- Joined
- May 15, 2016
- Messages
- 19,040
- Likes
- 2,614
- Points
- 1,730
Let's face it guys, even if you are a pro, there are those occasions when you scratch your head and wonder what you did wrong after you burnt your CVV down to a crisp. Your OPSEC was perfect, got a strong Socks5 proxy, ATOed the account, etc. but the transaction still did not go through.
Now, I'm not claiming that my recent findings will provide the holy grail of answer to your demise (the study on this subject will be ongoing and will post updates here periodically). But recently, after conducting some experiments I have learned new information that shed light to some of the questions behind my past failures. Specifically, I have been playing around with several popular anti-fraud detection software that many of the online vendors implemented to accept payments over the net. Maxmind, FraudLabs, Arbutus, Fraud.net Guardian, Fair Issac Falcon Fraud Manager, and Oracle Bharosa are the ones I've been playing with. I created a shell company and signed up for a trial at each service providers.
Although the way in which each software places weight or emphasis on certain factors varies, the difference across all software were negligible. In other words, they reach the same ultimate conclusion regardless of how each factors are weighted (if a potential buyer is a low risk, the rating given by each software will be different, but the buyer will still be deemed low risk and, therefore, allowed to check out without a hitch).
Here are my preliminary observations:
1) Socks5 Proxy, VIP72.org - I stopped using VIP72.org for some time now. But to those of you who still think VIP72 is essential to your carding, think again. Based on the results I got, even when you select a proxy that is damn near close to your target's billing address, it won't matter. Why? Because all anti-fraud detection programs have detected VIP72 proxies as proxies, particularly a high-risk of fraud proxy. That's right, because significant portion of carders use VIP72 as a must have tool for carding, the industry wised up and ultimately flagged ANY ip generated by VIP72 as a high-risk.
Specifically, proxy rating varies from 0 to 3 for all software I tested. But each time I used VIP72, all software unanimously flagged VIP72 as a high risk of fraud and gave a proxy rating of 3 which raises a red flag regardless of what you enter in the other fields.
The final risk score is generated by each software and this score ranges between 0 and 99 with 0 being no-risk (even most legitimate transactions won't get a score of 0). If the information you entered on the web form results in a risk score of 20 or less, this almost always results in an automatic processing without the need for a manual review by a person. The need for manual review tends to vary among different vendors but in most cases, the software providers recommend a manual review on any transactions that scored around 50. Anything above 70 can be considered fraudulent and it is safe for a vendor to decline a transaction (and same goes for the card issuing bank) without the worry of it being a false-positive.
WHEN I USED VIP72, THE RISK SCORE NEVER WENT BELOW 83. Take this bit of information as you will. I personally found greater success by using my OpenVPN and signing into a server that is closest to the target's billing location. While the distance from where the transaction is being entered to the actual location of the billing address is a big factor when assessing the overall risk of the transaction, it certainly didn't come close to the level that VIP72 triggered, Getting a proxy score of 3 nullifies any other genuine attempt to make a purchase.
To those of you who don't know, there are three levels of proxy anonymity with 1 being the most anonymous. VIP72, I believe, is level 3. It literally shouts out to the anti-fraud detection systems that "hey, I'm committing a fraud".
2) Email address - I didn't think this played much in terms of calculating the final risk score but it turned out that if combined with other factors, such as proxy score, it can increase the score exponentially.
While pros have emphasized the importance of obtaining an email address from a private domain or one that is not free, that's just a good recommendation. Not a necessity. But out of all free email accounts you create, Yahoo generated the lowest score consistently. Gmail, Outlook, and Mail.com all scored relatively high.
In addition, if you kept using the same damn email for your carding spree, the anti-fraud detection program flags it as a "carder email". Combine that with a factor "free email?" tends to increase the risk rating dramatically.
Interesting finding - .edu email accounts tend to cut through the risk rating quite well. And if the school where the .edu was issued is a prestigious institution, such as one of the Ivy Leagues, the school reputation helps to reduce the risk rating dramatically. As an experiment, I first entered a query using VIP72 and maxed out the risk rating to 99. Then I went back and changed the email to my Alma mater (yea, it's one of the Ivy Leagues) and the risk rating suddenly dropped to 36!
3) The distance between the BIN and the billing address. It is not as intuitive as to why this plays any role in assessing the fraud risk score but think carefully and you will see why it makes sense. In short, if the billing address is located far away from the bank that had issued the CC, the risk score increases. This is beyond your control as a carder. Luckily, it is not as detrimental as the two other factors I just mentioned.
4) Myth - the longer the distance between the billing address and the delivery address, the higher chance of your transaction being declined. Uh, I call BS. Well, maybe just a little.
The real emphasis is placed on the distance between where the transaction is coming from and where the actual billing address is. Absent VIP72 and strictly using my VPN, I entered a query of my target located in Dallas, TX while I set the delivery address as somewhere in New York (that's almost half the distance between the Western and Eastern edges of this big ass country). I used a new, free, email account and entered the rest of the details accordingly.
The final risk score was 16, which in most cases, will result in an automatic processing and approved for shipment.
I'd like to know if any of y'all scums found this info useful. JK.
No, but seriously. I will continue to delve into this area further to gain additional insights for my personal use, but if you guys found what I wrote somewhat useful, vouch or press the "like" so that I know how y'all feeling.
Peace.
Now, I'm not claiming that my recent findings will provide the holy grail of answer to your demise (the study on this subject will be ongoing and will post updates here periodically). But recently, after conducting some experiments I have learned new information that shed light to some of the questions behind my past failures. Specifically, I have been playing around with several popular anti-fraud detection software that many of the online vendors implemented to accept payments over the net. Maxmind, FraudLabs, Arbutus, Fraud.net Guardian, Fair Issac Falcon Fraud Manager, and Oracle Bharosa are the ones I've been playing with. I created a shell company and signed up for a trial at each service providers.
Although the way in which each software places weight or emphasis on certain factors varies, the difference across all software were negligible. In other words, they reach the same ultimate conclusion regardless of how each factors are weighted (if a potential buyer is a low risk, the rating given by each software will be different, but the buyer will still be deemed low risk and, therefore, allowed to check out without a hitch).
Here are my preliminary observations:
1) Socks5 Proxy, VIP72.org - I stopped using VIP72.org for some time now. But to those of you who still think VIP72 is essential to your carding, think again. Based on the results I got, even when you select a proxy that is damn near close to your target's billing address, it won't matter. Why? Because all anti-fraud detection programs have detected VIP72 proxies as proxies, particularly a high-risk of fraud proxy. That's right, because significant portion of carders use VIP72 as a must have tool for carding, the industry wised up and ultimately flagged ANY ip generated by VIP72 as a high-risk.
Specifically, proxy rating varies from 0 to 3 for all software I tested. But each time I used VIP72, all software unanimously flagged VIP72 as a high risk of fraud and gave a proxy rating of 3 which raises a red flag regardless of what you enter in the other fields.
The final risk score is generated by each software and this score ranges between 0 and 99 with 0 being no-risk (even most legitimate transactions won't get a score of 0). If the information you entered on the web form results in a risk score of 20 or less, this almost always results in an automatic processing without the need for a manual review by a person. The need for manual review tends to vary among different vendors but in most cases, the software providers recommend a manual review on any transactions that scored around 50. Anything above 70 can be considered fraudulent and it is safe for a vendor to decline a transaction (and same goes for the card issuing bank) without the worry of it being a false-positive.
WHEN I USED VIP72, THE RISK SCORE NEVER WENT BELOW 83. Take this bit of information as you will. I personally found greater success by using my OpenVPN and signing into a server that is closest to the target's billing location. While the distance from where the transaction is being entered to the actual location of the billing address is a big factor when assessing the overall risk of the transaction, it certainly didn't come close to the level that VIP72 triggered, Getting a proxy score of 3 nullifies any other genuine attempt to make a purchase.
To those of you who don't know, there are three levels of proxy anonymity with 1 being the most anonymous. VIP72, I believe, is level 3. It literally shouts out to the anti-fraud detection systems that "hey, I'm committing a fraud".
2) Email address - I didn't think this played much in terms of calculating the final risk score but it turned out that if combined with other factors, such as proxy score, it can increase the score exponentially.
While pros have emphasized the importance of obtaining an email address from a private domain or one that is not free, that's just a good recommendation. Not a necessity. But out of all free email accounts you create, Yahoo generated the lowest score consistently. Gmail, Outlook, and Mail.com all scored relatively high.
In addition, if you kept using the same damn email for your carding spree, the anti-fraud detection program flags it as a "carder email". Combine that with a factor "free email?" tends to increase the risk rating dramatically.
Interesting finding - .edu email accounts tend to cut through the risk rating quite well. And if the school where the .edu was issued is a prestigious institution, such as one of the Ivy Leagues, the school reputation helps to reduce the risk rating dramatically. As an experiment, I first entered a query using VIP72 and maxed out the risk rating to 99. Then I went back and changed the email to my Alma mater (yea, it's one of the Ivy Leagues) and the risk rating suddenly dropped to 36!
3) The distance between the BIN and the billing address. It is not as intuitive as to why this plays any role in assessing the fraud risk score but think carefully and you will see why it makes sense. In short, if the billing address is located far away from the bank that had issued the CC, the risk score increases. This is beyond your control as a carder. Luckily, it is not as detrimental as the two other factors I just mentioned.
4) Myth - the longer the distance between the billing address and the delivery address, the higher chance of your transaction being declined. Uh, I call BS. Well, maybe just a little.
The real emphasis is placed on the distance between where the transaction is coming from and where the actual billing address is. Absent VIP72 and strictly using my VPN, I entered a query of my target located in Dallas, TX while I set the delivery address as somewhere in New York (that's almost half the distance between the Western and Eastern edges of this big ass country). I used a new, free, email account and entered the rest of the details accordingly.
The final risk score was 16, which in most cases, will result in an automatic processing and approved for shipment.
I'd like to know if any of y'all scums found this info useful. JK.
No, but seriously. I will continue to delve into this area further to gain additional insights for my personal use, but if you guys found what I wrote somewhat useful, vouch or press the "like" so that I know how y'all feeling.
Peace.
Last edited: