FULLZ: This is someone’s entire data cluster and it’s what is used to create bank

drop accounts, and for setting up payment processors on fake online stores. This
could also be used for many different things such as conducting an ATO (Account-
Take-Over) on someone’s bank account, opening new lines of credit under their name,
and much more. Fullz are extremely valuable information to us and in fact a
NECESSITY to be able to open bank drops. Fullz usually comprise of Background
Checks, Credit Reports, Credit Scores, Full Names, Addresses, Social Security
Number (SSN), Date of Birth (DOB), Driver’s License Numbers, and more.

CVV: This can either be someone’s full credit card details, or someone’s full debit
card details. CVV is simply a fraud slang for credit/debit card details, there’s
not much to it. We can use these details to “card” information on someone online,
such as background or credit reports that can be used for various purposes such as
opening bank drops and conducting an ATO (Account-Take-Over) on the victim’s bank
account, or we can use these CVV details to order physical/digital products that
will be sent to a drop address.

CVV DUMPS: A credit card dump, is an unauthorized digital copy of all the
information contained in the magnetic strip of an active credit card, created with
the intention of illegally making a fake credit card that can be used by
cybercriminals to make purchases. Credit card dumps are used by fraudsters to
capture valuable card data such as the card number and expiration date. These can
be obtained in a number of ways. The most popular method nowadays is “skimming”, a
process in which an illegal card reader is used to copy the data from a credit
card. Other methods include hacking into a retailer’s network or when a malware-
infected point-of-sale device is unwittingly used by a retailer, sending the
information to the criminals.

DUMPS SERVICE CODE: Many fraudsters think that there are only 2 types of dumps, 101
and 201. The truth is there are many other types of dumps. Carders usually work
with either 101 or 201 but the majority will prefer 101. This is known as the
SERVICE CODE of a dump. The service code contains 3 characters and you can find a
dump service code just by looking at a dump, regardless of the fact if it has both
TRACK1+TRACK2 or just TRACK2. Example, let’s say we’re looking at the dump 4256
746500930321=1402101700102054. The service code of this dump is 101, which is
located right after the expiration date of the card, which in this case is 1402
(FEB 2014). The value of the service code determines where the cards are suitable
to be used and in what way. Below is a detailed explanation of each service code
available today.

First digit (usage variables):

- 1xx: Worldwide use, usually doesn’t have a smart chip.
- 2xx: Worldwide use, does have a smart chip and required to use smart chip if the
card reader reads the chip
- 5xx: National use, a list of regions can be allowed by the bank (often called
region
locks).
- 6xx: National use, a list of regions can be allowed by the bank but required to
use
smart chip if the card reader reads the chip
- 7xx: Only useable according to what has been agreed with the bank
Second digit (authorization)
- x0x: Normal authorization, normal usage.
- x2x: Contact issuing bank.
- x4x: Contact issuing bank, exceptions rules by bank.
Third digit (services that the card can be used for):
- xx0: Can be used for anything, require PIN.
- xx1: Can be used for anything without PIN.
- xx2: Can be used to buy goods or pay a service, cannot retrieve cash, PIN not
required.
- xx3: ATM only ,PIN required.
- xx4: Cash only, PIN not required.
- xx5: Can be used to buy goods or pay a service, cannot retrieve cash. PIN
required
- xx6: No restrictions to use, will ask for PIN when possible.
- xx7: Can be used to buy goods or pay a service, cannot retrieve cash. PIN
required when possible.

AVS & NON-AVS: AVS stands for Address Verification System. This is a system used to
verify the address of a person claiming to own a credit card. The system will check
the billing address of the credit card provided by the user with the address on
file at the credit card company. AVS is used by mostly all merchants in the US,
Canada, and UK. Because AVS only verifies the numeric portion of the address,
certain anomalies like apartment numbers can cause false declines; however, it is
reported to be a rare occurrence. AVS verifies the numeric portions of a
cardholder’s billing address. For example, if the address is 101 Main Street,
Highland, CA 92346, United States, AVS will check 101 and 92346. Cardholders may
receive false negatives, or partial declines for AVS from e-commerce verification
systems, which may require manual overrides, voice authorization, or reprogramming
of the AVS entries by the card issuing bank. Cardholders with a bank that does not
support AVS may receive an error from Internet stores due to lack of data. All
countries besides UK, US & Canada, are NON-AVS.

VBV & NON-VBV: This is an XML-based protocol designed to be an additional security

layer for online credit and debit card transactions. VBV stands for Verified by
Visa. This is used to validate the card holder’s identity and prevent fraudulent
transactions. It works by asking for additional information either from the card
holder directly or by analyzing data behind the scenes to see if the purchase fits
the usual payment behavior. When a website and a card have Verified by Visa, a
message box pops up on screen after you have entered the Visa card details. You are
then asked to identify yourself with your Verified by Visa password or a code sent
to your phone. What you need to do at this stage varies but your bank will tell you
about the method they use and what they expect from you. If you don’t notice the
VBV message box appearing but instead see a revolving wheel, all the security
associated with VBV is still happening but in the background. And you don’t need to
do anything. The bank is verifying the purchase by making background checks to see
that everything is at it should be. Any Visa card that does not have the above
feature in place, is known as NON-VBV and you should ultimately look for NON-VBV
cards instead of VBV, because as you can see this verification process is a huge
hassle.

BIN: Bank Identification Number. This is the first four to six numbers that appear
on a credit card. The bank identification number uniquely identifies the
institution issuing the card. The BIN is key in the process of matching
transactions to the issuer of the charge card. This numbering system also applies
to charge cards, gift cards, debit cards, prepaid cards and even electronic benefit
cards. This numbering system helps identify identity theft or potential security
breaches by comparing data, such as the address of the institution issuing the card
and the address of the cardholder. The first digit of the BIN specifies the Major
Industry Identifier, such as airline, banking or travel, and the next five digits
specify the issuing institution or bank. For example, the MII for a Visa credit
card starts with a 4. The BIN helps merchants evaluate and assess their payment
card transactions. After submitting the first four to six digits of the card, the
online retailer can detect which institution issued the customer’s card, the card
brand (such as Visa or MasterCard), the card level (such as corporate or platinum),
the card type (such as debit card or a credit card), and the issuing bank country.
BINs can be check through the websites below.
MASTERCARD SECURECODE (MCSC): MasterCard SecureCode is very much similar to Visa’s
VBV. It is a private code for a MasterCard account that gives the card holder an
additional layer of online shopping security. Only the card holder and the
financial institution know what the code is, merchants are not able to see it.
Fortunately, the majority of MasterCard cards do not have this security in place.

AMERICAN EXPRESS SAFEKEY: This is one of the least used security measures around,
and it is not even available in the United States. However, it is the same thing as
MasterCard SecureCode and Visa’s VBV.

SSN: Social Security Number. This is a nine-digit number issued to U.S. citizens,
permanent residents, and temporary (working) residents in the United States.
Although its primary purpose is to track individuals for Social Security purposes,
the Social Security number has become the national identification number for
taxation and other purposes. SSN is frequently used by those involved in identity
theft, since it is interconnected with many other forms of identification, and
because people asking for it treat as an authenticator. Financial institutions
generally require an SSN to set up bank accounts, credit cards, and loans-partly
because they assume that no one except the person it was issued to knows it.

MMN: Mother’s Maiden Name. This is the name of someone’s mother BEFORE they got
married, that is, her name with her original family name (or “surname”), the name
she used when she was a girl and a young woman. “Maiden” here means “unmarried
woman”. So “maiden name” refers to a woman’s name when she was still an unmarried
woman. In many cultures, when a woman gets married, she takes the family name of
her husband’s family, so her name changes. Example, let us say your mother’s name
was Mary and she was born into the Smith family. Her maiden name would be “Mary
Smith”. Then, let us say, she married your father, whose name was Tom Jones. When
she married him, she became Mary Jones. That is her married name, but her maiden
name will always be Mary Smith. This is one of the most important aspects to
conducting successful transactions online for high value products, as most banks
ask this as a security question for making any
changes to the account.

DOB: Date of Birth. This is one of the most important pieces of information you can
get on your victim. The reason for that because with the date of birth, full name
and hometown, you can easily find the person’s SSN. And also because you need this
information if the bank ever asks you for it.

MAIL DROP: A mail drop is a location where you are able to freely receive illegal
products that were either carded, or drugs. You never want to use your own house
for these purposes as it will bring a lot of headache for you in the future. With a
mail drop, you can use it let’s say a month, and never show your face there again.
This will make extremely hard for any law enforcement official to track you down
and arrest you or conduct an investigation into your life.

BANK DROPS: Bank drops are bank accounts that are opened specifically for the
purpose of storing your dirty funds. Once you open them, you can decide whether you
wish to withdraw the funds directly from the account as cash by going to the bank
ATM, or possibly clean them with specific methods, and only after cleaning them,
cashing them out (my preferred method and much safer). It is important to mention
also, that all bank drop accounts, are opened ONLY with the information of someone
else (aka FULLZ), so there is absolutely no possibility of these dirty funds ever
being traced back to your real identity. To open one of these bank drop accounts,
you will usually require the person’s DOB + SSN + DL + BACKGROUND CHECK + FULL
CREDIT REPORT + MVR/DRIVING RECORD for maximum success.

WEB/ONLINE WALLETS: This is a program or web service that allows users to store and
control their online shopping information, like logins, passwords, shipping address
and credit card/bank details, in one central place. It also provides a convenient
and technologically quick method for consumers to purchase products from any person
or store across the globe. Such examples of web wallets are PayPal, Google Wallet,
and Venmo. We can use such wallets for many purposes that will be discussed in
further guides.

PROXY SCORE: When it comes to fraud detection, finding proxies is a big topic.
Fraud detection begins with thinking intelligently about the IP address associated
with a transaction. Where is that IP address, and how does that location relate to
other transaction data? Whereas most IP addresses inspire confidence, those
associated with a proxy generate suspicion. As the name suggests, a proxy acts as
an intermediary, passing requests from one computer to other servers. But although
there are legitimate uses of proxies, fraudsters are well known to use proxies.
Detecting proxies comes with two challenges. The first is how to recognize an IP
address as a proxy. The second is how to distinguish a “good” proxy from a “bad”
one; since by definition, a proxy is merely an intermediary, a proxy is not high
risk in and of itself. To consider how best to address these challenges, it’s
helpful to look to the primary goal of ecommerce fraud detection: thinking
intelligently about the IP address associated with a transaction in order to assess
risk. Fraud detection uses transaction data as the basis for this thinking and risk
assessment. Using this data and analysis, they’re able to gain insight into the
kind of traffic on a particular IP address. The Proxy Score, is a summary of risk
associated with an IP address. You want this to be as low as possible (0.80 MAX).
Anything above 0.80, you should move on and look for another proxy as that will
lead to a declined transaction 70-80% of the time. You can check your proxy score
on the websites below. Ideally you want the lowest proxy score that you can find, I
have used RDPs with a proxy score of 0.01 many times.

FRAUD SCORE: Every online transaction is given what is called a “Fraud Score”. This
is a number ranging between 0 and 999. It gives the merchant a number from which he
can determine if a given transaction is fraudulent or not. Transactions that are
given high fraud scores (over 300), are placed under manual verification by an
agent, who will decide if they contact the cardholder or let it through. Scores
over 500 with auto-decline, will block the card and an agent will immediately
contact the cardholder. Some banks have different criterias but certain things that
can affect the fraud score are:

• Comparison with the usual spending pattern of the cardholder

• Location of the charge
• Amount
• Risk factor associated with the merchant

For example, a $15.56 charge in the cardholder’s local Walmart will not trigger
anything, while a purchase of $2000 on Newegg will have an extremely high fraud
score and probably auto-decline if the cardholder rarely makes purchases online.

RISK SCORE: This is a percentage given to each transaction that ranges from 0.00%
to 100.00%. The factors that determine this score are whether an IP address, email,
device and proxy used are high risk or low risk. This is determined by fraud
systems that websites have in place such as MaxMind, which establishes the
reputations of IP addresses, emails, geolocation and other parameters. This should
always be checked before purchasing an RDP. Anything above 1.00% will lead to
declined transactions most of the time.

MAC ADDRESS: Whether you work in a wired network, or a wireless one, one thing is
common for both environments. It takes both network software and hardware (cables,
routers, etc.) to transfer data from your computer to another-or from a computer
thousands of miles away to yours. In the end, to get the data you want right to
YOU, it comes down to addresses. So not surprisingly, along with an IP address,
there’s also a hardware address. Typically, it is tied to a key connection device
in your computer called the network interface card, or NIC. The NIC is essentially
a computer circuit card that makes it possible for your computer to connect to a
network. An NIC turns data into an electrical signal that can be transmitted over
the network. Every NIC has a
hardware address that’s known as a MAC, for Media Access Control. Where IP
addresses are associated with TCP/IP (networking software), MAC addresses are
linked to the hardware of network adapters. A MAC address is given to a network
adapter when it is manufactured. It is hardwired or hard-coded onto your computer’s
network interface card (NIC) and is unique to it. Unfortunately, a MAC address can
be used by law enforcement in combination with Internet Service Providers, to find
someone’s true location and consequently his identity. Further in this guide I will
explain how to mitigate this risk.

RDP: Remote Desktop Protocol. This is a protocol developed my Microsoft, which

provides a user with a graphical interface to connect to another computer over a
network connection. You can for example, be using a Linux machine, and connect to a
Windows 7 RDP. RDPs are absolutely essential to conducting a successful fraudulent
transaction, especially HACKED RESIDENTIAL RDPs. The reason for that is because
these RDPs are from a REAL PERSON, with a REAL LOCATION/IP, and REAL COMPUTER and
BROWSER FINGERPRINT. They will exponentially increase your success rate. They will
also be discussed in more detail further in this guide.

SOCKS5: This is a proxy server that allows us to fake our real location. This is
very good if let’s say, we have a credit card with a billing address in Miami, we
can use a SOCKS5 near the billing address in Miami so that the website we are
conducting the fraudulent transaction in doesn’t raise our fraud score because the
transaction is being conducted in another state/far away from the credit card’s
billing address as this will lead to a declined transaction most of the time.

VIRTUAL MACHINE: This is an emulation of a computer system. Virtual machines are

based on computer architectures and provide functionality of a physical computer.
They allow you to run an operating system using an app window on your desktop that
behaves like a full, separate computer. The most used software for virtual machines
are respectively, Virtual Box and VMWare. Unfortunately, they are not as reliable
as using an RDP, but they are very good to CONNECT to an RDP, so as to leave no
traces on your original computer. Windows and OS X are still not reliable enough in
the aspect of leaving no traces, as the virtual machine in these operating systems,
will leak information to the host OS, and consequently leave a lot of illegal
evidence/traces on your computer that could later be used as potential evidence in
an investigation. However, you should never let it get to that point the first
place.

CARD HOLDER: The owner of the CVV that we’re using to conduct the fraudulent
transaction.

BILLING ADDRESS: An address directly attached to a CVV. This is where the card
holder’s bank sends his bills, hence the name BILLING.

SHIPPING/MAILING ADDRESS: An address used exclusively to receive mail. Most

websites do not allow transactions to be accepted if the billing address on a
credit card and the shipping address provided to the website are different.

PAYMENT PROCESSORS: A payment processor is a company (often a third party)

appointed by a merchant to handle transactions from various channels such as credit
cards and debit cards for merchant acquiring banks. They are usually broken down
into two types: front-end and back-end. Front-end processors have connections to
various card associations and supply authorization and settlement services to the
merchant banks’ merchants. Back-end processors accept settlements from front-end
processors and, via The Federal Reserve Bank for example, move the money from the
issuing bank to the merchant bank. In an operation that will usually take a few
seconds, the payment processor will both check the details received by forwarding
them to the respective card’s issuing bank or card association for verification,
and also carry out a series of anti-fraud measures against the transaction.
Additional paraments, including the card’s country of issue and its previous
payment history, are also used to gauge the probability of the transaction being
approved. Once the payment processor has received confirmation that the credit card
details have been verified, the information will be relayed back via the payment
gateway to the merchant, who will then complete the payment transaction. If
verification is denied by the card association, the payment processor will relay
the information to the merchant, who will then decline the transaction. Such
examples of payment processors are Square, PayPal, Stripe and Flint.

PAYMENT GATEWAYS: This is a merchant service provided by an e-commerce website that

authorizes credit card or direct payments processing for e-businesses, online
retailers, or traditional brick and mortar stores. The payment gateway may be
provided by a bank to its customers but can be provided by a specialized financial
service provider as a separate service. It facilitates a payment transaction by the
transfer of information between a payment portal (such as a website, mobile phone
or interactive voice response service) and the front-end processor or acquiring
bank. Here’s how a typical transaction plays out.
1. A customer places an order on a website by pressing the “Submit Order” or
equivalent button, or perhaps enters their card details using an automatic phone
answering service.
2. If the order is via a website, the customer’s web browser encrypts the
information to be sent between the browser and the merchant’s webserver. In between
other methods, this may be done via SSL encryption. The payment gateway may allot
transaction data to be sent directly from the customer’s browser to the gateway,
bypassing the merchant’s systems. This reduces the merchant’s Payment Card Industry
Data Security Standard compliance obligations without redirecting the customer away
from the website.
3. The merchant then forwards the transaction details to their payment gateway.
4. The payment gateway converts the message from XML to ISO 8583 or a variant
message format and then forwards the transaction information to the payment
processor used by the merchant’s acquiring bank.
5. The payment processor forwards the transaction information to the card
association (e.g. Visa/Mastercard/AMEX). If an American Express or Discover Card
was used, then the card association also acts as the issuing bank and directly
provides a response of approved or declined to the payment gateway. Otherwise, the
card association routes the transaction to the correct card issuing bank.
6. The credit card issuing bank receives the authorization request, verifies the
credit or debit available and then sends a response back to the processor with a
response code (approved or denied). In addition to communicating the fate of the
authorization request, the response code is also used to define the reason why the
transaction failed (e.g. insufficient funds, or bank link not available).
Meanwhile, the credit card issuer holds an authorization associated with that
merchant and consumer for the approved amount. This can impact the consumer’s
ability to spend further (because it reduces the line of credit available or it
puts a hold on a portion of the funds in a debit account).
7. The processor forwards the authorization response to the payment gateway.
8. The payment gateway receives the response, and forwards it on to the website (or
whatever interface was used to process the payment) where it is interpreted as a
relevant response then relayed back to the merchant and cardholder. This is known
as the Authorization or “Auth”
9. This entire process typically takes 2-3 seconds.