCard with ID
10 — Partial approval
11 — VIP approval
13 — Invalid amount
28 — File temporarily unavailable
51 — Insufficient funds
52 — No checking account
53 — No savings account
56 — Transaction not supported by institution
58 — Transaction not allowed for terminal
61 — Exceeds withdrawal limit
65 — Exceeds frequency limit
82 — Expired at issuer
83 — Network connection problem
85 — No reason to decline
91 — Issuer unavailable
93 — Violation of law
98 — Card was checked less than 3 hours ago
99 — Maintenance in progress
P0 — Customer requested to stop a specific recurring payment
P1 — Customer requested to stop all recurring payments from a specific merchant
T0 — First check was successful and converted
T3 — Amount exceeds limit
T4 — Unpaid goods; negative file check failed
T5 — Duplicate check number
T7 — Too many checks
Merchant is an electronic aggregator for processing incoming payments, in other words, it is a program that directly accepts payments through a website. There are a huge number of merch, both large and self-written.
There are not many popular merchants. With time and experience, when you visit a new website, you will already understand - “this website is similar to the one I visited before, most likely it works, or it doesn't. You can also orient yourself by the CMS design.”
Analysis of merchants and their features.
1. Shopify is truly the most advanced and strict merchant when it comes to fraud. If you have money, everything goes smoothly. But then the problems begin. The admin panel has a bunch of order verification and analysis features. Starting with standard ones like IP, OS version, location, services, etc., and ending with clicks, viewed products, time spent on each action, etc. In short, absolutely EVERYTHING you do. This merchant checks everything. In the US, it comes in 2D. In Europe, additional merchants with 3D are sometimes connected.
2. Authorize.net - Features:
-ABC match verification
-Verification of the distance between the IP address and the holder
-Blacklists on the IP address and verification of previous orders, if any, from this IP address
-Verification of the holder for previous charges, payment behavior, and transactions according to card data
-Verification of the phone number according to public records in automatic mode
This is 2D merch. You can connect 3D in the panel itself, but it is rarely done.
3. Magento (up to version 1.9) - Magento itself is a CMS engine for shops. Up to version 1.9, they have their own merchants. Everything above 2.0-2.4 already connects to additional merchants such as:
in the USA: authorize.net; braintree (braintregatway); x-cart; adyen
in the EU: Safer Pay; Sage Pay; Paysafe; IntelliPay; omniPay; lawpay, etc.
Magento itself is a simple merchant.
4. Braintree (Braintregatway) - Simple 2D merchant, works with everything.
5. X-Cart - Has its own merchant, also connects to many additional merchants. The merchant itself is simple.
6. Adyen - All countries are supported. Sometimes it can get into the shop, but that's more for fraud.
7. 2Checkout.com - Simple 2D merch. Usually installed on antivirus subscriptions.
8. computop - European merch with 3D. Supports EU non-residents.
9. Beanstream - Canadian merch, always 3D. They go for EU non-residents.
10. Drupal Commerce (Drupal) - Simple 2D merch for the USA. For EU, they connect additional payment systems with 3D.
11. Stub Hub + virtual POS terminal - very common on websites that sell tickets for all kinds of events. It is quite difficult to enter this merch, VBV - always, YUSU has never managed to push it through, only EU non.
12. Banca Sella - VBV merch with a rather weak anti-fraud system, which is easily bypassed by US or UK cards with VBV reset.
13. Bucharoo - complex Dutch merch. 3D/SafeKey, bypassed with non CA.
14. Wirecard and Erstes - 3D merch - eats USA non
15. SafeхPay - VBV, only EU. Sometimes without VBV.
16. Euro payment service - works great with US MAT under reset.
17. Zerogrey - there are 2D shops, mostly 3D. Accepts US/UK with reset.
18. QuickPay, Commdoo, Dibs payment, heidelpay, klik&pay - all these merchants without VBV, accepts anything.
19. Qenta - VBV in rare cases (mainly shops without VBV), accepts EU
20. Skrill - Capricious merchant. Accepts EU with reset and occasionally US.
21. Safer Pay - SafeKey available, sometimes without VBV. UK under reset.
22. Sage Pay - VBV always in all shops. Accepts AMEX as there is no SafeKey. Accepts UK and USA with reset, but not all bins.
23. GPayments - 3D merch
24. Arcot - Always 3D. Accepts EU MAT NON.
25. Nitrosell - Increasingly capricious, more often requires EU.
26. Sella - Not to be confused with Bank Sella, only EU, always 3D, rarely found in shops.
27. Nochex, Datacash, Ingenico e-commerce - (not to be confused with regular Ingenico) - always VBV.
28. Payzen - goes through USA with reset.
29. Payline - Capricious EU merch with 3D. Did not go through.
30. ANZ eGate - connects to WooCommerce. 3D always. Works well in the USA with reset. EU not tested.
31. BillriantPay is a Chinese payment gateway, both 2D and 3D. It is better to check it in advance by testing it in the shop.
32. BlueSnap Credit/Debit - used on wp cms. Amex and Discover are accepted.
33. Cardinal Commerce Centinel — Complex European merchant. Non-customers can get through. However, orders are canceled for unknown reasons.
34. Converge (Virtual merchant) — Simple merchant. Both 2D and 3D — it is better to check.
35. Demanware — Simple 2D merchant with features similar to Magento.
36. E-Gateway - EU non.
37. Heartland Payment System - Found in both US and EU shops. Complex. Breaks through the US with a reset.
38. HeidelPay - Certain bins get through. 3D.
39. Innovative Gateway - Simple US 2D merch. Rarely gets through 3D - eats non.
40. Netbanx Hosted Payment - Almost always 3D.
41. Netevia - Quite complex merch.
42. Paya - works with WooCommerce, sometimes 2D. Better to check for 3D. Accepts any US currency.
43. Quantum Gateway - always 3D
44. Simplify Commerce - works with WooCommerce. Simple merch, mostly 2D. But we've seen 3D.
45. PayFort - Accepts CA non. Always 3D.
46. Metaprise - 3D is always better to take non. They ask for more drawings after entering.
47. Helcim - complex merch, similar to autorize, only with 3D.
48. Finix - always 3D.
49. PaySimple - Always 3D. Better uk.
50.PayJunction - 2D and 3D. We check.
51. lawpay - usa non or with reset.
52. ePayPolicy - Always 3D. Goes through eu non.
53. finway - EU 3D merch
54. multisafepay - always 3D, EU exotic non-3D.
55. curopayments - always 3D, EU non-3D.
56. Cashstar - Complex, capricious merch on GIFs, accepts Mastercard, Amex, Discover
57. wgiftcard - Complex, capricious merch on GIFs, accepts Visa, Amex, Discover.
58. toastab - Merch on GIFs, accepts everything. 2D.
59. Worldpay - EU merch always 3D.
60. Cheddar Up - EU merch always 3D.
61. Bolt - In the USA - 2D - easy to get through. In the EU, more likely 3D.
Merch also has standard protection against fraudulent transactions, with an integrated admin panel for manual order verification and a shop manager.
As experience with shop admin panels has shown, all fraud protection is created from various modules that are usually considered both manually and automatically.
Shipping address - delivery information, write the drop/middleman/purchaser address here:
Billing address is payment information about the CH, data from the CC itself:
Every shop has shipping (delivery address) and billing. If we write Hose Mendosa in the shipping address and Cole Baker in the billing address, the shop may not like it and will not send the order.
In general, it depends on the store, but it is better to write:
1) The name of a relative - their last name. Pretend you are ordering for a relative.
2) Just the first name (because Americans like to move around).
According to the BG (report), you can find out about neighbors and relatives.
Regarding the EU: if countries do not disclose billing information, you can write any name you want. It can be a drop, a middle name, or a nickname.
Pickup is when we enter the address into the system, wait for the parcel to be sent, call the delivery service (give them the tracking number) and ask them to leave the parcel at the post office instead of delivering it to the door (in person) - and then the services (via the drop panel) pick up the parcel using fake documents.
Caller is a person with good English (or other languages) skills. They are needed to call the post office, bank, or online store.
Rerouting is also entering the kh, waiting for the shop to send it - calling the delivery service (we give the order to the caller) - to understand how this happens, here is an example of communication with support - I work in another state, send it to another address ( посреда etc.) - i.e. initially the parcel was sent by the store to the kh address, but we in the delivery service changed the recipient's address to the one we need
Address Verification System (AVS) - an address verification system that compares the address we entered in the billing information with the actual address of the cardholder.
https://chargebacks911.com/knowledge-base/what-is-address-verification-service/#1 (you can learn more about how AVS works)
It comes with bank protection and, according to the standard, should be built into USY shops.
When issuing a card at a bank, CH indicates its billing address (payment address) — this is the zip code, state, city, street, and house number.
This data is entered into the bank's database.
When filling out information in the shop, the billing address fields are encrypted and sent securely through a channel to the bank, where the correctness of the entered data is automatically verified.
If everything is correct, the order is automatically passed on; if there is an error, it is canceled.
AVS itself is a fairly simple topic, but the problem is that the material itself may contain a false or old address.
This is because the owner may move frequently and have five addresses.
And the address in the billing, for example, is the third address. He issued a card at this address and uses it.
If there is no address, there is an option to try to find it yourself for free using Google search.
Sometimes you have to turn to search engines, but even they cannot always say for sure what the address is in the bank.
Therefore, there may still be certain problems with AVS, even though the protection is simple.
The Payment Processor is also involved in the payment process. Its task is to interact with Visa/MasterCard and other payment systems, with the bank that issued the CC CardHolder, with the AVS system, respectively, and based on the information received/processed, it informs/recommends further actions.
3DS is additional protection when shopping online.
3DS is not exactly bank protection; it is protection provided directly by Visa and Mastercard card services.
3DS protection can be linked to both the store and the cards.
3DS is a standards-based authentication protocol that helps merchants reduce fraud.
VBV - verified by Visa.
Mcsc - Mastercard Secure Code.
This is 3DS.
Again, there are different types of 3DS.
The first is a code that the merchant sets when receiving the card. (This can be a word, dob, etc.) and then this protection is requested.
Previously, there was a way to reset this code and set your own if it did not come with the material, but then this feature was disabled, so if the card has protection and the code does not come with the material, there is nothing you can do (unless it works on auto vbv).
The second is an SMS code, a type of protection used in Europe and many other countries, which can sometimes be bypassed only if you have access to email, and even then, not always.
There are also options with a duplicate SIM card, but this is expensive, time-consuming, and not suitable for our purposes.
Another option is transaction confirmation via push.
The third is the newest, a changing code on the card itself.
There are very few of them, and their data does not actually end up on the network.
In the USA, 90% of shops do not have 3DS, but they do have AVS. Usually, we can find out whether a shop has it or not by the 3DS icon or icons such as Verified Visa/Verified Mastercard.
In order to find shops that have a 3D system, we need certain bin numbers.
Non-VBV - no VBV check.
Auto VBV - auto.
In order to hack shops that have a 3D system, we need certain bin numbers.
Non-VBV - no VBV check.
Auto VBV - automatic approval.
VBV reset (usually SSN or ZIP) - this is where you need to enter either your SSN or ZIP instead of VBV.
When we have a bin non-VBV and a shop with 3D, there will be no window from the bank. We will be automatically redirected to “Thank you for your order” or “Decline.”
Bin AUTO VBV - a window from the bank will pop up, but inside it will be processing. Then it will automatically redirect you to “Thank you order” or “Decline” (picture on the left).
Bin with reset by SSN or ZIP - enter SSN or ZIP instead of SMS - we will be automatically redirected to “Thank you order” or “Decline” (picture in the center and on the right).
Non-auto and reset are only applicable to 3D shops. If the shop is 2D, their function is useless, as the passability is the same as on СС.
We take the work, find a website (merch) that definitely has 3DS, and start hitting it for $700-1000 and watch the behavior to see if 3DS will pop up or not.
Methods for bypassing 3D.
1) Using non/auto/reset bins
2) There are shops where you can try to block 3D from the console. Since we already know that 3D is just an additional check.
There used to be software that bypassed 3D via EU. It's called Moretti VBV soft. I reverse engineered it and figured out how it works. The only thing I know is that there are banks with curve protection.
Merchants:
BRAINTREE
SAGEPAY
STRIPE
SHOPIFY
BARCLAYS
EPDQ
WORLDPAY (maintenance)
INDIPAY
AFTERPAY
SHOPIFYPLUS
XSOLLA
ADYEN (maintenance)
All we need to do is parse the requests:
127.0.0.1 0eaf.cardinalcommerce.com
127.0.0.1 3dauthentication.bankcomm.com
127.0.0.1 3ds.bnpparibas.com
127.0.0.1 3dsecure.deutsche-bank.de
127.0.0.1 3dsecure.icscards.nl
127.0.0.1 3dsecure.pay.nl
127.0.0.1 3dsecure.vinea.es
127.0.0.1 3dsecure-cardprocess.de
127.0.0.13d-secure-code.de
127.0.0.1 ca-sp.wlp-acs.com
127.0.0.1 lbp.wlp-acs.com
127.0.0.1 3d.secure.lcl.fr
127.0.0.1 acs-3dsecure.creditmutuel.fr
127.0.0.1 hsbc.wlp-acs.com
127.0.0.1 bnpp.wlp-acs.com
127.0.0.1 sg.wlp-acs.com
127.0.0.1 acs-3dsecure.cic.fr
127.0.0.1 acs-3dsecure.cm-cic.com
127.0.0.1 3dsecure.bpce.fr
payv2.multisafepay.com
postbank-3dsecure.wlp-acs.com
rabobank.nl
regiobank.nl
safe.pay.nl
secure.axisbank.com
secure.curopayments.net
secure.ogone.com
secure4.arcot .com
secure5.arcot.com
secure6.arcot.com
secure7.arcot.com
securecode.abnamro.nl
securesuite.co.uk
secureyou3d.ing.be
verifiedbyvisa.barclays.co.uk
verifiedbyvisa.comdirect.de
verifiedbyvisa.sparkassen-kreditkarten.de
visa.com
wlp-acs.com
Add these lines to the hosts file on the virtual machine (Windows) located at: C:\Windows\System32\drivers\etc\hosts
This will prevent the authentication page from opening and the SMS from being sent to the cardholder.
We need to find and block requests like these. Orders are broadcast without any problems. Then it's 50/50. Either the shop will approve or cancel.
3) Method 3 is most likely a matter of waiting. You can just sit and wait, and the 3D will disappear. This worked on BestBuy.
When it comes to 3D, we have it on all types of credit cards.
Visa/Mastercard, Amex looks different: they ask for cvq2 - these are 3 digits on the back of the credit card (we can't get around this). And Amex's cvv consists of 4 digits.
Discover mainly uses push via phone.
Fraud is a type of fraud in the field of information technology, specifically unauthorized actions and unauthorized use of resources and services in communication networks.
Anti-fraud is a system or set of measures for detecting, preventing, and responding to fraudulent activities.
Each merchant attached to the shop has its own fraud assessment scale and settings.
This is a comprehensive software that is connected to the banking network and the shop at the same time, also has a payment system, and is a transaction protection system that configures the strictness of transaction passage by the shop itself.
From the moment we enter the shop's website, the merch begins to assign us fraud points based on our actions on the website.
It analyzes which link we clicked on, which website we came from, whether we typed the address into the browser or used a search engine. It also closely monitors our behavior — whether we browse the store, select a product, or just go straight to checkout.
Therefore, the first thing to pay attention to is that you need to behave like a real buyer in the store.
Compare products, add and remove items from your cart, fill in all the fields by typing the text manually, rather than copying and pasting data from your credit card. Serious stores may even react to switching browser windows when entering data.
It is best to create an account in the store and fill it with real data, ideally the day before the attack, but this is only for top-level stores.
The assessment is based on the following parameters, which indicate the likelihood of fraud:
In addition, there are intermediary companies, which can be challenging to work with.
You can ask officials for a demo of this or that. For example, if you go to https://www.riskified.com/ and provide your contact details, you can then ask them for demo access so you can poke around in the settings and filters.
List of popular fraud systems:
1) arkoselabs
2) Breach Clarity
3) callsign
4) nofraud
5) onespan
6) ravelin
7) riskified
8) pingidentity
9) Stripe Radar from Stripe
10) cybertonica
11) FingerprintJS
12) SEON
13) forter
14) sardine
15) accertify
You can also search here: https://www.softwareadvice.com/search/products/fraud detection/.
If you request a demo, be sure to use corporate email!
In essence, fraud systems differ only in their parameters, which are higher or lower in some cases, as well as in their fraud scores.
Looking for shops
There is no need to look for European or Asian shops — the country of the shop does not matter.
Almost always in EU shops - VBV - SMS verification - we need to check such shops for 3DS behavior.
Wherever you go - look for Yusa.com sites, there is no VBV there, and they almost always ship worldwide (with worldwide delivery).
Search for shops via eBay (you can do the same with Amazon).
For example, let's find a product:
We need seller information!
Let's go to the seller's page!
We see:
For the sake of interest, let's go to his store on eBay. To do this, click the “visit store” button on the right.
Enter the name of the shop (guitaraudio) into google.com.
We found the first shop. Let's write it down in our notebook! Maybe it will give us a discount!
Search using the “Similar Sites Search” extension.
There is such an extension for Chrome: https://chrome.google.com/webstore/detail/similar-sites-discover-re/necpbmbhhdiplmfhmjicabdeighkndkn
Open the website. If it is in the list, clicking on the extension will bring up a window:
Here you can see the number of visits per month - preferably up to 1 million.
You can also see the rating and country of the shop, which is quite convenient.
Below is a list of similar shops.
Or you can simply enter the shop name in the search bar on their website https://www.similarsites.com and it will show you similar shops.
Also, before making a purchase, it is worth checking the sections in the shop, namely the shop's policy.
It can be found in the Delivery, Shipping, Terms and Conditions, Privacy Policy sections, which vary from shop to shop. We can find all this information at the bottom of the website.
There we can find information about how the shop treats orders for different billing and shipping addresses.
Sometimes they write something like: “We do not ship to addresses other than the billing address. All buyers must enter their billing address and shipping address accurately.” - We only ship goods to the cardholder's billing address!
That is, it is clear with these shops.
You can ONLY enter the billing address of the cardholder, and then redirect the package.
Either they write that they may require additional verification, so you need to be prepared for this; they may ask for anything, usually a social security number or ID, or they may ask for a mini-deposit (they will deposit a small amount, which you need to confirm) , or documents, or something else, such as what their transaction looks like in your statement (Statement - This is a statement of expenses and balances on a bank account or credit card with the specified debit amounts, once a month/week/every day, depending on how you set up delivery to your email).
You can also talk to customer support in live chat to find out if they send to different billing/shipping addresses or not. This is called WARMING UP.
Come up with a reason, for example, “I'm currently in another city and I need the package sent here, could you send it to a different address?”
The payment processor is also involved in the payment process. Its task is to interact with Visa/MasterCard and other payment systems, with the bank that issued the CC CardHolder, with the AVS system, respectively, and based on the information received/processed, it informs/recommends further actions.
Processing usually takes an average of 40-50 minutes for Shopify merchants.
But there are shops where you place an order and processing takes a day or two. This means that this shop has an order acceptance module. In other words, there is a support team that approves orders.
There may also be anti-fraud modules that can slow down an order based on points. Other order holds depend on the employees working at the store — they can put a hold on a package.
Right now, the banking system is quite strong and constantly tightening the screws.
Sometimes, USA uses a one-time SMS code (VBV).
And they rarely ask for it.
They have another security measure called AVS.
The point is that the BANK (USA BANK) gives the store information about the real name and address of the cardholder, and if you write something else, the payment will either not go through or your order will be canceled.
Some stores may let it through. It all depends on the store.
Enter in the US store (different billing and shipping):
In BILLING information - everything from СС (all information about the cardholder)
In SHIPPING information - the address of our intermediary or drop in America
There are some very weak shops that don't care about this. Usually, larger shops pay attention to this.
This method works well for single-brand shops.
Single brands are less popular brands.
If you are buying in bulk, it is worth looking for a shop that has 2-3 brands of goods. If there are a lot of brands (for example, tools), they usually do not ship them. But it all depends on the store.
To beat the drop or middleman, buy a card under the ZIP of our drop/middleman (zip is the index), ideally the zip should match. You can take the nearest zip, check the distance on Google Maps. You can also do this in a neighboring state, but here, the greater the discrepancy, the more it will depend on how the store behaves.
Only after that do we select the socks. Alternatively, you can select a card (without buying it) and select socks for it.
Here, too, there should be socks for the zip code. If there is a difference somewhere, it will depend on the shop. It is not recommended to take socks more than 15-20 miles away from the zip code.
If we have everything selected for the zip code, only the street will be different. This is the best solution.
It's 50/50 here because many shops know the addresses and won't ship to them. They also don't ship well where there is a PO Box.
When entering a shop, socks, correct settings, mail, behavioral factors in the shop, and a valid CC are very important.
1) https://www.ipqualityscore.com/ - you can register with both regular and business email. But your account will only work for a week. Then they burn the VPN and that's it))
In the personal account, you can check emails for fraud and phone numbers.
You can check your IP without a personal account by connecting to the configuration, opening a private window in your browser, and checking as many times as you need. If you use a regular browser, the number of checks will be limited, like 3.
2) http://getipintel.net (http://getipintel.net) - (0.55-0.6 and less can be considered an acceptable value.)
3) https://thesafety.us/check-ip
4) https://dnschecker.org/ip-blacklist-checker.php - blacklists
5) https://mxtoolbox.co blacklists
6) https://www.maxmind.com/en/solutions/minfraud-services/data-points#outputs (you can subscribe)
Card selection, by priority.
We have two types of CC.
A) DEBIT - Good for shops, but balances may be small, so it's hard to predict. From debit, CU FCU, as these banks are the most common. And there can be decent balances on the rolls. Even from the classics.
Passability in shops is higher.
B) Credit - They are tight, but have high balances, as well as internal credit limits.
Passability is average. If, for example, the limit is $500, he drove to a gas station, filled up for $100, stopped by a cafe and a store, and spent $200. The balance is $200, but you're hitting $250, so there will be a decline.
Let's break it down into 3 parts:
1. Banks with CU FCU (credit union/federal credit union) - also from these banks, if you take, for example, merch 3D (find a shop where 100% of SMS messages come out), look for non/auto bins.
These banks are mainly private. They may be located in certain states.
BA:
SAFE F.C.U.
TOYOTA F.C.U.
ELGA C.U.
ROBINS F.C.U.
MUNICIPAL C.U.
NEW MEXICO F.C.U.
FAIRWINDS C.U.
ASSOCIATED C.U. 423585
TMB BANK PUBLIC CO., LTD. 405016
GOLDEN 1 C.U.
ALCO F.C.U.
GREENVILLE HERITAGE F.C.U.
EDUCATORS C.U. 414871
ROYAL C.U. 477778
ALTRA F.C.U.
FIVE STAR C.U.
DIGITAL F.C.U.
PADUCAH F.C.U
SAN DIEGO COUNTY C.U.
COUNTY F.C.U.
CORNERSTONE COMMUNITY F.C.U.
ALTRA F.C.U.
AMERICA FIRST F.C.U.
CARTASI S.P.A.
AMERICA FIRST F.C.U.
BESSER C.U.
FREEDOM C.U.
SECURITY F.C.U.
IDAHO CENTRAL C.U.
FRANKlan-SOMERSET F.C.U.
EMPLOYEES' C.U.
ONE NEVADA C.U
BAY F.C.U.
MIDFLORIDA C.U
HUDSON VALLEY C.U
DESERT FINANCIAL C.U
GOLDEN 1 C.U.
SELCO COMMUNITY C.U
FAIRWINDS C.U.
GREENVILLE HERITAGE F.C.U.
TWINSTAR C.U.
ORlanDO F.C.U.
FOX COMMUNITIES C.U.
AMERICA FIRST F.C.U.
NUMERICA C.U.
VYSTAR C.U.
Velocity C.U
FINANCIAL PLUS C.U.
WESTERRA C.U.
VERIDIAN C.U.
APPLE F.C.U.
CENTURY F.C.U.
XCEL F.C.U.
EDUCATIONAL COMMUNITY C.U.
BAYOU F.C.U.
CHOICE C.U
COLUMBIA C.U
ASCENT C.U
LAPORTE COMMUNITY F.C.U
APG F.C.U.
LANDMARK C.U
APG F.C.U.
FORT LEE F.C.U
LANDMARK C.U
CHILDRENS MEDICAL CENTER F.C.U
RIVERMARK COMMUNITY C.U
OREGONIANS C.U.
SIERRA CENTRAL C.U.
QUINCY C.U
TRANSWEST C.U
DOWNEAST C.U.
CHOICE C.U
2. Less popular dietary supplementsClick to apply
SUSQUEHANNA BANK
STERLING SAVINGS BANK
STATE FARM FINANCIAL
SEACOAST NATIONAL BANK
WINGS FINANCIAL
DHCU COMMUNITY
ARVEST BANK
EMPOWER
WORLD FINANCIAlanETWORK BANK
STAR PROCESSING, INC.
FISERV SOLUTIONS, INC.
PSCU FINANCIAL SERVICES, INC.
NYCE PAYMENTS NETWORK, LLC
SERVE VIRTUAL ENTERPRISE INC.
LEESPORT BANK
COLEMAN COUNTY STATE BANK
FRANSABANK S.A.L.
Starling Bank Limited
AIB BANK
BANK OF NOVA SCOTIA
COMPASS BANK
HOME NATIONAL BANK
HOCKING VALLEY BANK
SILICON VALLEY BANK
Jack Henry & Associates
Great Plains National Bank
AMARILLO NATIONAL BANK
TORONTO-DOMINION BANK
METABANK
AMERIS BANK
PINNACLE BANK
PSCU INCORPORATED
Dc Card Co., Ltd
COMERICA BANK
CENTIER BANK
KUWAIT FINANCE HOUSE K.S.C.
ZIONS FIRST NATIONAL BANK
PINNACLE BANK
CENTURION
LAKE CITY BANK
BUSEY BANK
3. Public:
If there is a SCHOOLS prefix to the ba, it is for students, and they usually don't have much money. And students spend their money right away.
Wells Fargo Bank
Arvest Bank
SUNTRUST BANK
WOODFOREST NATIONAL BANK
SANTANDER BANK, N.A.
CITIBANK N.A.
CAPITAL ONE BANK (USA), N.A.
BANCORP
BANCORP BANK, THE
U.S. BANK, N.A.
USAA
COMERICA BANK
U.S. BANK, N.A.
CHASE BANK USA, И аналоги!
JPMORGAN CHASE BANK, N.A.
BANK OF AMERICA
UNITED BANK, LTD.
UNITED SAUDI COMMERCIAL BANK
UNITED BANK, LTD.
BARCLAYS BANK DELAWARE
TD BANK
WELLS FARGO
AMERICAN EXPRESS COMPANY
CITIBANK BELGIUM
DISCOVER (СС начинающие на цифру 6)
USAA SAVINGS BANK
BARCLAYS BANK (аналоги)
NETWORK INTERNATIONAL
WIRECARD BANK
FIRSTMERIT BANK (и аналоги ферст банк и др)
NATIONWIDE BUILDING SOCIETY
BRANCH BANKING AND TRUST COMPANY
REGIONS BANK
Ally bank
USAA SAVINGS BANK
Navy fcu
Fidelity National Card
Postepay S.P.A
Shazam, Inc.
Nbc Oklahoma
MICHIGAN SCHOOLS AND GOVERNMENT C.U.
Rbs Citizens
CENTRAL TRUST BANK
Banco Interamericano De Finanzas, S.A.E.M.A.
Bay First Bank, N.A.
HSBC - BESTBUY
OLD NATIONAL BANK
Fifth Third Bank, The
Star Processing Inc.
STANDARD FEDERAL BANK
WILL FINANCEIRA S.A. CREDITO, FINANCIAMENTO E INVESTIMENTO
PADUCAH BANK AND TRUST COMPANY
It is not recommended to take for work:
Affinity FCU
Pnc bank with BIN 443603
440066 BIN
517805 BIN
Alliant FCU
How can I find out my credit card balance?
1) Enroll (but not all bins enroll)
2) Call the bank.
For example:
You can call Bank of America on the bot, enter your card number, the last 4 digits of your SSN, and find out all your transactions and balance. You can call from Google Voice.
Chase, even without your SSN, card number, and ZIP code.
Most big banks can be called.
Another trick is to try calling several times, and you will be connected not to your SSN, but to your ZIP code.
We picked out the mat, bought the socks, and checked them for cleanliness.
We create a profile in Antique - I recommend adding various extensions to your browser, you can add some cookies.
We warm up the browser profile. Next is the shop.
If you see the words “shipping address,” fill in the address of our drop (you can fill in the first and last name with kh, or you can, for example, look up bg and take the first name of a relative and the last name CH).
Next, billing address—there we will fill in the complete information about our card, that is, first name, last name, address, city, state, zip code.
After completing this procedure, fill in the card details (number, first and last name, date, CVV).
After entering the number, date, and CVV, click “Pay.”
Next, you will see an error
(insufficient funds or card expired) or a window with your order number 
.
If you see a window with the words “Thank you for your order,” just wait until the store decides whether or not to send you the package—usually up to 48 hours—this is written in the store, and if the weekend is approaching, the process will be delayed. Always use foreign email services such as Gmail.com, yahoo.com, etc.
️No RU-POCHT mail.ru, etc.
We select the CC for the CH only for the purpose of making the shop like us more. Imagine that you bought the CC and entered not only the same city as the CH, but also the same street. Maybe he bought clothes for his neighbor.
A little about chargebacks:
A chargeback is a refund.
1) USA: Someone stole money from a person, he called the bank, they told him to come in and write a statement saying that his money had been stolen, he came in, the case was reviewed (the chargeback takes 2-7 days, depending on the bank, level, and SS privileges).
If he has access to his personal account, he can do it through it.
2) In the EU, it's a little different, because international transactions are usually involved there, so the refund takes much longer due to courts, etc.
Therefore, many people enter their EU credit card details into hotels, airlines, etc., so that the chargeback doesn't come quickly.
Let's consider the method of work under rerouting.
We don't need to look for a card for our intermediary (i.e., under zip); any card from any state will do.
There are usually very few top-level cards for intermediaries. And taking classics is a 50/50 chance. But with rerouting, we don't need to worry about this. We buy a good, fresh 90-95% valid card for any state and city.
In order to reroute, we need the shop from which we will be sending to be located in those post offices that can reroute.
We are looking for someone who does rerouting. Be sure to ask about the conditions; many call centers also change addresses.
Reroute conditions:
UPS - 50-60% may be possible, the service is considered completed if the following message appears:
The sender requested a delivery change for this package. / Your package will be delivered to an alternate address. (UPS appears immediately after the call).
Fedex - (50% chance of success), the service is considered completed if there is an alternative address in the track and a case number is given to you. (within days, as the track reaches the nearest sorting center).
* - if this does not work, i.e. the words “Intercept” and “alternate address” do not appear, the service will reroute the package to a future tracking location.
The package must be in transit (statuses: Picked Up/In Transit).
DHL will also reroute.
This will be rerouted.
UPS 2nd Day Air
UPS Ground
UPS Standard
UPS Express
FedEx Ground
FedEx 2nd Day Air
FedEx Standard
These cannot be rerouted.
UPS Next Day Air Saver
UPS Super Express
UPS Smart Post
UPS Overnight
UPS Super Express
FedEx Smart Post
FedEx Overnight
FedEx Super Express
FedEx One Day Air
FedEx Standard Overnight
DHL - can be rerouted.
USPS cannot be rerouted. In many shops, you can choose USPS Standard or Ground - they give you tracking in the tracker, i.e. they wrap it in USPS. Actually, this cannot be rerouted.
UPS - redirection is done via the website (access to the shop's mail)
FedEx - redirection is done by phone or on the website (FedEx account)
DHL - redirection is done by phone or at dellvery.dhl.com
Ontrac - redirection is done by phone.
Why it is not possible to do/What is a restriction:
- The shipper's contract with FedEx may stipulate certain conditions and restrictions on the performance of certain actions, in particular rerouting. The restrictions can vary greatly - the ability to make a request only through corporate email, a list of persons who can make a request, a mandatory account number request, a code word, etc. Or this option may be disabled altogether. It follows from this that all of the above may make it impossible to perform a reroute. The service has the right not to disclose what specific restrictions apply to a particular track.
- At the same time, even in the absence of clear instructions (prohibitions) from the shipper, FedEx reserves the right to
conduct additional verification at its discretion. In 90% of cases, it does so. This is in response to the question of
whether there is a ban on the track and why everything is at the same price.
Possible statuses on the track while working with it:
- Alternate delivery request: a coveted inscription indicating a successful change of address.
- Delivery option request canceled: an inscription that has recently begun to appear immediately after a successful
request to change the address specified above. If it appears AFTER the change request, there is no danger
and the package will be sent to the new address. However, if it appears BEFORE the change request,
there is a possibility that the request will be canceled. In this case, an attempt will be made to resubmit the request,
but without any guarantees.
- Delivery option requested: a message indicating that the address change request has been sent successfully and will be processed successfully with an 85% probability (only if there is no return), but at the same time it is not a guarantee of change.
- Pending: a status indicating that the track is undergoing changes. Most often, if after rerouting the track has been pending for more than two days, it means that there will be a new track.
This track will be displayed in the status of the old track (less often) or it will need to be retrieved by phone call.
It is also possible that the track will update itself - the Pending status will change to In Transit and the package will continue with the same track number. Therefore, it is worth waiting 2 business days and, if the update has not occurred, writing to support to clarify the details.
- Delivery Exceptions: appears on a red background with a request to contact us for additional details.
It has a very general meaning and can appear in various situations - unable to deliver to the address, package returned to the store. As a rule, it is accompanied by additional, clarifying statuses
- Cannot Locate Recipient/Recipient Moved: statuses indicating that the parcel could not be delivered to the address. It can have a positive or negative meaning depending on the situation: positive - displayed after rerouting, has a purely technical meaning, indicating that no one is expecting the parcel at this address; negative - when attempting to deliver to a drop/intermediary address.
May be the result of a return or an incorrectly specified address (less common).
- Refused by recipient: sad news that the holder has decided to interfere and has informed FedEx that they are not expecting the package and therefore the package will be returned to the sender.
- Future delivery requested: a request to postpone the delivery date. This may appear in the event of technical difficulties on FedEx's part or due to weather conditions. Alternatively, it may be a request from the shipper to buy time and successfully return the package. Only time will tell which of these options applies in a particular case.
- Laber Created: this status indicates that the parcel has not yet been sent, but only the label has been generated. The time it takes for the parcel to be sent and the status to change depends on the specific situation.
What not to do:
What packages not to make:
Toolup.com
Pro Dryers
innovee.tech
vipoutlet
stylextic
electronicsvalley
Wholesalephoto
big easy camera
adamsapples
fleetwood-macbooks
legitimac-store
Ebay US Pixel Hub
themaxmart
Macys.com ???? ???-
crutchfield.com
mywit
microcenter
home-experts
lighting and locks
hdharddrives
directbuywireless
springpc
cellfeee
yumnatel08
microsummerbreeze
wholesalebroker
6ave
Keh
lacomputercompany
wheelsnparts
ibuypower
digjungle
barneys.com
cdw.com
datavision.com
But sometimes the store prohibits changing the delivery address. Stores have also realized that they are being cheated at the delivery stage, so they have started to put a prohibition on changing the address on the label itself. That is, they pack the goods and put a sticker on them saying “Deliver only to the specified address.” Therefore, if the store has placed such a note, then when you call the courier service, in 95% of cases they will refuse to change the address, no matter how you explain it to them. They will simply say that we have a ban from the store and there is nothing we can do.
We only find out about the ban when the store has sent the goods and we send the tracking number to the rerouter. Sometimes the shop's FAQ section contains this information. There is no other way for us to find out.
Work
In the shipping address, fill in all the details from our card.
Go to the billing address and fill in the same information about our account.
Simply put, we are the customer who decided to buy something from the shop and are acting accordingly.
There is a good chance that you will be given a tracking number.
Pickup reroute
Pickup: Literally, picking up the goods from the seller's store.
1. These are relatively easy to enter.
2. Quick receipt of funds, no hassle with selling/forwarding, etc.
Pickup is when we place an order in the name of CardHolder, then the store sends the package to CardHolder's real address.
Then there are two options
-Either we call the post office ourselves and hold the package, i.e., we say that we will pick up the package ourselves (we will do the pickup), leave it at the post office, or more precisely, not at the post office but at the courier service that delivers the order, so it would be more correct to say
-Or we ask the callers to do it, for which they will of course charge a small fee ($10 for Hold Pack) (Hold - Stop the movement of the parcel
We pick up through the delivery service, not through the shop itself (some shops offer self-pickup), because when picking up goods from the shop itself, they will require you to present your card or show your payment receipt, while at the courier service, you only need to show your ID.
When we place an order for pickup, we simply enter all the card details, name, and address, everything as it is. As if the real cardholder is placing this order.
The only difficulty for us is that we need to disguise ourselves as the cardholder as much as possible.
First, you need to find a suitable drop service that handles pickup with a fake ID.
Specifically with a fake ID, as there is also pickup by name and drop mail.
A fake ID is a fake passport, i.e., an ID is made using the cardholder's details, and it is used to pick up a parcel at the post office.
Each drop service has its own list of goods and a specific percentage of payments for each item.
The mechanism is as follows:
The goods are entered into the KH (previously agreed with the Pickup service) > The tracking number is received > A call is made (Hold the package at the post office) > Then, the drop arrives at the post office and picks up the package as the CardHolder with fake documents.
When the drop receives the parcel, you are paid mainly in Bitcoin, within a day or two at most, but it is usually faster, depending on the service itself.
The pickup service will indicate its area of operation for fake IDs. Usually, the minimum order for which the pickup service will accept a fake ID is $1,000. They will usually request a percentage or payment upon receipt of the package, i.e., they will pick up the package, and then you will pay for its receipt.
That is, from the conditions - the right product, the right area, the right amount for the product, they include all their services for receiving and pickup in the percentage, and if you want, for example, to send it to yourself, they can either say right away that they don't do that or request payment for pickup, payment for shipping, etc.
It is easier to find material by pickup area. By zip code list.
If you take drop panels, they also do pickup, but it is more difficult to find SS under the drop zip code.
The drop can pick up the package in two ways: using a fake ID or their own ID.
This point needs to be clarified with the drop service provider, as there are services that allow you to pick up packages using a fake ID. For example, you enter the product, specify the cardholder's address, and the name must be specified by the drop, as the service does not have the ability to create a fake ID, but if the service does have this feature, you can easily fill in all the KH data when entering the information.
Of course, pickup in the name of the CH will be more feasible.
Pickup is one of the options for drops, but pickup can also be divided into three options.
1) Pickup with staff purchase.
2) Pickup for package forwarding.
3) 50/50 pickup.
Billing is the information from the card.
Shipping is the drop/pickup address.
Reroute - we follow the bill=ship scheme.
We give the data to the rerouter! We usually pay for rerouting after a successful reroute. We do not pay for failure.
The rerouter is also a caller, but he only calls the shop. We can also check whether there is a ban in the delivery service itself. Do not confuse rerouting with calling!
The rerouter calls the shop with their story and says, “I've just moved, could you deliver to a different address?”
Pickup - we follow the bill=ship scheme.
We give the data to the caller.
They call the delivery service and ask them to leave the package at the post office. We will pick it up from the post office.
Let's get started
First, let's search for shops by telephone order.
1 Google dorks. Go to the GPT chat.
Type in the query: create Google dorks to search for shops with the text ‘To place an order by telephone, please contact our.’
The bot will give us some examples, and with these examples, we can go to Google and just paste them in.
GPT - Of course, I can help you compose Google Dorks to search for shops with the text “To place an order by phone, please contact our.” Google Dorks are special search queries that allow you to refine your search query and get more accurate results.
Here are some Google Dorks you can use to search for shops with the specified text:
1. intitle:‘shop’ ‘To place an order by phone, please contact our’ - This query searches for pages containing the word “shop” in the title and the text ‘To place an order by phone, please contact our’.
2. inurl:‘shop’ ‘To place an order by phone, please contact our’ - This query searches for pages containing “shop” in the URL and the text ‘To place an order by phone, please contact our’.
3. intext:‘shop’ ‘To place an order by phone, please contact our’ - This query searches for pages containing the word ‘shop’ in the text and the text ‘To place an order by phone, please contact our’.
4. site:.com ‘To place an order by phone, please contact our’ - This query searches for pages on websites with the .com extension containing the text ‘To place an order by phone, please contact our’.
5. site:.ru ‘To place an order by phone, please contact our’ - This query searches for pages on websites with the .ru extension that contain the text ‘To place an order by phone, please contact our’.
You can also use the checker via the Netpeak SEO scanner. Who will register via Google account. To get into the programme itself, if it doesn't let you in, do it via recovery. Then, in your personal account on the website, you can view the password.
Netpeak Checker is a multifunctional tool for mass analysis and comparison of websites based on key SEO parameters.
You can download it from the website: https://netpeaksoftware.com/ru/download
Open the second one — the checker:
The parser will open.
Insert the dork here
Next - settings tab
Set up all search engines. Set the number of results to the maximum. And start.
Method 2: Via email.
There are many shops that do not mention on their website that orders can be placed by telephone. Find several basic shops, any shops, with non-liquid assets (medium-sized, possibly large).
Find their contact email address. Look at some products and make a note of them. Write to them by email and find out something about the product, such as how many items are in stock, etc.
The only thing they may not be able to answer right away is if you write to all the shops. Some will reply and some won't.
There is a nuance here - often the email address listed on the website is the admin's email. But they may respond from a different email address (support email).
We start a dialogue with the email address that responded and only then find out about the order by phone.
This method is quite time-consuming and effective. You simply cannot find many shops by googling.
Method 3. This is a rather complicated method. First, you need to find one shop. Then, analyze the CMS and try to find similar CMS engines, and also use method 2.
How it works
The caller calls the shop and dictates the data from the CC, thus bypassing the shop's anti-fraud system, and to the bank it looks as if we came to the shop and paid at the checkout.
What do you need for this?
First of all, of course, the CC itself with the data. As a rule, when calling, shop managers may request additional information about the KH, and we must be prepared for this.
But here we must be sure that there is really a balance on the card, so it is better to do such calls from a roll.
Of course, you can do without a roll, take two good cards, and if one doesn't work, tell the operator that you probably don't have enough funds and that you'll take another card, your wife's, for example.
But in this case, the cards must have the same ZIP code.
And a verified DOB SSN will also be needed in this case. Reputable shops have access to the holder's basic data, such as SSN, DOB, and even the colour and make of the car.
We can verify this information here:
https://fastpeoplesearch.com
https://www.truepeoplesearch.com
https://www.411.com
https://www.whitepages.com
https://www.instantcheckmate.com
https://pipl.com
Some of these sites are paid, so we put in the work there. You can also use their paid services; as a rule, the quality of information is higher than on these sites.
If the shop has AVS, only the CC country discloses billing to the shop.
(Many people get confused and think that EU shops check billing, but this is not the case!!!)
Countries where AVS is available:
United Kingdom (UK: England, Scotland, Wales) - almost always
Canada (CA-CANADA) - almost always
Australia - partially
New Zealand - partially
Canada - almost always
United States - always
France - partially
Germany - partially
Mexico - partially
Sweden, Ireland, Italy - partially
It is possible to work with these countries. But it's too much hassle.
For example, if you work in Canada. And Canada checks billing, then the method is the same as in the US. You will need a credit card with full billing.
But it also depends on the merchant. There are merchants such as woocomerce/bigcomerce where you can enter the drop address immediately (bill = ship, provided that the zip code and city match the SS), but the pass rate is 50%.
Ireland (some banks with A/C)
Italy (some banks with AVS)
Sweden (cards go well with Stripe, but the balances are small)
Greece (went well on eBay)
Types of work:
1. You can take EU drops - hit US shops. Bill = EU drop address. European socks (config under drop). In many shops, CMS will trigger merch integration in this case.
It will throw some merch with 3D. But this case is verified by testing.
2. You can take a US drop and hit US shops. The socks will be under the drop. Most shops see you as Americans, and 3D does not always come out.
3. You can take an EU drop and hit EU shops. European socks. In most cases, there will be 3D. This is verified by testing.
Here you can find 2D shops in countries. Take goods for 1k and above, hit with a test purchase - see if the merch behavior will pop up an SMS or not.
The best option is a US drop and an EU card.
Positive aspects of Eu:
1. No AVS in many countries
2. No calls from the shop (but they may request to send documents - usually after the documents are sent, the shipment is sent immediately). Or send a letter asking us to call (but there you can usually reply to the email, saying that you couldn't get through or something else)
3. Widespread 3DS system.
4. Many shops manually verify orders. The shop may call the bank to verify your real billing address. The only way to get around this is to pay immediately and then send fake documents - then the order will be shipped.
5. Long charge on the credit card.
6. You can find a perfectly clean proxy to use.
7. There are countries that have no idea what a passport looks like, etc.
You can find any EU passport and take the name from it so you don't have to draw one and enter it in the shop if they ask for documents.
Method for hacking EU CC on a drop in US.
We place the socks under the drop and hack it - we write the address and full name of the drop in the billing and shipping details - supposedly he is the card owner. The only thing they may request is a call or a screenshot.
Merchant.
The simplest merchandise is in GIFs:
1. Shopify - your own merchandise, but there may also be integrations.
2. Demanware - hidden merchandise.
Demanware+ brantigatway
Demanware+ aduen
Demanware +xcart
Demanware + autorize
3. magento + brantigatway, aduen, autorize
4. bigcimerce/woocomerce - has its own merch, as well as integrations.
5. ecwid - by integrations. I've seen some with Stripe.
6. drupalcomerce - mainly wepay merch integrations.
Simple merch is roughly speaking the kind found in shops that doesn't redirect anywhere.
Complex merch:
1) Cashstar
2) wgiftcards
3) gap
4) starbacks
5) yootipay
6) toastab
7) Stripe
8) Cashstar c letucce/ wgiftcards c letucce - generally not worth trying.
9) Giftcards
10) Lawpay + cardinalcommerce
11) Cardinalcommerce + Stripe/Brantigatway
12) Helcim
13) Quantum
14) Cardinalcommerce + Arcot
15) Arcot
Don't bother with these sites:
cardmail
egifter.com
carddelivery.com
mygiftcardsupply.com
giftnix.com/
giftcards.com/
cardcash.com
And sites with loads of gifts — you need to test approaches there, sampling by bins, it's easier to hammer Amazon with logs than to work with such sites and select material.
Search engines in the USA:
https://search.yahoo.com
https://www.aol.com
https://www.google.com
Technical Difficulties
https://botw.org
www.allpages.com
https://www.ipl.org
https://www.msn.com
https://www.findelio.com
https://www.dogpile.com
aloteducation.com
1) https://www.semrush.com
2) https://www.similarweb.com
3) https://www.spyfu.com
Preparation for work
carddelivery.com
mygiftcardsupply.com For gift cards, use an antique or telephone. Fraud is higher with gift cards. If you come across a shop that only sells gift cards, it's better to skip it right away, or you'll just waste your money and lose your budget. You need to look for a bundle there.
All liquid gift cards are checked against logs. They take the log and either check linked accounts or tie an additional CC.
It's better to use non-liquid gift cards.
I found 10 shops with gift cards and made $25-50 each. I wrote down which shops sent them and how they worked.
Here is a list of suitable banks for working with gifts (preferably with C.U or FCU):
SAFE F.C.U.
ARVEST BANK
EMPOWER
TOYOTA F.C.U.
SUSQUEHANNA BANK
ELGA C.U.
ROBINS F.C.U.
MUNICIPAL C.U.
SEACOAST NATIONAL BANK
WINGS FINANCIAL
DHCU COMMUNITY
NEW MEXICO F.C.U.
FAIRWINDS C.U.
STERLING SAVINGS BANK
STATE FARM FINANCIAL
WORLD FINANCIAlanETWORK BANK
SUNCOAST SCHOOLS F.C.U. 460819
ASSOCIATED C.U. 423585
TMB BANK PUBLIC CO., LTD. 405016
GOLDEN 1 C.U.
ALCO F.C.U.
GREENVILLE HERITAGE F.C.U.
STAR PROCESSING, INC.
LEESPORT BANK
PSCU FINANCIAL SERVICES, INC.
NYCE PAYMENTS NETWORK, LLC
NAVY F.C.U. 406095
EDUCATORS C.U. 414871
ROYAL C.U. 477778
473905 VISA ALTRA F.C.U.
435722 VISA FIVE STAR C.U.
429420 VISA DIGITAL F.C.U.
480344 VISA PADUCAH F.C.U
423568 VISA SAN DIEGO COUNTY C.U.
449624 VISA COUNTY F.C.U.
410461,VISA,ARGENT F.C.U.
513382 4FRONT C.U MASTERCARD
400789 A A F.C.U.
487066 A C P E F.C.U
468859 ENERGY ONE F.C.U. VISA
411565 ETMA F.C.U
473185 FARMERS C.U
415783 GWINNETT F.C.U
481903 GWINNETT F.C.U
401356 HOPE F.C.U.
470119 HUD F.C.U (top bin for 5k in goods and gifts)
424236 ROSE CITY F.C.U top bin
402100 RTP F.C.U.
418442 RVA C.U.
540934 TINKER F.C.U top bin
405356 ZIA C.U
441301 VISA CORNERSTONE COMMUNITY F.C.U.
527812 MASTERCARD FISERV SOLUTIONS, INC.
473905 VISA ALTRA F.C.U.
460275 VISA AMERICA FIRST F.C.U.
492295 VISA CARTASI S.P.A.
475824 VISA AMERICA FIRST F.C.U.
414817 VISA BESSER C.U.
403240 VISA FREEDOM C.U.
473915 VISA SECURITY F.C.U.
475869 VISA IDAHO CENTRAL C.U.
449654 VISA FRANKlan-SOMERSET F.C.U.
473905 VISA ALTRA F.C.U.
435722 VISA FIVE STAR C.U.
429420 VISA DIGITAL F.C.U.
480344 VISA PADUCAH F.C.U
423568 VISA SAN DIEGO COUNTY C.U.
449624 VISA COUNTY F.C.U.
441301 VISA CORNERSTONE COMMUNITY F.C.U.
527812 MASTERCARD FISERV SOLUTIONS, INC.
473905 VISA ALTRA F.C.U.
460275 VISA AMERICA FIRST F.C.U.
492295 VISA CARTASI S.P.A.
475824 VISA AMERICA FIRST F.C.U.
414817 VISA BESSER C.U.
403240 VISA FREEDOM C.U.
473915 VISA SECURITY F.C.U.
475869 VISA IDAHO CENTRAL C.U.
They work according to the bill=ship adress, that is, on CH. Regarding the shop, it is difficult to find a gift that the buyer will take. You can write to the buyer in advance and find out whether they will take such a gift or not. Or there is a second option: independent sale - forums, exchanges, your own channel, etc.
You specify your own email address, and the gift will be sent to it. Regarding email, do not use ru email addresses, as they will not be sent. Domain .com.
There is a complex merch called cashstar wgiftcard, which comes from the company Blacknetfork. There may be two or more fraud systems there.
Cashstar is complex; it may or may not work. It doesn't matter what browser you use. Antique or regular Chrome.
wgiftcard - from the same company, but the merchandise is simpler.
There are complex merchandise where you need to check your email for high rep.
Check your email at https://emailrep.io It is better to look for and buy ready-made soapboxes with a high reputation. But there is another trick here. You need to check the BG holder. Find their email and try to register. The thing is, if you don't show activity in your email, they get deleted. But in the BG records, this information remains. Trust will be higher + this method is good if you work with self-registrations (I'll write about this sometime too).
Selling GIFs.
1. Through specialised services, e.g. https://www.giftcardspread.com, with payment to self-registered PP.
2. Directly by posting ads on forums.
3. Through buyers on our or foreign thematic boards.
4. Popular GIFs can be exchanged directly for bitcoins.
5. Sale through American forums.
Stocking up. Hitting with GIFs:
When we hit a GIF, we remember the state from which we hit it. It is better to write it down.
When we have the GIF, we look for a drop from that state. We take its name and address.
We connect socks to the drop zip - we warm up social networks - we warm up the shop.
We hit according to the billing=shipping scheme, but we set the payment method as gift. Our email. (sometimes a valid card is needed)
It is better to give the gift to the buyer or cash it out as quickly as possible. Because if a charge comes, the gift card may be reset to zero.
It may be that the gift card was purchased in California, but you enter Texas. The shop may see this and not send the order - they will reset the gift card to zero. But you can also determine this through trial and error.
Physical gift cards look a little different:
- card number and PIN code
To purchase such a gift card, it is better to use drop addresses. This is because many shops know the addresses of intermediaries, and they are blacklisted. Also, not all intermediaries accept such cards.
The advantage is that such gift cards are rarely cancelled.
The downside is that you need to find a drop with an address that accepts such gifts.
123
The 3 digits on the back of the card are the CVV code on cards such as Visa/MC/Discover.
Amex has a 4-digit code. (Amex also has a CVC2 code, which is located on the back of the card after the number).
CH - card holder - card owner.
Socks (proxies, socks) - changing the territorial location on your system (masquerading as a person).
Socks5, ssh, PPTP are all network protocols.
SSH-tunnel (Tunnel, Tun) - they last a long time, 1-3 weeks. They are cheap, costing from $0.5 to $5. It is very, very difficult to find clean ones.
45.76.221.153:22|test123|test12345|United States|Washington|Seattle|98121
The connection to the tunnel is made via Proxifier+BitviseSSH. Proxifier is launched and minimized; we need it as auxiliary software for BitviseSSH to work.
Insert the tunnel into BitviseSSH
Host - 45.76.221.153
Port - 22 (may not be specified, if so, enter the standard port - 22, as specified for this tunnel)
Username - test123
Password - test12345
United States|Washington|Seattle|98121 - geo tunnel.
Socks5 (Socks) - don't last long, usually rented for a day. Cost $1-2. They're pretty clean. Easy to find.
47.148.10.110 91.236.132.18:52479 2f802869:19290hd8 United States CA Murrieta 92563
You need Proxifier to connect to Socks.
Launch Proxifier. In the upper left corner of the program, you will see the Profile tab, then ProxyServers... then Edit.
Address - 91.236.132.18
Port - 52479
Username - 2f802869
Password - 19290hd8
United States CA Murrieta 92563 - geo sock
PPTP - long-lasting, 1-3 weeks. Cost $2-4. Finding a clean one should not be a big problem. PPTP will always have port 1723 open.
115.75.282.117 admin1 admin1 Arizona Scottsdale 85260
Go to Control Panel -> Network and Internet -> Network and Sharing Center -> Set up a new network connection -> Connect to a workplace -> No, create a new connection -> Use my Internet connection (VPN)
OVPNconfig (configs) - long-lived, 1-3 weeks. They cost $10-50.
It's pretty easy to find a clean one.
Config requirements:
up to 10 maxming.
up to 28 ipqualityscore
We get the config as a file. Install OpenVPN GUI from the website - openvpn.net/community (https://openvpn.net/community-downloads)
Place the configuration in C:\Program Files\OpenVPN\config and run OpenVPN GUI as an administrator.
Select our server from the context menu and connect.
I recommend downloading OpenVPN GUI.
OVPNconfig - there are also northern ones (those on your server) and home ones.
Home ones involve gaining access to a vulnerable router and deploying an exploit there, followed by configuration.
Home ones are suitable for self-registration, hacking, etc.
Dedicated (vnc) - a dedicated server. Similar to Socks and tunnels.
There are two types:
1) Virtual dedicated servers are dedicated servers hosted on their own hosting or server. They are not suitable for high-quality hacking because they are not real systems, and we cannot select the right city, etc.
They are good for hacking into games/software/etc.
Or for very weak shops.
They are also good for testing all kinds of viruses.
-The price is attractive.
-The speed is good.
-They last about a month.
Many fraud systems can find out the IP and go to the server where the dedicated server is located (in pursuit of money, don't forget to keep an eye on your security).
2) Home dedicated server - a real system of a real person - when buying a home dedicated server, we can buy ss for the dedicated server and hack into kh - it will be very cool - pickup/reroute with a bang.
Home dedicated servers are obtained through hvnc, botnet, brute force.
An expensive combination is socks + the dedicated server itself.
The lifespan of a home dedik can be increased by creating your own account on top of it.
Cons: sometimes there are dediks without admin rights, they don't let you open a browser, they don't let you do anything.
- price
- don't last long
- constantly lag
- can kick you out without warning
- only suitable for breaking into high-value shops and only for pickup/reroute
As for cleaning up old data, you won't be able to clean it up completely; the connection log will still remain.
Therefore, I advise you to dump it in the freebies section of forums or Telegram chats.
A drop is a front man; a person picks up the package and redirects it using a fake ID.
Drop panels are the same in many services:
Click on “couriers” - select the drop and add it to the panel. It all depends on what methods you will use.
In order to get a drop panel, most normal services require registration on thematic forums for at least 3 months, many may require a deposit, and some give it right away.
To get access to the panel, find the one you are interested in, write to the drop panel admin to give you access.
Usually, we are asked what we do and what kind of goods we sell. We write that we sell Makita and Dewalt tools, for example.
We are asked about the store - we open Google, enter the name of the product, find it - you can link directly to the store with the product.
Only the store is not Amazon or eBay, but a regular one. Less popular (3-4 pages on Google).
After that, you will be given a panel.
After your store has shipped the item, click on “New Shipment” and fill in the form. If it's a buyout, select ‘Buyout’; if it's a middleman or other drop, select “Forwarding.”
ASIN is needed to verify products sold on Amazon. When you search for shops, you will find the same product, but it may differ in color, shape, etc.
ASIN on Amazon:
If you have not been paid for a package or have any other questions, don't hesitate to contact support with the package ID (the ID is displayed in the panel for each shipment).
An intermediary is an office located in a certain country, usually in Europe. The warehouse provides a certain storage unit where we place our goods, and this is how the intermediary understands that these are our goods.
PS: Shops have an address field 2, where you can enter the storage unit number. You can enter #1234, apt 1234, suite 1234, etc. 1234.
Also, in the SS itself, the address may contain Unit A, Unit P-3026 - these are all storage units.
The intermediary is a legally operating warehouse that earns money on shipping.
We register the intermediary with a fake passport. Use your own number, but it's better to use a fake SIM card. We pay with our own money and don't put the carton in the package, otherwise it may not arrive if there is a charge. If they have any problems, they work with the local police.
They won't be able to figure it out, but the phone number and registration details will be on file.
Also, not all shops send to intermediaries. Many shops simply won't send because they know the addresses of intermediaries. And they know that it's not a person.
Killing and working on the side
Registration:
1) Find a set of documents for your country.
2) Buy a left SIM card somewhere in the subway. An SMS will be sent to the phone number you specified from the post office.
3) Register for a set of documents on the side. Create an email address and enter your phone number. Then confirm everything.
4)The warehouse provides the address.
Enter this information in the shipping section. Don't forget to include the street address 2, which is the box number. If you don't specify this, your package will not be displayed in your account.
If you want to use a middleman, you need to find a shop. It's better to start with small shops. And СС - buy under ZIP middle name. You can also open Google Maps and check the distance.
You can also search for intermediaries not only on the website but also directly through Google: type in “top 10 intermediaries usa.”
A buyer is a person who accepts goods from dropshippers. They buy them up.
Chargeback is a payment refusal.
Enroll is the same as CC, only with access to your personal account.
SSN - Social security number
SSN is usually used for bank calls - breaking through VBV shops, creating rollers, etc.
DOB - date of birth of the CH, usually used in shops, we enter the DOB and then they request documents. And if it doesn't match, they cancel the order.
SSN and DOB are not included with the purchase - and we don't need them for regular use (they are needed to access mobile banking - to at least know the card balance - which is convenient).
MMN - mother's maiden name
Background report (BG) - Reference report on the CH. This report contains information about all of their new addresses, phone numbers, possible relatives, criminal records, etc.
In our case, we don't check the BG completely (we don't need a full report).
If you come across a card with a crooked billing address, then we go and check the BG.
We can also find out the phone number/email address for further flooding.
You can use old numbers when hacking.
Credit Score - The level of trust the banking system has in a person.
Checking BG and Credit Score:
fastpeoplesearch
truepeoplesearch
truthfinder
instantcheckmate
experian
peoplefinders
spokeo
annualcreditreport
- I linked CC from work to some services.
BIN - the first 6 digits of the card, absolutely any - Contains a lot of information. The first 6 digits of the card 405383 - this is the BIN.
Knowing only one digit of the card, we can determine what type it belongs to.
If the card number begins with:
- Starting with the number 3 - this is Amex (Amex is mainly used for complex merchants where there is vbv, you need to test it. Amex vbv, which they may request, is the cvc2 code, which they occasionally request. I also do not recommend checking Amex on checkers. Checkers kill SS quickly.
- Starting with the number 3 - Japanese JCB cards also work.
- Starting with the number 4 - Visa.
- Starting with the number 5 - Master Card.
- Starting with the number 6 - Discover (there may also be many Maestro cards) (this is rare, and it's bad in the sense that push notifications go straight to the phone, etc.).
Currently, seven-digit and eight-digit BINs are being issued. Don't be alarmed—shops mainly use 6-digit masking.
Knowing the bin, we can find out whether it is a debit or credit card. Check the card level.
Since we have the card, we only have basic information about it—we cannot find out the balance. The balance can be found out by calling public banks (they will ask for additional information) or by creating an account (enroll).
Once we know the card level, we can determine the approximate balance and, based on that, select goods for that amount.
Naturally, the higher the card level, the higher the balance on the cards may be.
Card levels + approximate credit amounts:
- Secured/prepaid: a small credit limit of $200 to $300.
- Classic: A card with less stringent conditions and a small limit of up to $1,000-1,500.
- Gold: Average amounts, usually up to a $3,000 limit.
- Visa Gold: A card with 24/7 service in the US, with the ability to respond quickly, often with a limit of up to $10,000.
- Black Card: A rare card with a high credit limit of up to $10,000, similar to Platinum.
- Platinum: A card with a high credit limit, usually up to $9,000.
- Business: A corporate card with large limits, up to $15,000 and more.
- Signature: Prestigious cards with limits up to $100,000, offering many privileges.
- Infinite: No credit limit, but with 24/7 bank support.
- Corporate: A corporate card for businesses with a credit limit of up to $30,000.
- Maestro (Mastercard only) – Same as a prepaid card.
- World - A card with a very high limit of up to $300,000.
- World Elite - An elite card with a virtually unlimited limit of up to $500,000.
- blue - usually up to $3,000 on American Express
- centrion - up to $1,000 on American Express
- Green - up to $1,000 on American Express.
- Optima - up to $1,000 on American Express.
- American Express Gold Card - An American Express card usually with average amounts up to $3,000.
- American Express Platinum Card - Provides large amounts up to $10,000 and many privileges.
There are many card levels, and privileges and limits depend on the bank. The higher the level, the stronger the protection.
I do not recommend taking prepaid, gift, or electron cards—you can't guess with these credit cards.
Credit cards come in two types: credit and debit.
Credit cards have better balances, but they have stronger bank protection (they give less).
Debit cards have a lower balance but are easier to get.
Note on debit cards: it's better to look for CU FCU, and even better to get bin cards that work as debit cards — they sometimes have good balances.
Why doesn't it work?
- bank - killed with a wrench
- credit limit of a specific person
- prosperity of the state (or country) (reg-lock)
- even time (beginning of the month or end) (salary, etc.)
- When we bought the card, we may not have been given 100% accurate information; there may be an error in the city, address, etc. Additional BG information is required.
- The checker can “kill” the credit card - checkers are available in all stores that sell cards (the checker is needed to verify whether the card is valid or not - by withdrawing a micro-amount from the card)
- there is a ban on purchases in online stores for amounts above 300 or 500 (for example).
- The merchant on the shop/fraud side is not working.
- The bank suspects fraudulent activity.
- The card is blacklisted.
- A relative used the card - incorrect billing.
- Problems with the card - expired card.
Protections in the shop and + card validation checks.
Shops can be:
1) A shop can be self-written.
2) A shop can use a ready-made CMS (CMS - a store engine to which products, payment systems, design, shop themes, and much more are added).
When it comes to self-written shops, protection can usually be added/hidden somewhere in the code. It may not be present on the shop itself, but it will be on the merchant's side.
Merchants are usually linked via API keys.
Extensions are also added to CMS — fraud detectors — which are also usually linked via API. But CMS can also hide the fraud detector in the code.
And there is protection from the bank if the bank sees something suspicious.
Here are a few cases from my experience with auto-blocking:
- many consecutive transactions (although maybe the KH were just that quick)
- too large an amount in novbv merch
- Fraud sees your hardware and blocks it
How are CC checked?
To check a card for validity, simply perform a transaction on the card; if successful, it is valid.
The checker may debit a small amount from the card, $1-5, and return it.
Also, linking to a service such as Yahoo, Google, or Microsoft.
But linking to Google is risky.
How to check a CC?
You can check if a card is valid:
1) With a credit card checker—a service that is usually available in shops selling credit cards. That is, you simply copy the card details into a special field on the website and click “check cc.” In response, you will be told which credit cards are valid and which are not.
The advantages are that it is fully automated and you can check many cards at once.
The disadvantages are that because many cards marked as fraudulent pass through this service, it quickly ends up on all kinds of blacklists, and therefore may not pass validation for some bins, or worse, kill the credit card.
2) Donate - a regular donation website, where you set a minimum amount and make a payment. If the donation is successful, the card is valid.
3) Installing antivirus or other software (eset nod32, doctor web, wise cleaner, malwarebites, and others).
4) “Authorizers” (you can call them that) - services where you can link cards to your account, but not make purchases. An example of this is PayPal, where you cannot link a dead card, but you also do not need to pay for goods.
Decline codes:
01 Refer to card issuer. (You need to call the bank to complete the transaction)
02 Refer to card issuer. (You need to call the bank to complete the transaction)
03 Invalid merchant. (Incorrect merchant ID)
04 Pick-up card. (Card blocked by bank due to fraud)
05 Do not honor. (Transaction declined by bank without explanation)
06 Error. (Unknown error on the bank's side)
07 Pick-up card, special condition. (Card blocked by bank due to fraud)
08. Honor with Identification - The bank requested additional identification to complete the transaction.
10. Approved for Partial Amount - The transaction was approved for only a portion of the requested amount.
11. Approved (VIP) - The transaction was approved due to the customer's VIP status.
12 Invalid transaction card / issuer / acquirer (The merchant does not accept cards from this bank)
13 Invalid amount (The amount exceeded the bank's transaction limit)
14 Invalid card number (Incorrect card number or card blocked by the holder or bank)
15. No Such Issuer - The bank that issued the card does not exist or cannot be found.
16. Approved, Funds Available - The transaction was approved and the funds are available for use.
17. Customer Cancellation - The transaction was canceled at the customer's request.
18. Customer Dispute - The customer has disputed the transaction.
19 System Error (System error on the merchant's side, transaction must be repeated)
or 19. Re-enter Transaction - Transaction must be re-entered.
20. Acquirer Error - Processing error
We only refund money using these codes.
AUTHORIZATION CODE — AUTHENTICATION RESULT
04 — Pick up card (no fraud)
05 — Do not use (we DO NOT refund money using this code for the UK, Switzerland, and EU countries)
07 — Pick up card; special condition (fraud account)
14 — Incorrect card number
15 — No such issuer
33 — Expired card, seizure
39 — No credit account
41 — Lost card; pick up (fraudulent account)
43 — Stolen card; collect (fraudulent account)
46 — Closed account
54 — Card expired
55 — Incorrect PIN code
57 — Card transaction not authorized
59 — Transaction not authorized — Merchant
62 — Restricted card
63 — Security breach
65 — No account
76 — Invalid date
96 — System malfunction
97 — Incorrect CVV
H7 — CVV2 value provided is invalid
We do not refund money for these codes.
AUTHORIZATION CODE — AUTHENTICATION RESULT
00 — Approved and completed
03 — Incorrect merchant ID
08 — Honor MasterCard with ID
10 — Partial approval
11 — VIP approval
13 — Invalid amount
28 — File temporarily unavailable
51 — Insufficient funds
52 — No checking account
53 — No savings account
56 — Transaction not supported by institution
58 — Transaction not allowed for terminal
61 — Exceeds withdrawal limit
65 — Exceeds frequency limit
82 — Expired at issuer
83 — Network connection problem
85 — No reason to decline
91 — Issuer unavailable
93 — Violation of law
98 — Card was checked less than 3 hours ago
99 — Maintenance in progress
P0 — Customer requested to stop a specific recurring payment
P1 — Customer requested to stop all recurring payments from a specific merchant
T0 — First check was successful and converted
T3 — Amount exceeds limit
T4 — Unpaid goods; negative file check failed
T5 — Duplicate check number
T7 — Too many checks
Merchant is an electronic aggregator for processing incoming payments, in other words, it is a program that directly accepts payments through a website. There are a huge number of merch, both large and self-written.
There are not many popular merchants. With time and experience, when you visit a new website, you will already understand - “this website is similar to the one I visited before, most likely it works, or it doesn't. You can also orient yourself by the CMS design.”
Analysis of merchants and their features.
1. Shopify is truly the most advanced and strict merchant when it comes to fraud. If you have money, everything goes smoothly. But then the problems begin. The admin panel has a bunch of order verification and analysis features. Starting with standard ones like IP, OS version, location, services, etc., and ending with clicks, viewed products, time spent on each action, etc. In short, absolutely EVERYTHING you do. This merchant checks everything. In the US, it comes in 2D. In Europe, additional merchants with 3D are sometimes connected.
2. Authorize.net - Features:
-ABC match verification
-Verification of the distance between the IP address and the holder
-Blacklists on the IP address and verification of previous orders, if any, from this IP address
-Verification of the holder for previous charges, payment behavior, and transactions according to card data
-Verification of the phone number according to public records in automatic mode
This is 2D merch. You can connect 3D in the panel itself, but it is rarely done.
3. Magento (up to version 1.9) - Magento itself is a CMS engine for shops. Up to version 1.9, they have their own merchants. Everything above 2.0-2.4 already connects to additional merchants such as:
in the USA: authorize.net; braintree (braintregatway); x-cart; adyen
in the EU: Safer Pay; Sage Pay; Paysafe; IntelliPay; omniPay; lawpay, etc.
Magento itself is a simple merchant.
4. Braintree (Braintregatway) - Simple 2D merchant, works with everything.
5. X-Cart - Has its own merchant, also connects to many additional merchants. The merchant itself is simple.
6. Adyen - All countries are supported. Sometimes it can get into the shop, but that's more for fraud.
7. 2Checkout.com - Simple 2D merch. Usually installed on antivirus subscriptions.
8. computop - European merch with 3D. Supports EU non-residents.
9. Beanstream - Canadian merch, always 3D. They go for EU non-residents.
10. Drupal Commerce (Drupal) - Simple 2D merch for the USA. For EU, they connect additional payment systems with 3D.
11. Stub Hub + virtual POS terminal - very common on websites that sell tickets for all kinds of events. It is quite difficult to enter this merch, VBV - always, YUSU has never managed to push it through, only EU non.
12. Banca Sella - VBV merch with a rather weak anti-fraud system, which is easily bypassed by US or UK cards with VBV reset.
13. Bucharoo - complex Dutch merch. 3D/SafeKey, bypassed with non CA.
14. Wirecard and Erstes - 3D merch - eats USA non
15. SafeхPay - VBV, only EU. Sometimes without VBV.
16. Euro payment service - works great with US MAT under reset.
17. Zerogrey - there are 2D shops, mostly 3D. Accepts US/UK with reset.
18. QuickPay, Commdoo, Dibs payment, heidelpay, klik&pay - all these merchants without VBV, accepts anything.
19. Qenta - VBV in rare cases (mainly shops without VBV), accepts EU
20. Skrill - Capricious merchant. Accepts EU with reset and occasionally US.
21. Safer Pay - SafeKey available, sometimes without VBV. UK under reset.
22. Sage Pay - VBV always in all shops. Accepts AMEX as there is no SafeKey. Accepts UK and USA with reset, but not all bins.
23. GPayments - 3D merch
24. Arcot - Always 3D. Accepts EU MAT NON.
25. Nitrosell - Increasingly capricious, more often requires EU.
26. Sella - Not to be confused with Bank Sella, only EU, always 3D, rarely found in shops.
27. Nochex, Datacash, Ingenico e-commerce - (not to be confused with regular Ingenico) - always VBV.
28. Payzen - goes through USA with reset.
29. Payline - Capricious EU merch with 3D. Did not go through.
30. ANZ eGate - connects to WooCommerce. 3D always. Works well in the USA with reset. EU not tested.
31. BillriantPay is a Chinese payment gateway, both 2D and 3D. It is better to check it in advance by testing it in the shop.
32. BlueSnap Credit/Debit - used on wp cms. Amex and Discover are accepted.
33. Cardinal Commerce Centinel — Complex European merchant. Non-customers can get through. However, orders are canceled for unknown reasons.
34. Converge (Virtual merchant) — Simple merchant. Both 2D and 3D — it is better to check.
35. Demanware — Simple 2D merchant with features similar to Magento.
36. E-Gateway - EU non.
37. Heartland Payment System - Found in both US and EU shops. Complex. Breaks through the US with a reset.
38. HeidelPay - Certain bins get through. 3D.
39. Innovative Gateway - Simple US 2D merch. Rarely gets through 3D - eats non.
40. Netbanx Hosted Payment - Almost always 3D.
41. Netevia - Quite complex merch.
42. Paya - works with WooCommerce, sometimes 2D. Better to check for 3D. Accepts any US currency.
43. Quantum Gateway - always 3D
44. Simplify Commerce - works with WooCommerce. Simple merch, mostly 2D. But we've seen 3D.
45. PayFort - Accepts CA non. Always 3D.
46. Metaprise - 3D is always better to take non. They ask for more drawings after entering.
47. Helcim - complex merch, similar to autorize, only with 3D.
48. Finix - always 3D.
49. PaySimple - Always 3D. Better uk.
50.PayJunction - 2D and 3D. We check.
51. lawpay - usa non or with reset.
52. ePayPolicy - Always 3D. Goes through eu non.
53. finway - EU 3D merch
54. multisafepay - always 3D, EU exotic non-3D.
55. curopayments - always 3D, EU non-3D.
56. Cashstar - Complex, capricious merch on GIFs, accepts Mastercard, Amex, Discover
57. wgiftcard - Complex, capricious merch on GIFs, accepts Visa, Amex, Discover.
58. toastab - Merch on GIFs, accepts everything. 2D.
59. Worldpay - EU merch always 3D.
60. Cheddar Up - EU merch always 3D.
61. Bolt - In the USA - 2D - easy to get through. In the EU, more likely 3D.
Merch also has standard protection against fraudulent transactions, with an integrated admin panel for manual order verification and a shop manager.
As experience with shop admin panels has shown, all fraud protection is created from various modules that are usually considered both manually and automatically.
Shipping address - delivery information, write the drop/middleman/purchaser address here:
Billing address is payment information about the CH, data from the CC itself:
Every shop has shipping (delivery address) and billing. If we write Hose Mendosa in the shipping address and Cole Baker in the billing address, the shop may not like it and will not send the order.
In general, it depends on the store, but it is better to write:
1) The name of a relative - their last name. Pretend you are ordering for a relative.
2) Just the first name (because Americans like to move around).
According to the BG (report), you can find out about neighbors and relatives.
Regarding the EU: if countries do not disclose billing information, you can write any name you want. It can be a drop, a middle name, or a nickname.
Pickup is when we enter the address into the system, wait for the parcel to be sent, call the delivery service (give them the tracking number) and ask them to leave the parcel at the post office instead of delivering it to the door (in person) - and then the services (via the drop panel) pick up the parcel using fake documents.
Caller is a person with good English (or other languages) skills. They are needed to call the post office, bank, or online store.
Rerouting is also entering the kh, waiting for the shop to send it - calling the delivery service (we give the order to the caller) - to understand how this happens, here is an example of communication with support - I work in another state, send it to another address ( посреда etc.) - i.e. initially the parcel was sent by the store to the kh address, but we in the delivery service changed the recipient's address to the one we need
Address Verification System (AVS) - an address verification system that compares the address we entered in the billing information with the actual address of the cardholder.
https://chargebacks911.com/knowledge-base/what-is-address-verification-service/#1 (you can learn more about how AVS works)
It comes with bank protection and, according to the standard, should be built into USY shops.
When issuing a card at a bank, CH indicates its billing address (payment address) — this is the zip code, state, city, street, and house number.
This data is entered into the bank's database.
When filling out information in the shop, the billing address fields are encrypted and sent securely through a channel to the bank, where the correctness of the entered data is automatically verified.
If everything is correct, the order is automatically passed on; if there is an error, it is canceled.
AVS itself is a fairly simple topic, but the problem is that the material itself may contain a false or old address.
This is because the owner may move frequently and have five addresses.
And the address in the billing, for example, is the third address. He issued a card at this address and uses it.
If there is no address, there is an option to try to find it yourself for free using Google search.
Sometimes you have to turn to search engines, but even they cannot always say for sure what the address is in the bank.
Therefore, there may still be certain problems with AVS, even though the protection is simple.
The Payment Processor is also involved in the payment process. Its task is to interact with Visa/MasterCard and other payment systems, with the bank that issued the CC CardHolder, with the AVS system, respectively, and based on the information received/processed, it informs/recommends further actions.
3DS is additional protection when shopping online.
3DS is not exactly bank protection; it is protection provided directly by Visa and Mastercard card services.
3DS protection can be linked to both the store and the cards.
3DS is a standards-based authentication protocol that helps merchants reduce fraud.
VBV - verified by Visa.
Mcsc - Mastercard Secure Code.
This is 3DS.
Again, there are different types of 3DS.
The first is a code that the merchant sets when receiving the card. (This can be a word, dob, etc.) and then this protection is requested.
Previously, there was a way to reset this code and set your own if it did not come with the material, but then this feature was disabled, so if the card has protection and the code does not come with the material, there is nothing you can do (unless it works on auto vbv).
The second is an SMS code, a type of protection used in Europe and many other countries, which can sometimes be bypassed only if you have access to email, and even then, not always.
There are also options with a duplicate SIM card, but this is expensive, time-consuming, and not suitable for our purposes.
Another option is transaction confirmation via push.
The third is the newest, a changing code on the card itself.
There are very few of them, and their data does not actually end up on the network.
In the USA, 90% of shops do not have 3DS, but they do have AVS. Usually, we can find out whether a shop has it or not by the 3DS icon or icons such as Verified Visa/Verified Mastercard.
In order to find shops that have a 3D system, we need certain bin numbers.
Non-VBV - no VBV check.
Auto VBV - auto.
In order to hack shops that have a 3D system, we need certain bin numbers.
Non-VBV - no VBV check.
Auto VBV - automatic approval.
VBV reset (usually SSN or ZIP) - this is where you need to enter either your SSN or ZIP instead of VBV.
When we have a bin non-VBV and a shop with 3D, there will be no window from the bank. We will be automatically redirected to “Thank you for your order” or “Decline.”
Bin AUTO VBV - a window from the bank will pop up, but inside it will be processing. Then it will automatically redirect you to “Thank you order” or “Decline” (picture on the left).
Bin with reset by SSN or ZIP - enter SSN or ZIP instead of SMS - we will be automatically redirected to “Thank you order” or “Decline” (picture in the center and on the right).
Non-auto and reset are only applicable to 3D shops. If the shop is 2D, their function is useless, as the passability is the same as on СС.
We take the work, find a website (merch) that definitely has 3DS, and start hitting it for $700-1000 and watch the behavior to see if 3DS will pop up or not.
Methods for bypassing 3D.
1) Using non/auto/reset bins
2) There are shops where you can try to block 3D from the console. Since we already know that 3D is just an additional check.
There used to be software that bypassed 3D via EU. It's called Moretti VBV soft. I reverse engineered it and figured out how it works. The only thing I know is that there are banks with curve protection.
Merchants:
BRAINTREE
SAGEPAY
STRIPE
SHOPIFY
BARCLAYS
EPDQ
WORLDPAY (maintenance)
INDIPAY
AFTERPAY
SHOPIFYPLUS
XSOLLA
ADYEN (maintenance)
All we need to do is parse the requests:
127.0.0.1 0eaf.cardinalcommerce.com
127.0.0.1 3dauthentication.bankcomm.com
127.0.0.1 3ds.bnpparibas.com
127.0.0.1 3dsecure.deutsche-bank.de
127.0.0.1 3dsecure.icscards.nl
127.0.0.1 3dsecure.pay.nl
127.0.0.1 3dsecure.vinea.es
127.0.0.1 3dsecure-cardprocess.de
127.0.0.13d-secure-code.de
127.0.0.1 ca-sp.wlp-acs.com
127.0.0.1 lbp.wlp-acs.com
127.0.0.1 3d.secure.lcl.fr
127.0.0.1 acs-3dsecure.creditmutuel.fr
127.0.0.1 hsbc.wlp-acs.com
127.0.0.1 bnpp.wlp-acs.com
127.0.0.1 sg.wlp-acs.com
127.0.0.1 acs-3dsecure.cic.fr
127.0.0.1 acs-3dsecure.cm-cic.com
127.0.0.1 3dsecure.bpce.fr
payv2.multisafepay.com
postbank-3dsecure.wlp-acs.com
rabobank.nl
regiobank.nl
safe.pay.nl
secure.axisbank.com
secure.curopayments.net
secure.ogone.com
secure4.arcot .com
secure5.arcot.com
secure6.arcot.com
secure7.arcot.com
securecode.abnamro.nl
securesuite.co.uk
secureyou3d.ing.be
verifiedbyvisa.barclays.co.uk
verifiedbyvisa.comdirect.de
verifiedbyvisa.sparkassen-kreditkarten.de
visa.com
wlp-acs.com
Add these lines to the hosts file on the virtual machine (Windows) located at: C:\Windows\System32\drivers\etc\hosts
This will prevent the authentication page from opening and the SMS from being sent to the cardholder.
We need to find and block requests like these. Orders are broadcast without any problems. Then it's 50/50. Either the shop will approve or cancel.
3) Method 3 is most likely a matter of waiting. You can just sit and wait, and the 3D will disappear. This worked on BestBuy.
When it comes to 3D, we have it on all types of credit cards.
Visa/Mastercard, Amex looks different: they ask for cvq2 - these are 3 digits on the back of the credit card (we can't get around this). And Amex's cvv consists of 4 digits.
Discover mainly uses push via phone.
Fraud is a type of fraud in the field of information technology, specifically unauthorized actions and unauthorized use of resources and services in communication networks.
Anti-fraud is a system or set of measures for detecting, preventing, and responding to fraudulent activities.
Each merchant attached to the shop has its own fraud assessment scale and settings.
This is a comprehensive software that is connected to the banking network and the shop at the same time, also has a payment system, and is a transaction protection system that configures the strictness of transaction passage by the shop itself.
From the moment we enter the shop's website, the merch begins to assign us fraud points based on our actions on the website.
It analyzes which link we clicked on, which website we came from, whether we typed the address into the browser or used a search engine. It also closely monitors our behavior — whether we browse the store, select a product, or just go straight to checkout.
Therefore, the first thing to pay attention to is that you need to behave like a real buyer in the store.
Compare products, add and remove items from your cart, fill in all the fields by typing the text manually, rather than copying and pasting data from your credit card. Serious stores may even react to switching browser windows when entering data.
It is best to create an account in the store and fill it with real data, ideally the day before the attack, but this is only for top-level stores.
The assessment is based on the following parameters, which indicate the likelihood of fraud:
- Frequent address changes - that is, transactions are made from one credit card to different addresses (by default, changes of 2 or more addresses within 6 months are considered suspicious).
- Bin number mismatch - the user's credit card was issued in a different country, i.e., not the one specified in the billing address.
- Bin number mismatch - the user's credit card was issued in a different country, i.e., not the one specified in the billing address.
- A large number of unique credit cards - transactions were made from many credit cards under one name (by default, it is considered suspicious when a user has used 6 or more different credit cards in the last 6 months).
- Domain and IP influence - the buyer has a risky email or IP address.
- Presence on the fraud list - the buyer's address is on the fraud list.
- Geographical inconsistencies - phone number, email domain, billing address, shipping address, IP address - appear suspicious.
- Frequent name changes - transactions were made on one credit card under different names (by default, 2 or more name changes in 6 months appear suspicious).
- Internet inconsistencies - email or IP does not match the billing address.
- Nonsensical input - name and address contain words that do not make sense.
- Obscenities - the information entered contains obscenities (in my humble opinion, only complete scumbags do this).
- Phone inconsistencies - the phone number looks suspicious.
- Non-standard time of day - the purchase is not made during normal hours.
- Unverifiable address - the billing or shipping address cannot be verified.
- Frequency of use - if the account was used more than 3 times in 15 minutes, it looks suspicious.
- Discrepancy between billing and shipping addresses.
In addition, there are intermediary companies, which can be challenging to work with.
You can ask officials for a demo of this or that. For example, if you go to https://www.riskified.com/ and provide your contact details, you can then ask them for demo access so you can poke around in the settings and filters.
List of popular fraud systems:
1) arkoselabs
2) Breach Clarity
3) callsign
4) nofraud
5) onespan
6) ravelin
7) riskified
8) pingidentity
9) Stripe Radar from Stripe
10) cybertonica
11) FingerprintJS
12) SEON
13) forter
14) sardine
15) accertify
You can also search here: https://www.softwareadvice.com/search/products/fraud detection/.
If you request a demo, be sure to use corporate email!
In essence, fraud systems differ only in their parameters, which are higher or lower in some cases, as well as in their fraud scores.
Looking for shops
There is no need to look for European or Asian shops — the country of the shop does not matter.
Almost always in EU shops - VBV - SMS verification - we need to check such shops for 3DS behavior.
Wherever you go - look for Yusa.com sites, there is no VBV there, and they almost always ship worldwide (with worldwide delivery).
Search for shops via eBay (you can do the same with Amazon).
For example, let's find a product:
We need seller information!
Let's go to the seller's page!
We see:
For the sake of interest, let's go to his store on eBay. To do this, click the “visit store” button on the right.
Enter the name of the shop (guitaraudio) into google.com.
We found the first shop. Let's write it down in our notebook! Maybe it will give us a discount!
Search using the “Similar Sites Search” extension.
There is such an extension for Chrome: https://chrome.google.com/webstore/detail/similar-sites-discover-re/necpbmbhhdiplmfhmjicabdeighkndkn
Open the website. If it is in the list, clicking on the extension will bring up a window:
Here you can see the number of visits per month - preferably up to 1 million.
You can also see the rating and country of the shop, which is quite convenient.
Below is a list of similar shops.
Or you can simply enter the shop name in the search bar on their website https://www.similarsites.com and it will show you similar shops.
Also, before making a purchase, it is worth checking the sections in the shop, namely the shop's policy.
It can be found in the Delivery, Shipping, Terms and Conditions, Privacy Policy sections, which vary from shop to shop. We can find all this information at the bottom of the website.
There we can find information about how the shop treats orders for different billing and shipping addresses.
Sometimes they write something like: “We do not ship to addresses other than the billing address. All buyers must enter their billing address and shipping address accurately.” - We only ship goods to the cardholder's billing address!
That is, it is clear with these shops.
You can ONLY enter the billing address of the cardholder, and then redirect the package.
Either they write that they may require additional verification, so you need to be prepared for this; they may ask for anything, usually a social security number or ID, or they may ask for a mini-deposit (they will deposit a small amount, which you need to confirm) , or documents, or something else, such as what their transaction looks like in your statement (Statement - This is a statement of expenses and balances on a bank account or credit card with the specified debit amounts, once a month/week/every day, depending on how you set up delivery to your email).
You can also talk to customer support in live chat to find out if they send to different billing/shipping addresses or not. This is called WARMING UP.
Come up with a reason, for example, “I'm currently in another city and I need the package sent here, could you send it to a different address?”
The payment processor is also involved in the payment process. Its task is to interact with Visa/MasterCard and other payment systems, with the bank that issued the CC CardHolder, with the AVS system, respectively, and based on the information received/processed, it informs/recommends further actions.
Processing usually takes an average of 40-50 minutes for Shopify merchants.
But there are shops where you place an order and processing takes a day or two. This means that this shop has an order acceptance module. In other words, there is a support team that approves orders.
There may also be anti-fraud modules that can slow down an order based on points. Other order holds depend on the employees working at the store — they can put a hold on a package.
Right now, the banking system is quite strong and constantly tightening the screws.
- If you check the СС on valid, take the socks under the СС zip log, otherwise you can get suspected fraud = you yourself have defrauded the СС.
- Don't make several transactions in a row, you can quickly ruin the СС and earn nothing. Timing is 25-30 minutes.
- There are types of cards where you first have to deposit a small amount of $25-70-80 and only then make a large deposit.
- Take socks as close to zip as possible.
- Check socks for cleanliness.
- Check the system.
Sometimes, USA uses a one-time SMS code (VBV).
And they rarely ask for it.
They have another security measure called AVS.
The point is that the BANK (USA BANK) gives the store information about the real name and address of the cardholder, and if you write something else, the payment will either not go through or your order will be canceled.
Some stores may let it through. It all depends on the store.
Enter in the US store (different billing and shipping):
In BILLING information - everything from СС (all information about the cardholder)
In SHIPPING information - the address of our intermediary or drop in America
There are some very weak shops that don't care about this. Usually, larger shops pay attention to this.
This method works well for single-brand shops.
Single brands are less popular brands.
If you are buying in bulk, it is worth looking for a shop that has 2-3 brands of goods. If there are a lot of brands (for example, tools), they usually do not ship them. But it all depends on the store.
To beat the drop or middleman, buy a card under the ZIP of our drop/middleman (zip is the index), ideally the zip should match. You can take the nearest zip, check the distance on Google Maps. You can also do this in a neighboring state, but here, the greater the discrepancy, the more it will depend on how the store behaves.
Only after that do we select the socks. Alternatively, you can select a card (without buying it) and select socks for it.
Here, too, there should be socks for the zip code. If there is a difference somewhere, it will depend on the shop. It is not recommended to take socks more than 15-20 miles away from the zip code.
If we have everything selected for the zip code, only the street will be different. This is the best solution.
It's 50/50 here because many shops know the addresses and won't ship to them. They also don't ship well where there is a PO Box.
When entering a shop, socks, correct settings, mail, behavioral factors in the shop, and a valid CC are very important.
- Automatic transaction approval without verification.
- If something is not satisfactory, manual verification is required—a phone call or verification (large amount, unsatisfactory credit score, etc.).
- Automatic payment cancellation without verification by actual operators (poor credit score, poor socks, poor Bill-Ship, etc.). The “fatter” the shop, the better you need to adapt to it — for example, one shop may accept guests, while another shop requires an account. A third shop only accepts brute/logins.
1) https://www.ipqualityscore.com/ - you can register with both regular and business email. But your account will only work for a week. Then they burn the VPN and that's it))
In the personal account, you can check emails for fraud and phone numbers.
You can check your IP without a personal account by connecting to the configuration, opening a private window in your browser, and checking as many times as you need. If you use a regular browser, the number of checks will be limited, like 3.
2) http://getipintel.net (http://getipintel.net) - (0.55-0.6 and less can be considered an acceptable value.)
3) https://thesafety.us/check-ip
4) https://dnschecker.org/ip-blacklist-checker.php - blacklists
5) https://mxtoolbox.co blacklists
6) https://www.maxmind.com/en/solutions/minfraud-services/data-points#outputs (you can subscribe)
Card selection, by priority.
We have two types of CC.
A) DEBIT - Good for shops, but balances may be small, so it's hard to predict. From debit, CU FCU, as these banks are the most common. And there can be decent balances on the rolls. Even from the classics.
Passability in shops is higher.
B) Credit - They are tight, but have high balances, as well as internal credit limits.
Passability is average. If, for example, the limit is $500, he drove to a gas station, filled up for $100, stopped by a cafe and a store, and spent $200. The balance is $200, but you're hitting $250, so there will be a decline.
Let's break it down into 3 parts:
1. Banks with CU FCU (credit union/federal credit union) - also from these banks, if you take, for example, merch 3D (find a shop where 100% of SMS messages come out), look for non/auto bins.
These banks are mainly private. They may be located in certain states.
BA:
SAFE F.C.U.
TOYOTA F.C.U.
ELGA C.U.
ROBINS F.C.U.
MUNICIPAL C.U.
NEW MEXICO F.C.U.
FAIRWINDS C.U.
ASSOCIATED C.U. 423585
TMB BANK PUBLIC CO., LTD. 405016
GOLDEN 1 C.U.
ALCO F.C.U.
GREENVILLE HERITAGE F.C.U.
EDUCATORS C.U. 414871
ROYAL C.U. 477778
ALTRA F.C.U.
FIVE STAR C.U.
DIGITAL F.C.U.
PADUCAH F.C.U
SAN DIEGO COUNTY C.U.
COUNTY F.C.U.
CORNERSTONE COMMUNITY F.C.U.
ALTRA F.C.U.
AMERICA FIRST F.C.U.
CARTASI S.P.A.
AMERICA FIRST F.C.U.
BESSER C.U.
FREEDOM C.U.
SECURITY F.C.U.
IDAHO CENTRAL C.U.
FRANKlan-SOMERSET F.C.U.
EMPLOYEES' C.U.
ONE NEVADA C.U
BAY F.C.U.
MIDFLORIDA C.U
HUDSON VALLEY C.U
DESERT FINANCIAL C.U
GOLDEN 1 C.U.
SELCO COMMUNITY C.U
FAIRWINDS C.U.
GREENVILLE HERITAGE F.C.U.
TWINSTAR C.U.
ORlanDO F.C.U.
FOX COMMUNITIES C.U.
AMERICA FIRST F.C.U.
NUMERICA C.U.
VYSTAR C.U.
Velocity C.U
FINANCIAL PLUS C.U.
WESTERRA C.U.
VERIDIAN C.U.
APPLE F.C.U.
CENTURY F.C.U.
XCEL F.C.U.
EDUCATIONAL COMMUNITY C.U.
BAYOU F.C.U.
CHOICE C.U
COLUMBIA C.U
ASCENT C.U
LAPORTE COMMUNITY F.C.U
APG F.C.U.
LANDMARK C.U
APG F.C.U.
FORT LEE F.C.U
LANDMARK C.U
CHILDRENS MEDICAL CENTER F.C.U
RIVERMARK COMMUNITY C.U
OREGONIANS C.U.
SIERRA CENTRAL C.U.
QUINCY C.U
TRANSWEST C.U
DOWNEAST C.U.
CHOICE C.U
2. Less popular dietary supplementsClick to apply
SUSQUEHANNA BANK
STERLING SAVINGS BANK
STATE FARM FINANCIAL
SEACOAST NATIONAL BANK
WINGS FINANCIAL
DHCU COMMUNITY
ARVEST BANK
EMPOWER
WORLD FINANCIAlanETWORK BANK
STAR PROCESSING, INC.
FISERV SOLUTIONS, INC.
PSCU FINANCIAL SERVICES, INC.
NYCE PAYMENTS NETWORK, LLC
SERVE VIRTUAL ENTERPRISE INC.
LEESPORT BANK
COLEMAN COUNTY STATE BANK
FRANSABANK S.A.L.
Starling Bank Limited
AIB BANK
BANK OF NOVA SCOTIA
COMPASS BANK
HOME NATIONAL BANK
HOCKING VALLEY BANK
SILICON VALLEY BANK
Jack Henry & Associates
Great Plains National Bank
AMARILLO NATIONAL BANK
TORONTO-DOMINION BANK
METABANK
AMERIS BANK
PINNACLE BANK
PSCU INCORPORATED
Dc Card Co., Ltd
COMERICA BANK
CENTIER BANK
KUWAIT FINANCE HOUSE K.S.C.
ZIONS FIRST NATIONAL BANK
PINNACLE BANK
CENTURION
LAKE CITY BANK
BUSEY BANK
3. Public:
If there is a SCHOOLS prefix to the ba, it is for students, and they usually don't have much money. And students spend their money right away.
Wells Fargo Bank
Arvest Bank
SUNTRUST BANK
WOODFOREST NATIONAL BANK
SANTANDER BANK, N.A.
CITIBANK N.A.
CAPITAL ONE BANK (USA), N.A.
BANCORP
BANCORP BANK, THE
U.S. BANK, N.A.
USAA
COMERICA BANK
U.S. BANK, N.A.
CHASE BANK USA, И аналоги!
JPMORGAN CHASE BANK, N.A.
BANK OF AMERICA
UNITED BANK, LTD.
UNITED SAUDI COMMERCIAL BANK
UNITED BANK, LTD.
BARCLAYS BANK DELAWARE
TD BANK
WELLS FARGO
AMERICAN EXPRESS COMPANY
CITIBANK BELGIUM
DISCOVER (СС начинающие на цифру 6)
USAA SAVINGS BANK
BARCLAYS BANK (аналоги)
NETWORK INTERNATIONAL
WIRECARD BANK
FIRSTMERIT BANK (и аналоги ферст банк и др)
NATIONWIDE BUILDING SOCIETY
BRANCH BANKING AND TRUST COMPANY
REGIONS BANK
Ally bank
USAA SAVINGS BANK
Navy fcu
Fidelity National Card
Postepay S.P.A
Shazam, Inc.
Nbc Oklahoma
MICHIGAN SCHOOLS AND GOVERNMENT C.U.
Rbs Citizens
CENTRAL TRUST BANK
Banco Interamericano De Finanzas, S.A.E.M.A.
Bay First Bank, N.A.
HSBC - BESTBUY
OLD NATIONAL BANK
Fifth Third Bank, The
Star Processing Inc.
STANDARD FEDERAL BANK
WILL FINANCEIRA S.A. CREDITO, FINANCIAMENTO E INVESTIMENTO
PADUCAH BANK AND TRUST COMPANY
It is not recommended to take for work:
Affinity FCU
Pnc bank with BIN 443603
440066 BIN
517805 BIN
Alliant FCU
How can I find out my credit card balance?
1) Enroll (but not all bins enroll)
2) Call the bank.
For example:
You can call Bank of America on the bot, enter your card number, the last 4 digits of your SSN, and find out all your transactions and balance. You can call from Google Voice.
Chase, even without your SSN, card number, and ZIP code.
Most big banks can be called.
Another trick is to try calling several times, and you will be connected not to your SSN, but to your ZIP code.
We picked out the mat, bought the socks, and checked them for cleanliness.
We create a profile in Antique - I recommend adding various extensions to your browser, you can add some cookies.
We warm up the browser profile. Next is the shop.
If you see the words “shipping address,” fill in the address of our drop (you can fill in the first and last name with kh, or you can, for example, look up bg and take the first name of a relative and the last name CH).
Next, billing address—there we will fill in the complete information about our card, that is, first name, last name, address, city, state, zip code.
After completing this procedure, fill in the card details (number, first and last name, date, CVV).
After entering the number, date, and CVV, click “Pay.”
Next, you will see an error
(insufficient funds or card expired) or a window with your order number .If you see a window with the words “Thank you for your order,” just wait until the store decides whether or not to send you the package—usually up to 48 hours—this is written in the store, and if the weekend is approaching, the process will be delayed. Always use foreign email services such as Gmail.com, yahoo.com, etc.
️No RU-POCHT mail.ru, etc.We select the CC for the CH only for the purpose of making the shop like us more. Imagine that you bought the CC and entered not only the same city as the CH, but also the same street. Maybe he bought clothes for his neighbor.
A little about chargebacks:
A chargeback is a refund.
1) USA: Someone stole money from a person, he called the bank, they told him to come in and write a statement saying that his money had been stolen, he came in, the case was reviewed (the chargeback takes 2-7 days, depending on the bank, level, and SS privileges).
If he has access to his personal account, he can do it through it.
2) In the EU, it's a little different, because international transactions are usually involved there, so the refund takes much longer due to courts, etc.
Therefore, many people enter their EU credit card details into hotels, airlines, etc., so that the chargeback doesn't come quickly.
Let's consider the method of work under rerouting.
We don't need to look for a card for our intermediary (i.e., under zip); any card from any state will do.
There are usually very few top-level cards for intermediaries. And taking classics is a 50/50 chance. But with rerouting, we don't need to worry about this. We buy a good, fresh 90-95% valid card for any state and city.
In order to reroute, we need the shop from which we will be sending to be located in those post offices that can reroute.
We are looking for someone who does rerouting. Be sure to ask about the conditions; many call centers also change addresses.
Reroute conditions:
UPS - 50-60% may be possible, the service is considered completed if the following message appears:
The sender requested a delivery change for this package. / Your package will be delivered to an alternate address. (UPS appears immediately after the call).
Fedex - (50% chance of success), the service is considered completed if there is an alternative address in the track and a case number is given to you. (within days, as the track reaches the nearest sorting center).
* - if this does not work, i.e. the words “Intercept” and “alternate address” do not appear, the service will reroute the package to a future tracking location.
The package must be in transit (statuses: Picked Up/In Transit).
DHL will also reroute.
This will be rerouted.
UPS 2nd Day Air
UPS Ground
UPS Standard
UPS Express
FedEx Ground
FedEx 2nd Day Air
FedEx Standard
These cannot be rerouted.
UPS Next Day Air Saver
UPS Super Express
UPS Smart Post
UPS Overnight
UPS Super Express
FedEx Smart Post
FedEx Overnight
FedEx Super Express
FedEx One Day Air
FedEx Standard Overnight
DHL - can be rerouted.
USPS cannot be rerouted. In many shops, you can choose USPS Standard or Ground - they give you tracking in the tracker, i.e. they wrap it in USPS. Actually, this cannot be rerouted.
UPS - redirection is done via the website (access to the shop's mail)
FedEx - redirection is done by phone or on the website (FedEx account)
DHL - redirection is done by phone or at dellvery.dhl.com
Ontrac - redirection is done by phone.
Why it is not possible to do/What is a restriction:
- The shipper's contract with FedEx may stipulate certain conditions and restrictions on the performance of certain actions, in particular rerouting. The restrictions can vary greatly - the ability to make a request only through corporate email, a list of persons who can make a request, a mandatory account number request, a code word, etc. Or this option may be disabled altogether. It follows from this that all of the above may make it impossible to perform a reroute. The service has the right not to disclose what specific restrictions apply to a particular track.
- At the same time, even in the absence of clear instructions (prohibitions) from the shipper, FedEx reserves the right to
conduct additional verification at its discretion. In 90% of cases, it does so. This is in response to the question of
whether there is a ban on the track and why everything is at the same price.
Possible statuses on the track while working with it:
- Alternate delivery request: a coveted inscription indicating a successful change of address.
- Delivery option request canceled: an inscription that has recently begun to appear immediately after a successful
request to change the address specified above. If it appears AFTER the change request, there is no danger
and the package will be sent to the new address. However, if it appears BEFORE the change request,
there is a possibility that the request will be canceled. In this case, an attempt will be made to resubmit the request,
but without any guarantees.
- Delivery option requested: a message indicating that the address change request has been sent successfully and will be processed successfully with an 85% probability (only if there is no return), but at the same time it is not a guarantee of change.
- Pending: a status indicating that the track is undergoing changes. Most often, if after rerouting the track has been pending for more than two days, it means that there will be a new track.
This track will be displayed in the status of the old track (less often) or it will need to be retrieved by phone call.
It is also possible that the track will update itself - the Pending status will change to In Transit and the package will continue with the same track number. Therefore, it is worth waiting 2 business days and, if the update has not occurred, writing to support to clarify the details.
- Delivery Exceptions: appears on a red background with a request to contact us for additional details.
It has a very general meaning and can appear in various situations - unable to deliver to the address, package returned to the store. As a rule, it is accompanied by additional, clarifying statuses
- Cannot Locate Recipient/Recipient Moved: statuses indicating that the parcel could not be delivered to the address. It can have a positive or negative meaning depending on the situation: positive - displayed after rerouting, has a purely technical meaning, indicating that no one is expecting the parcel at this address; negative - when attempting to deliver to a drop/intermediary address.
May be the result of a return or an incorrectly specified address (less common).
- Refused by recipient: sad news that the holder has decided to interfere and has informed FedEx that they are not expecting the package and therefore the package will be returned to the sender.
- Future delivery requested: a request to postpone the delivery date. This may appear in the event of technical difficulties on FedEx's part or due to weather conditions. Alternatively, it may be a request from the shipper to buy time and successfully return the package. Only time will tell which of these options applies in a particular case.
- Laber Created: this status indicates that the parcel has not yet been sent, but only the label has been generated. The time it takes for the parcel to be sent and the status to change depends on the specific situation.
What not to do:
What packages not to make:
- Smart Post delivery service;
- Adult signature required request; (You can view the data in the Shipment Facts section)
- Tracks received from the shops listed below:
Toolup.com
Pro Dryers
innovee.tech
vipoutlet
stylextic
electronicsvalley
Wholesalephoto
big easy camera
adamsapples
fleetwood-macbooks
legitimac-store
Ebay US Pixel Hub
themaxmart
Macys.com ???? ???-
crutchfield.com
mywit
microcenter
home-experts
lighting and locks
hdharddrives
directbuywireless
springpc
cellfeee
yumnatel08
microsummerbreeze
wholesalebroker
6ave
Keh
lacomputercompany
wheelsnparts
ibuypower
digjungle
barneys.com
cdw.com
datavision.com
But sometimes the store prohibits changing the delivery address. Stores have also realized that they are being cheated at the delivery stage, so they have started to put a prohibition on changing the address on the label itself. That is, they pack the goods and put a sticker on them saying “Deliver only to the specified address.” Therefore, if the store has placed such a note, then when you call the courier service, in 95% of cases they will refuse to change the address, no matter how you explain it to them. They will simply say that we have a ban from the store and there is nothing we can do.
We only find out about the ban when the store has sent the goods and we send the tracking number to the rerouter. Sometimes the shop's FAQ section contains this information. There is no other way for us to find out.
Work
In the shipping address, fill in all the details from our card.
Go to the billing address and fill in the same information about our account.
Simply put, we are the customer who decided to buy something from the shop and are acting accordingly.
There is a good chance that you will be given a tracking number.
Pickup reroute
Pickup: Literally, picking up the goods from the seller's store.
1. These are relatively easy to enter.
2. Quick receipt of funds, no hassle with selling/forwarding, etc.
Pickup is when we place an order in the name of CardHolder, then the store sends the package to CardHolder's real address.
Then there are two options
-Either we call the post office ourselves and hold the package, i.e., we say that we will pick up the package ourselves (we will do the pickup), leave it at the post office, or more precisely, not at the post office but at the courier service that delivers the order, so it would be more correct to say
-Or we ask the callers to do it, for which they will of course charge a small fee ($10 for Hold Pack) (Hold - Stop the movement of the parcel
We pick up through the delivery service, not through the shop itself (some shops offer self-pickup), because when picking up goods from the shop itself, they will require you to present your card or show your payment receipt, while at the courier service, you only need to show your ID.
When we place an order for pickup, we simply enter all the card details, name, and address, everything as it is. As if the real cardholder is placing this order.
The only difficulty for us is that we need to disguise ourselves as the cardholder as much as possible.
First, you need to find a suitable drop service that handles pickup with a fake ID.
Specifically with a fake ID, as there is also pickup by name and drop mail.
A fake ID is a fake passport, i.e., an ID is made using the cardholder's details, and it is used to pick up a parcel at the post office.
Each drop service has its own list of goods and a specific percentage of payments for each item.
The mechanism is as follows:
The goods are entered into the KH (previously agreed with the Pickup service) > The tracking number is received > A call is made (Hold the package at the post office) > Then, the drop arrives at the post office and picks up the package as the CardHolder with fake documents.
When the drop receives the parcel, you are paid mainly in Bitcoin, within a day or two at most, but it is usually faster, depending on the service itself.
The pickup service will indicate its area of operation for fake IDs. Usually, the minimum order for which the pickup service will accept a fake ID is $1,000. They will usually request a percentage or payment upon receipt of the package, i.e., they will pick up the package, and then you will pay for its receipt.
That is, from the conditions - the right product, the right area, the right amount for the product, they include all their services for receiving and pickup in the percentage, and if you want, for example, to send it to yourself, they can either say right away that they don't do that or request payment for pickup, payment for shipping, etc.
It is easier to find material by pickup area. By zip code list.
If you take drop panels, they also do pickup, but it is more difficult to find SS under the drop zip code.
The drop can pick up the package in two ways: using a fake ID or their own ID.
This point needs to be clarified with the drop service provider, as there are services that allow you to pick up packages using a fake ID. For example, you enter the product, specify the cardholder's address, and the name must be specified by the drop, as the service does not have the ability to create a fake ID, but if the service does have this feature, you can easily fill in all the KH data when entering the information.
Of course, pickup in the name of the CH will be more feasible.
Pickup is one of the options for drops, but pickup can also be divided into three options.
1) Pickup with staff purchase.
2) Pickup for package forwarding.
3) 50/50 pickup.
Billing is the information from the card.
Shipping is the drop/pickup address.
Reroute - we follow the bill=ship scheme.
We give the data to the rerouter! We usually pay for rerouting after a successful reroute. We do not pay for failure.
The rerouter is also a caller, but he only calls the shop. We can also check whether there is a ban in the delivery service itself. Do not confuse rerouting with calling!
The rerouter calls the shop with their story and says, “I've just moved, could you deliver to a different address?”
Pickup - we follow the bill=ship scheme.
We give the data to the caller.
They call the delivery service and ask them to leave the package at the post office. We will pick it up from the post office.
Let's get started
First, let's search for shops by telephone order.
1 Google dorks. Go to the GPT chat.
Type in the query: create Google dorks to search for shops with the text ‘To place an order by telephone, please contact our.’
The bot will give us some examples, and with these examples, we can go to Google and just paste them in.
GPT - Of course, I can help you compose Google Dorks to search for shops with the text “To place an order by phone, please contact our.” Google Dorks are special search queries that allow you to refine your search query and get more accurate results.
Here are some Google Dorks you can use to search for shops with the specified text:
1. intitle:‘shop’ ‘To place an order by phone, please contact our’ - This query searches for pages containing the word “shop” in the title and the text ‘To place an order by phone, please contact our’.
2. inurl:‘shop’ ‘To place an order by phone, please contact our’ - This query searches for pages containing “shop” in the URL and the text ‘To place an order by phone, please contact our’.
3. intext:‘shop’ ‘To place an order by phone, please contact our’ - This query searches for pages containing the word ‘shop’ in the text and the text ‘To place an order by phone, please contact our’.
4. site:.com ‘To place an order by phone, please contact our’ - This query searches for pages on websites with the .com extension containing the text ‘To place an order by phone, please contact our’.
5. site:.ru ‘To place an order by phone, please contact our’ - This query searches for pages on websites with the .ru extension that contain the text ‘To place an order by phone, please contact our’.
You can also use the checker via the Netpeak SEO scanner. Who will register via Google account. To get into the programme itself, if it doesn't let you in, do it via recovery. Then, in your personal account on the website, you can view the password.
Netpeak Checker is a multifunctional tool for mass analysis and comparison of websites based on key SEO parameters.
You can download it from the website: https://netpeaksoftware.com/ru/download
Open the second one — the checker:
The parser will open.
Insert the dork here
Next - settings tab
Set up all search engines. Set the number of results to the maximum. And start.
Method 2: Via email.
There are many shops that do not mention on their website that orders can be placed by telephone. Find several basic shops, any shops, with non-liquid assets (medium-sized, possibly large).
Find their contact email address. Look at some products and make a note of them. Write to them by email and find out something about the product, such as how many items are in stock, etc.
The only thing they may not be able to answer right away is if you write to all the shops. Some will reply and some won't.
There is a nuance here - often the email address listed on the website is the admin's email. But they may respond from a different email address (support email).
We start a dialogue with the email address that responded and only then find out about the order by phone.
This method is quite time-consuming and effective. You simply cannot find many shops by googling.
Method 3. This is a rather complicated method. First, you need to find one shop. Then, analyze the CMS and try to find similar CMS engines, and also use method 2.
How it works
The caller calls the shop and dictates the data from the CC, thus bypassing the shop's anti-fraud system, and to the bank it looks as if we came to the shop and paid at the checkout.
What do you need for this?
First of all, of course, the CC itself with the data. As a rule, when calling, shop managers may request additional information about the KH, and we must be prepared for this.
But here we must be sure that there is really a balance on the card, so it is better to do such calls from a roll.
Of course, you can do without a roll, take two good cards, and if one doesn't work, tell the operator that you probably don't have enough funds and that you'll take another card, your wife's, for example.
But in this case, the cards must have the same ZIP code.
And a verified DOB SSN will also be needed in this case. Reputable shops have access to the holder's basic data, such as SSN, DOB, and even the colour and make of the car.
We can verify this information here:
https://fastpeoplesearch.com
https://www.truepeoplesearch.com
https://www.411.com
https://www.whitepages.com
https://www.instantcheckmate.com
https://pipl.com
Some of these sites are paid, so we put in the work there. You can also use their paid services; as a rule, the quality of information is higher than on these sites.
If the shop has AVS, only the CC country discloses billing to the shop.
(Many people get confused and think that EU shops check billing, but this is not the case!!!)
Countries where AVS is available:
United Kingdom (UK: England, Scotland, Wales) - almost always
Canada (CA-CANADA) - almost always
Australia - partially
New Zealand - partially
Canada - almost always
United States - always
France - partially
Germany - partially
Mexico - partially
Sweden, Ireland, Italy - partially
It is possible to work with these countries. But it's too much hassle.
For example, if you work in Canada. And Canada checks billing, then the method is the same as in the US. You will need a credit card with full billing.
But it also depends on the merchant. There are merchants such as woocomerce/bigcomerce where you can enter the drop address immediately (bill = ship, provided that the zip code and city match the SS), but the pass rate is 50%.
Ireland (some banks with A/C)
Italy (some banks with AVS)
Sweden (cards go well with Stripe, but the balances are small)
Greece (went well on eBay)
Types of work:
1. You can take EU drops - hit US shops. Bill = EU drop address. European socks (config under drop). In many shops, CMS will trigger merch integration in this case.
It will throw some merch with 3D. But this case is verified by testing.
2. You can take a US drop and hit US shops. The socks will be under the drop. Most shops see you as Americans, and 3D does not always come out.
3. You can take an EU drop and hit EU shops. European socks. In most cases, there will be 3D. This is verified by testing.
Here you can find 2D shops in countries. Take goods for 1k and above, hit with a test purchase - see if the merch behavior will pop up an SMS or not.
The best option is a US drop and an EU card.
Positive aspects of Eu:
1. No AVS in many countries
2. No calls from the shop (but they may request to send documents - usually after the documents are sent, the shipment is sent immediately). Or send a letter asking us to call (but there you can usually reply to the email, saying that you couldn't get through or something else)
3. Widespread 3DS system.
4. Many shops manually verify orders. The shop may call the bank to verify your real billing address. The only way to get around this is to pay immediately and then send fake documents - then the order will be shipped.
5. Long charge on the credit card.
6. You can find a perfectly clean proxy to use.
7. There are countries that have no idea what a passport looks like, etc.
You can find any EU passport and take the name from it so you don't have to draw one and enter it in the shop if they ask for documents.
Method for hacking EU CC on a drop in US.
We place the socks under the drop and hack it - we write the address and full name of the drop in the billing and shipping details - supposedly he is the card owner. The only thing they may request is a call or a screenshot.
Merchant.
The simplest merchandise is in GIFs:
1. Shopify - your own merchandise, but there may also be integrations.
2. Demanware - hidden merchandise.
Demanware+ brantigatway
Demanware+ aduen
Demanware +xcart
Demanware + autorize
3. magento + brantigatway, aduen, autorize
4. bigcimerce/woocomerce - has its own merch, as well as integrations.
5. ecwid - by integrations. I've seen some with Stripe.
6. drupalcomerce - mainly wepay merch integrations.
Simple merch is roughly speaking the kind found in shops that doesn't redirect anywhere.
Complex merch:
1) Cashstar
2) wgiftcards
3) gap
4) starbacks
5) yootipay
6) toastab
7) Stripe
8) Cashstar c letucce/ wgiftcards c letucce - generally not worth trying.
9) Giftcards
10) Lawpay + cardinalcommerce
11) Cardinalcommerce + Stripe/Brantigatway
12) Helcim
13) Quantum
14) Cardinalcommerce + Arcot
15) Arcot
Don't bother with these sites:
cardmail
egifter.com
carddelivery.com
mygiftcardsupply.com
giftnix.com/
giftcards.com/
cardcash.com
And sites with loads of gifts — you need to test approaches there, sampling by bins, it's easier to hammer Amazon with logs than to work with such sites and select material.
Search engines in the USA:
https://search.yahoo.com
https://www.aol.com
https://www.google.com
Technical Difficulties
https://botw.org
AllPages.com - , , Yellow Pages
www.allpages.com
https://www.ipl.org
https://www.msn.com
https://www.findelio.com
https://www.dogpile.com
ALOT Education
Learn about education opportunities for K-12, going to college, and what you need to know entering the workforce. Education information for all.
aloteducation.com
Alexa analogues (shop rating):1) https://www.semrush.com
2) https://www.similarweb.com
3) https://www.spyfu.com
Preparation for work
carddelivery.com
mygiftcardsupply.com For gift cards, use an antique or telephone. Fraud is higher with gift cards. If you come across a shop that only sells gift cards, it's better to skip it right away, or you'll just waste your money and lose your budget. You need to look for a bundle there.
All liquid gift cards are checked against logs. They take the log and either check linked accounts or tie an additional CC.
It's better to use non-liquid gift cards.
I found 10 shops with gift cards and made $25-50 each. I wrote down which shops sent them and how they worked.
Here is a list of suitable banks for working with gifts (preferably with C.U or FCU):
SAFE F.C.U.
ARVEST BANK
EMPOWER
TOYOTA F.C.U.
SUSQUEHANNA BANK
ELGA C.U.
ROBINS F.C.U.
MUNICIPAL C.U.
SEACOAST NATIONAL BANK
WINGS FINANCIAL
DHCU COMMUNITY
NEW MEXICO F.C.U.
FAIRWINDS C.U.
STERLING SAVINGS BANK
STATE FARM FINANCIAL
WORLD FINANCIAlanETWORK BANK
SUNCOAST SCHOOLS F.C.U. 460819
ASSOCIATED C.U. 423585
TMB BANK PUBLIC CO., LTD. 405016
GOLDEN 1 C.U.
ALCO F.C.U.
GREENVILLE HERITAGE F.C.U.
STAR PROCESSING, INC.
LEESPORT BANK
PSCU FINANCIAL SERVICES, INC.
NYCE PAYMENTS NETWORK, LLC
NAVY F.C.U. 406095
EDUCATORS C.U. 414871
ROYAL C.U. 477778
473905 VISA ALTRA F.C.U.
435722 VISA FIVE STAR C.U.
429420 VISA DIGITAL F.C.U.
480344 VISA PADUCAH F.C.U
423568 VISA SAN DIEGO COUNTY C.U.
449624 VISA COUNTY F.C.U.
410461,VISA,ARGENT F.C.U.
513382 4FRONT C.U MASTERCARD
400789 A A F.C.U.
487066 A C P E F.C.U
468859 ENERGY ONE F.C.U. VISA
411565 ETMA F.C.U
473185 FARMERS C.U
415783 GWINNETT F.C.U
481903 GWINNETT F.C.U
401356 HOPE F.C.U.
470119 HUD F.C.U (top bin for 5k in goods and gifts)
424236 ROSE CITY F.C.U top bin
402100 RTP F.C.U.
418442 RVA C.U.
540934 TINKER F.C.U top bin
405356 ZIA C.U
441301 VISA CORNERSTONE COMMUNITY F.C.U.
527812 MASTERCARD FISERV SOLUTIONS, INC.
473905 VISA ALTRA F.C.U.
460275 VISA AMERICA FIRST F.C.U.
492295 VISA CARTASI S.P.A.
475824 VISA AMERICA FIRST F.C.U.
414817 VISA BESSER C.U.
403240 VISA FREEDOM C.U.
473915 VISA SECURITY F.C.U.
475869 VISA IDAHO CENTRAL C.U.
449654 VISA FRANKlan-SOMERSET F.C.U.
473905 VISA ALTRA F.C.U.
435722 VISA FIVE STAR C.U.
429420 VISA DIGITAL F.C.U.
480344 VISA PADUCAH F.C.U
423568 VISA SAN DIEGO COUNTY C.U.
449624 VISA COUNTY F.C.U.
441301 VISA CORNERSTONE COMMUNITY F.C.U.
527812 MASTERCARD FISERV SOLUTIONS, INC.
473905 VISA ALTRA F.C.U.
460275 VISA AMERICA FIRST F.C.U.
492295 VISA CARTASI S.P.A.
475824 VISA AMERICA FIRST F.C.U.
414817 VISA BESSER C.U.
403240 VISA FREEDOM C.U.
473915 VISA SECURITY F.C.U.
475869 VISA IDAHO CENTRAL C.U.
They work according to the bill=ship adress, that is, on CH. Regarding the shop, it is difficult to find a gift that the buyer will take. You can write to the buyer in advance and find out whether they will take such a gift or not. Or there is a second option: independent sale - forums, exchanges, your own channel, etc.
You specify your own email address, and the gift will be sent to it. Regarding email, do not use ru email addresses, as they will not be sent. Domain .com.
There is a complex merch called cashstar wgiftcard, which comes from the company Blacknetfork. There may be two or more fraud systems there.
Cashstar is complex; it may or may not work. It doesn't matter what browser you use. Antique or regular Chrome.
wgiftcard - from the same company, but the merchandise is simpler.
There are complex merchandise where you need to check your email for high rep.
Check your email at https://emailrep.io It is better to look for and buy ready-made soapboxes with a high reputation. But there is another trick here. You need to check the BG holder. Find their email and try to register. The thing is, if you don't show activity in your email, they get deleted. But in the BG records, this information remains. Trust will be higher + this method is good if you work with self-registrations (I'll write about this sometime too).
Selling GIFs.
1. Through specialised services, e.g. https://www.giftcardspread.com, with payment to self-registered PP.
2. Directly by posting ads on forums.
3. Through buyers on our or foreign thematic boards.
4. Popular GIFs can be exchanged directly for bitcoins.
5. Sale through American forums.
Stocking up. Hitting with GIFs:
When we hit a GIF, we remember the state from which we hit it. It is better to write it down.
When we have the GIF, we look for a drop from that state. We take its name and address.
We connect socks to the drop zip - we warm up social networks - we warm up the shop.
We hit according to the billing=shipping scheme, but we set the payment method as gift. Our email. (sometimes a valid card is needed)
It is better to give the gift to the buyer or cash it out as quickly as possible. Because if a charge comes, the gift card may be reset to zero.
It may be that the gift card was purchased in California, but you enter Texas. The shop may see this and not send the order - they will reset the gift card to zero. But you can also determine this through trial and error.
Physical gift cards look a little different:
- card number and PIN code
To purchase such a gift card, it is better to use drop addresses. This is because many shops know the addresses of intermediaries, and they are blacklisted. Also, not all intermediaries accept such cards.
The advantage is that such gift cards are rarely cancelled.
The downside is that you need to find a drop with an address that accepts such gifts.
123
Last edited by a moderator:
