How i carded myself

After talking to some carders, one told me directly to try carding.

Not a bad idea the magnetic strip always intrigued me, so i've started to think like a carder obviously
without the goal to harm people..
Here are some research made by others i've found/learn from:
La face cachée des tickets RATP (French article)
Explication de la sécurité des bandes magnétiques (French article)
RATP Hacking (French also)
22C3: Magnetic Stripe Technology
Lecture de bandes magnétiques DIY (French)

I've also buy two French ebooks:

A good French television report about skimming "Encore + d'action Arnaques aux faux papiers :
révélations sur un scandale"

So... let's start.

Firstly to be familiar with the magnetic strip, i've buy a MSR605:
20 blank cards was with my MSR:

A card to clean the MSR (i don't know what that look like)
Writing a card:
Carder asking question about the MSR605:

The Msr206 is mainly used/recommended by carders because of it popularity and due to encoding
softwares.
My Msr605 is compatible Msr206, so i profit of it for do a 'fast' review of "The Jerm" a software coded by
carder, for carders:
Settings:

Tracks generator:
Bank Card:

Reconstruct:
There is even a help file:
I was hmm "wow cool he made this because orginal software sucks" so i've do the same for fun.
First time i use the MSComm control of Visual Basic :)

Source code here: http://planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=74498&lngWId=1

I've also view this software on a carding forum and still made in Visual Basic:

How tracks work ?

I've searched a bit and found a clear explanation here is a copy/past:
There are actually up to three tracks on a card.
Track 1 was designed for airline use. It contains your name and usually your
account number. This is the track that is used when the ATM greets you by
name. There are some glitches in how things are ordered so occasionally you do
get "Greetings Bill Smith Dr." but such is life. This track is also used with
the new airline auto check in (PSA, American, etc)
Track 3 is the "OFF-LINE" ATM track. It contains security information as your
daily limit, limit left, last access, account number, and expiration date.
(And usually anything I describe in track 2). The ATM itself could have the
ability to rewrite this track to update information.
Track 2 is the main operational track for online use. The first thing on track
to is the PRIMARY ACCOUNT NUMBER (PAN). This is pretty standard for all cards,
though no guarantee.
Example of Track1:
B4888603170607238^Head/Potato^050510100000000001203191805191000000
Example of Track2: 4888603170607238=05051011203191805191

Usually only track1 and track2 are needed to exploit the ATM card.
Let us examine track1.
Take the Credit Card account number from Track 2 in this example it
is:4888603170607238 and add the letter "B" in the front of the number like
this B4888603170607238 then add the cardholder name YOU want to show on the
card B4888603170607238^Head/Potato^(Last name first/First Name)next add the
expiry date and service code (expiry date is YYMM in this case 0505,and in
this case the 3 digit service code is 101 so add 0505101 ,
B4888603170607238^Head/Potato^0505101
No add 10 zero's after service code:
B4888603170607238^Head/Potato^05051010000000000
Next add the remaining numbers from Track2 (after the service code)
B4888603170607238^Head/Potato^050510100000000001203191805191
and then add six zero's (6) zero's
B4888603170607238^Head/Potato^050510100000000001203191805191000000 this is
your Track 1
Track 1:B4888603170607238^Head/Potato^050510100000000001203191805191000000

REMEMEBER THIS IS ONLY FOR VISA AND MASTER CARD(16digits) , AMEX HAS 14
DIGITS, this doesn't work for Amex

FORMAT FOR TRACK2

CC NUMBER: YYMM (SERVICE CODE)(PVV)/(CVV)
Here is the Fleet's credit track2 dump:
4305500092327108=040110110000426
we see card number, an expiration date, 1011 - service code, 0000 is the place
for pvn (but it is absent!), and at least 426 is the cvv (do not mix with
cvv2)
Now let's take a look on MBNA's track2 dump:
4264294318344118=04021010000044500000
here we see the same - no pvn's and other verification information -just a
cvv.

As clearly shown above it is possible to generate track1 from track2 using the
method shown above. However track2 gen software automates the process.

So i't's simple i've already do a better app than DarkAngel in just 11 lines by just using String Functions of
VB:

If you wonder what 'disco' do on my MSR 605 Utils:

Well that cool, i've read my train tickets, bus, played with leds and shit's...
I've also buy an UV LED flashlight, to view holograms and stuff (i don't really need that but my friend got
owned last time):

Security guilloche visible by UV:

After this i've started a more serious project: build a skimmer.

I've do some search on how these device work, what's i need, where, etc...
And figured that making a skimmer was really simple, afterall it's just a simple magnetic swipe reader.
So i've searched on Google a website to buy electronics and found a Chinese company.
For 450$ i've buy the battery, and everything i need to read correctly and save datas of any magnetic cards.
(and the company have pay DHL)

450$ USD for just 0.200 kg of electronic is a bit expensive, but MSR material have a high cost.
And yeah, it's very small:
Also fun fact: when i received the package, they don't talk about MSR stuff but about USB cables:
These USB cables:

Although these cables looks like a standard mobile phone cable, it is not.
It contains a USB to Serial Port convertor and a custom pin layout, therefore it cannot be replaced by any
other cable made by other manufacturers.
Using other cables can dammage the electronic.

USB Charger Cable charging the battery:

There’s a red LED flickering when the battry is not found.
Once connected, the red LED will be light, when the LED will turn off, it means the battery is full.

Now, the main problem was to get ATM plastic.

Firstly i've thought to build a RepRap and then build my plastic with (a RepRap is a free desktop 3D
printer)
Some carders also wanted me to buy their plastics, the prices of one guys:
100$ NCR over anti MCIR
80$ Wincor nano2
100$ Diebold
150$ NCR round
+ DHL 80$, and minimum order: 5 pieces.

For me, that was clearly not possible, to cooperate with a criminal so i've searched another option.
And finally i've found a guys (Once again from China) who can sell me heatpressed Wincor plastic for the
cheap price of 66.11$ (DHL included)
It's the original ATM anti-skimming part, not the skimmer version.
but carders have already adapted the work to skim anti-skimmer:
I've asked the guys who sell this for picture he sent me this:
MSR stuff:

Let's have a look on the electronic CD, a software is provided.

For the first use they ask us a password who can be changed later:
Card dump saved on the electronic:

A video is probably better so...

The price of a complet skimmer are really high on carders forums, when carders on underground forum
sell skimmers for ~2000$ i've made myself one (sure it can't be used) for just 516.11$ price is divided by
3.
I can also buy a camera and shit's but i've stopped here (what's i will do with all this material after?)
For the video i thinked to a key chain spy camera:

Take the circuit board and hide it behind a fake visa sticker on the ATM ?
There is another solution if the guys try to cover the pin: fake atm keyboard.
Yeah... it's hard to stay safe these days..

Interview with a guys who work for the French governement (thanks again!):
• Quel est le chiffre en France sur la fraude a la carte bancaire s’il y en
a ?
A: Selon le rapport annuel d'activité de l'Observatoire de la sécurité des
cartes de paiement, le montant total de la fraude à la carte bancaire s’est
élevé à 413,2 millions d’euros en 2011.
La fraude par internet connaît le plus fort taux d’augmentation (une étude de
l’UFC que Choisir de février 2012 a révélé que, chaque minute, un paiement
frauduleux serait réalisé sur Internet en France).

• Combien de carders on été arrêté en France en 2011 ou depuis le début de

l’année ?
A: Depuis 2012, trois grandes affaires ont été recensées en France concernant
l’arrestation de carders :

Avril 2012 : Un groupe de cybercriminel originaire d’Europe de l’Est (des

Estoniens, des Lituaniens, des Lettons, des Géorgiens et un Tchétchène) est
arrêté sur la Côte d’Azur. Ces derniers achetaient sur des forums underground
les données contenues dans les pistes magnétiques des cartes bancaires. Ces
données piratées étaient ensuite encodées dans des cartes bancaires vierges.
Grâce à ces cartes bancaires contrefaites, le groupe criminel réalisait des
achats de grandes valeurs dans l’industrie du luxe (notamment à Cannes). Près
de 900 transactions, correspondant à un montant d'environ 200 000 euros ont pu
être comptabilisées par l’OCLCTIC.

Juin 2012 : L'OCLCTIC arrête une quinzaine de ressortissants du Nigéria,

accusés d'avoir causé d'importantes pertes financières à la SNCF.
Le mode opératoire du groupe était simple : acheter en ligne des billets SNCF
avec des numéros de cartes bancaires piratés puis les revendre directement sur
des sites spécialisés dans l'offre de voyages discount.
Des investigations sur ce groupe criminel ont permis de découvrir que ces
derniers commandaient également de nombreux produits de luxe en ligne, dont la
revente leur procurait de confortables revenus.

Juillet 2012 : Le serveur d'un restaurant, doté d’une excellente mémoire

visuelle, mémorisait les détails des numéros des cartes bancaires de ses
clients puis les revendait à des complices dans la région parisienne.
Des achats frauduleux étaient alors réalisés sur Internet, le préjudice total
étant estimé à près de 500 000 euros.
Néanmoins, les 300 utilisations frauduleuses recensées pourraient être
beaucoup plus nombreuses, car de nombreux clients étrangers n'ont pas porté
plainte.
De telles escroqueries se multiplient en France, mais la réponse pénale reste
encore insuffisante.

• En France ce type de criminalité est-elle en expansion ?

A: La cybercriminalité étant en constante évolution au niveau mondial, ce type
de criminalité ne fait, par expansion, que progresser en France.

• En général est-ce que les carders sont faciles à attraper ?

A: Plusieurs facteurs empêchent d’identifier et d’arrêter les carders :
- Manque de coopération internationale (certains cybercriminels sont réfugiés
dans de véritables « paradis numériques »)
- Difficulté d’identification (les carders bénéficient de multiples outils
leur permettant de s’anonymiser totalement = proxy, VPN, serveur offshore)
- Difficulté d’accéder ou de récupérer un nombre de preuves suffisantes à
l’encontre du carder.

• La plupart des carders opérant en France sont-ils d’origine française ?

A: Oui et non : des carders d’Europe de l’Est ou de certains pays d’Afrique
(Nigéria, Cameroun, Côte d’Ivoire) opèrent directement en France, car cela
leur permet de mener leurs méfaits beaucoup plus facilement.
Cependant, tous les carders ne sont pas étrangers, une fréquentation de forums
cybercriminels ayant permis de relever une présence française non négligeable.
De plus, un important revendeur de numéros de cartes bancaires se faisait
passer pour un citoyen russe a pu être identifié comme de nationalité
française.
Exemple ci-dessous d’une copie d’écran issue de certains de ces forums :

• Avec le dédouanement de colis en France et ce que beaucoup de fausse

carte/skimmer sont stoppés avant utilisation ?
A: De nombreuses annonces proposent l’achat de skimmer ou fausse carte
bancaire, livrables partout dans le monde. Il est très probable que la plupart
de ces colis ne soient pas interceptés par les douanes, ces dernières ne
vérifiant d’un infime pourcentage du nombre de colis arrivant de l’étranger
sur le territoire français (seul 2 à 3% des colis sont contrôlés).

• Certains vendent des faux papiers (en général fausse CNI/Permis de conduire)
risque-t-il plus qu’un carder ?
A: La fabrication et l’usage de faux documents administratifs (carte
d'identité, certificat de nationalité, passeport,...) est punis d’une peine de
5 ans de prison et/ou de 80.000 euros d’amende.

Le fait d'accéder ou de se maintenir, frauduleusement, dans tout ou partie

d'un système de traitement automatisé de données est puni de deux ans
d'emprisonnement et de 30000 euros d'amende.
Lorsqu'il en est résulté soit la suppression ou la modification de données
contenues dans le système, soit une altération du fonctionnement de ce
système, la peine est de trois ans d'emprisonnement et de 45000 euros
d'amende. (Article 323-1 du Code Pénal)

Est puni des mêmes peines le fait, commis de mauvaise foi, d'intercepter, de
détourner, d'utiliser ou de divulguer des correspondances émises, transmises
ou reçues par la voie des télécommunications ou de procéder à l'installation
d'appareils conçus pour réaliser de telles interceptions. (Article 226-15
paragraphe 2 du Code Pénal)

• Concernant la bande démantelée surprise en train de braquer un distributeur

de la caisse d’épargne avec une ‘fourchette’, maintenant que la faille sur les
distributeurs NCR a été dévoilée, le pire est à venir ?
A: Pour le moment, aucune solution ne semble avoir été trouvée afin de mettre
fin à ce stratagème.

Les banques n’ont pas communiqué sur le montant réel de leurs pertes, certains
articles de presse ayant avancé le chiffre de un million d’euros
(invérifiable).

• Est-il légal de cloner sa carte bancaire pour avoir un double ?

A: Certainement pas = cloner sa carte bancaire pourrait être assimilé à un
délit de contrefaçon.

• La technologie RFID a tel de l’avenir dans le carding ?

A: Énormément = cf cet article de presse

http://www.01net.com/editorial/571737/le-scandale-des-nouvelles-cartes-
bancaires/

Un français a pu faire la démonstration de cette impressionnante faille de

sécurité (Renaud Lifchitz)

• Après les distributeurs automatiques est-ce que les pompes à essence sont
les plus visées par les skimmers ?
A: Les pompes à essence sont en effet une cible de choix, car elles échappent
à toute surveillance (il est aisé d’y déposer un skimmer et de venir le
récupérer en toute discrétion).

• Les cameras dôme anti-vandale placé à côté des distributeurs sont-elles

réellement dissuasives ?
A: Dissuasive dans une certaines mesure car le cybercriminel risque d’être
identifié par la caméra. Cependant, ces derniers envoient généralement un
tiers récupérer l’argent à leur place dans les distributeurs automatiques,
échappant ainsi à tout risque d’identification.

Les « volontaires » acceptant de prendre le risque peuvent garder un

pourcentage significatif de la somme retirée.

• Est-ce que les bandes magnétiques ne sont pas un peu dépassées comme
technologie depuis le temps ?
A: Elles sont dépassées dans la mesure beaucoup d’informations sensibles y
sont stockées (nom du titulaire de la carte/PAN/date d’expiration). Cependant,
pour des soucis de retro compatibilité les bandes magnétiques sont pour le
moment conservées.
Cf document =
http://rafale.org/~mattoufoutu/ebooks/Rafale-Mag/Rafale03/Rafale3.01.HTML

• Est-ce que j’ai plus de chance de me faire piéger par un terminal de point
de vente compromis ou par un distributeur automatique qui possède une fausse
façade ? ?
A: Par un terminal de point de vente compromis. La majeure partie des numéros
de cartes bancaires vendus sur Internet provient de terminaux piratés.

• Si on se fait agresser en retirant de l'argent, tapé sont code PIN à

l’envers permettrait de le signalé a la police, info/intox ?
A: Grosse intox :)

• Le phishing rapport -il plus que le cardage réel ?

A: Il est difficile de répondre à cette question, car certains carders ne
gagnent que quelques centaines d’euros par mois alors que d’autres des
millions. La problématique est le même pour le phishing, tout dépend de
l’importance avec laquelle une campagne de phishing sera propagée (combien de
boîtes mails par exemple).

• Un site qui possède une connexion SSL n’est pas plus sécurisé qu’un site qui
n’en possède pas ?
A: La connexion SSL permet de communiquer de manière confidentielle entre
l'utilisateur et le serveur Web. Elle empêche l'écoute passive ou active d'un
attaquant localisé sur le même réseau local que sa victime.

• Quel et le nom de la cellule de veille qui s’occupe de la fraude en France ?

A: L’Office Central de Lutte contre la Criminalité liée aux Technologies de
l'Information et de la Communication

• Un conseil quand on et face a un distributeur pour détecter si celui-ci

n’est pas compromis ?
A: De plus en plus de mesure de sécurité permettent de détecter
automatiquement lorsqu’un matériel inconnu est intégré à un distributeur de
billets. Néanmoins, les précautions d’usages doivent toujours être
respectées : taper son code PIN en cachant le clavier et vérifier qu’aucun
matériel suspect ne soit intégré dans la partie permettant d’insérer sa carte
bancaire.

English version:
• What are the statistics on bank card fraud in France, if there are any?
A: According to the annual activity report of the French Observatory for
Payment Cards Security, bank card fraud losses totalled €413.2 million in
2011.

Internet fraud has seen the biggest increase (a study by the French consumer
group UFC Que Choisir in February 2012 revealed that a fraudulent payment is
made online every minute in France).

• How many card fraudsters were arrested in France in 2011, or have been
arrested since the start of the year?
A: So far in 2012, there have been three major arrests of card fraudsters in
France:

April 2012: A group of cybercriminals from Eastern Europe (Estonians,

Lithuanians, Latvians, Georgians and a Chechen) were arrested on the French
Riviera. They were buying the data stored on the magnetic strips of bank cards
on underground forums. The stolen data was then transferred to blank bank
cards.
The criminal gang used the counterfeit bank cards to buy expensive luxury
goods, primarily in Cannes. Nearly 900 transactions, with a total value of
around €200,000, have been identified by the OCLCTIC [French Central Office
for the Fight against Crime Related to Information Technology and
Communication].

June 2012: The OCLCTIC arrested fifteen or so Nigerian nationals, who are
accused of causing the SNCF [France’s national state-owned railway company]
significant financial losses.
The gang’s modus operandi was simple: buy SNCF tickets online using stolen
card details and then sell them on websites specializing in low-cost travel.
Investigations into the criminal gang have revealed that they also ordered
large numbers of luxury goods online and earned a comfortable living from
selling them on.

July 2012: A restaurant waiter who has an excellent visual memory memorized
his customers’ card details and then sold them on to accomplices in and around
Paris.
Fraudulent purchases were then made online, causing losses estimated at nearly
€500,000.
However, there could be many more than the 300 fraudulent uses identified
because many foreign customers haven’t filed a complaint.
This kind of fraud is rising in France, but the criminal justice system is
still slow to respond.

• Is this type of crime on the increase in France?

A: As cybercrime is constantly increasing around the world, this type of crime
is, by extension, increasing in France.

• Are card fraudsters easy to catch generally?

A: There are several obstacles to identifying and arresting card fraudsters:
– Lack of international cooperation (some cybercriminals have fled to "digital
havens")
– Difficulty in identifying card fraudsters (they have access to several tools
that make them totally anonymous = proxy, VPN, offshore server, etc.)
– Difficulty in accessing or gathering enough evidence against card
fraudsters.

• Are most of the card fraudsters operating in France French?

A: Yes and no: card fraudsters from Eastern Europe or some African countries
(Nigeria, Cameroon and the Ivory Coast) operate in France because it’s much
easier for them to do their deals here.
However, not all card fraudsters are foreigners and visiting cybercriminal
forums reveals a French presence that’s not insignificant. What’s more, a
major seller of bank card details who claimed he was Russian was, in fact, a
French national.
Example below of a screenshot from one of these forums:
• With the customs clearance of packages in France, are many fake
card/skimmers stopped before being used?
A: There are lots of adverts selling fake cards or skimmers, which can be
delivered to anywhere in the world. In all likelihood, most of these packages
aren’t intercepted by customs as they only check a tiny proportion of the
packages coming into France from abroad (only 2 to 3% of packages are
checked).

• Do sellers of fake documents (generally identity cards/driving licences)

have more to lose than a card fraudster?
A: Making and using fake administrative documents (identity cards,
certificates of nationality, passports, etc.) is punishable by five years in
prison and/or a €80,000 fine.
Fraudulently accessing or using all or part of an automated data processing
system is punishable by two years in prison and a €30,000 fine.
If the data stored by the system is deleted or changed, or how the system
works is altered, the punishment is three years in prison and a €45,000 fine
(Article 323-1 of the French Penal Code).
The same punishment applies to intercepting, hijacking, using or disclosing
information that is generated, transmitted or received by telecommunications
carriers or installing devices designed for that purpose (Article 226-15
Paragraph 2 of the French Penal Code).

• About the gang caught robbing a Caisse d’Épargne cash machine with a fork,
now that the flaw in NCR cash machines has been made public, is the worst yet
to come?
A: At the present time, there doesn’t appear to be any way of stopping it.
Banks haven’t published their actual losses although some press articles have
put forward the figure of €1 million (impossible to verify).

• Is it legal to clone a bank card to have two copies?

A: Absolutely not = cloning a bank card could be considered counterfeiting.

• Will we see RFID technology in bank card fraud in the future?

A: Very much so = see this press article:
http://www.01net.com/editorial/571737/le-scandale-des-nouvelles-cartes-
bancaires/
A Frenchman has demonstrated this blatant security flaw (Renaud Lifchitz)

• After cash machines, are fuel pumps the biggest target for skimmers?
A: Fuel pumps are a popular target because they’re not watched (it’s easy to
install a card skimmer and then come back and collect it without being seen).

• Are the anti-vandal dome cameras placed alongside cash machines a real
deterrent?
A: Yes up to an extent, because there’s a danger that the cybercriminal will
be identified by the camera. However, they tend to send someone else to
collect the money from the cash machines for them, ruling out the risk of
being identified.
The "volunteers" agree to take the risk for a significant percentage of the
amount being drawn out.

• Aren’t magnetic strips a bit outdated as technology has improved?

A: They’re outdated insofar as lots of sensitive information is stored on them
(name of the cardholder/PIN number/expiry date). However, for compatibility
reasons magnetic strips are being kept on for the time being.
See the document =
http://rafale.org/~mattoufoutu/ebooks/Rafale-Mag/Rafale03/Rafale3.01.HTML

• Do I have more chance of being caught out by a compromised payment terminal

in a shop or a cash machine with a false front panel?
A: By a compromised payment terminal in a shop. Most of the bank card details
sold online come from pirated payment terminals.

• Fact or fiction: if you’re threatened whilst drawing out money, putting in

your PIN code backwards will alert the police?
A: Big fat fiction :)

• Does phishing bring in more money than actual bank card fraud?
A: It’s difficult to answer that question because some card fraudsters only
earn a few hundred euros a month whilst others get millions. It’s the same
problem for phishing because everything depends on the scale of the phishing
(how many inboxes, for example).

• Is a website with an SSL connection more secure than a website without one?
A: An SSL connection provides secure communications between the user and
server. It prevents a hijacker on the same local network as the victim from
gaining access or taking over.

• What’s the name of the authority monitoring fraud in France?

A: The OCLCTIC [French Central Office for the Fight against Crime Related to
Information Technology and Communication]

• How can we tell if a cash machine has been compromised?

A: More and more security measures automatically detect when unusual devices
are attached to a cash machine. Nevertheless, we should still take the same
precautions when using one: shield the keypad when you enter your PIN number
and check that nothing suspicious looking has been stuck onto the card slot.
I've also asked my bank advisor if i can interview her about credit card/skimming general but she was
embarrassed, so i've leave.

A surprise when i've go to my bank:

I think it's more a dysfonctionnement than a skimming failure, the bank was closed so i got no answer.

For information, when a carder want to use French hacked cards, they don't do it in France.
They go to Italia because French atm require a chip (http://en.wikipedia.org/wiki/Smart_card).
See 'Interview with a carder' for more infs (http://www.xylibox.com/2012/01/interview-with-carder.html)
After there is something called Basic Card® but i've not looked how i can copy the chip for the moment, i've
just read some docs on Multi-System & Internet Security Cookbook and that all.
For my 'skimmer' i will just keep it on my cybercrime object collections.
And i will probably have a look on RFID technology if my contract of employment will be renewed...

Sorry for my lame English if there is mistakes, take me long to write this and especially to translate the
interview i've did.
Broken ATM photo by Mike Hillman.
Posted by Steven K at 12:46
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Labels: bank, blank card, card, Carder, Carding, Diebold, fraud, Guilloche, how, how i carded
myself, Interview, MCIR, msr, NCR, skim, Skimmer, spy, track1 generator, Wincor, Xylibox
25 comments:
1.

Anonymous14 October 2012 at 13:19

Thanks!
I've learned a lot here!
Reply

2.

jetlag7314 October 2012 at 13:34

Excellent and Informative. Merci beaucoup!

Reply
3.

Anonymous14 October 2012 at 14:19

Excellent post, internet need more guys like you

Reply
4.

Zetha14 October 2012 at 15:20

Interesant ;)
Reply
5.

Damien14 October 2012 at 16:04

Excellent papier, bravo.

Reply
6.

Anonymous15 October 2012 at 09:48

Fantastic post.
Reply
7.

Nickname15 October 2012 at 23:25

Nice post dude ! par contre attention quand même niveau loi tout ça ;)
Reply
8.

Z0vsky16 October 2012 at 10:02

 Nice paper mate! That was quiet informative and instructive.
Thanks a lot and keep publishing
Reply
9.

Anonymous16 October 2012 at 22:22

Very interesting! Thank you for this article! :D

Reply
10.

Anonymous18 October 2012 at 05:43

Super article ;)

Je me suis toujours posé une question.

Est-il possible de fabriquer les 3 tracks à partir des données volées sur internet par un
malware (numéro, expiration, cvv..) ?

Parce que dans les webinjects de Zeus par exemple, on peut voir qu'il ajoute dans le
formulaire d'une banque "pin code" et j'ai jamais compris pourquoi il voulait récupérer
cette information...
En effet le pin code sert juste à retirer/dépenser de l'argent avec sa CB, non ?

Merci pour celui qui pourra m'expliquer ;)

Reply

11.

Steven K18 October 2012 at 19:26

Thanks guys.
@Anonymous: Y'a pas de track 3 pour les CB.
Par contre si ta le numéro/expiration/cvv c'est largement assez pour passez des
commandes.
Si tu cherche des infos en français sur le track1/2 de la CB:
http://www.rafale.org/zineonline/online/Rafale3/Rafale3.01.HTML
Reply

12.

Unknown26 October 2012 at 09:21

Superb article,You covered atmost all part of fields in hacking,Great job

Reply

13.

Unknown28 February 2013 at 18:03

 If one was to get there hands on a couple of dumps. Hypothetically speaking, could they
reprogram a visa gift-card with it and not require a pin. Using the visa gift-cards original
pin. Could that work?
Reply
Replies

1.

Steven K28 February 2013 at 22:10

they don't need pin, with dumps they go to usa or similar country who have
terminals who don't require pins. (you just have to swipe the card for pay)
Reply

14.

Steven K28 February 2013 at 22:11

cf this link: http://www.xylibox.com/2012/01/interview-with-carder.html
interesting interview of a carder.
Reply
15.

Anonymous11 June 2013 at 15:25

where can i download the jerm software from?

Reply
16.

Anonymous16 August 2013 at 12:25

i like your blog

Can have the link to download MSR206 Utility Program v1.76 by TheJerm
Reply
17.

Anonymous23 August 2014 at 15:57

noboy say anything about amex ..so this is harder to fraud ..i will get amex ..all the
scamers can do master and visa ..:))
Reply
18.

McAbby4 January 2015 at 04:15

Hello guys,you will agree with me that real hackers don't charge high for their
services,and don’t always share their contact publicly,because they do commit
crimes,which makes them wanted, i have been rip many times online,by different people
who called them self hackers:
Alboraaq Rip me 300$
 Cardingmafia Rip me 350$
Blackstuff Rip me 150$
Cvv-verifiedsellers Rip me 50$
Jshop Rip me 100$
Bigshop Rip me 30$
Alnighthacker Rip me 200$
Slim carder Rip me 30$
Matt index cardex Rip me 56Gbp
Carder impossible Rip me 25$
I've been ripped by these idiots,until i was introduce to an unknown hacker in blackhat
hackers forum by the admin,30% of the members deal with him,i contacted him to test
him with 150$ for 1000$ Money Gram transfer and it went well i receive my cash, and i
also did transfer of 5000$ in my second deal with him it also went well, Now I'm doing
paypal transfer deal with him presently,he is very legit hacker, 5 stars for him,i
recommend him to you guys,feel free to contact him and to deal with him
[email protected] http://blacklordhackerz.blogspot.com / His new created
blog

Thank you blacklord,my wife called me that she picked the cash after the very day we
made the deal,As for me i know you we never... fail me,after three days I just receive a
notification about a new deposit in my acct,You're good man
Reply
19.

Anonymous25 January 2015 at 01:58

Love reading this!

Reply

20.

Unknown28 October 2015 at 13:12

stven sir
plz tell me
how to buy track1+track2 with pin????
which shop,seller trusted????
Reply
21.

Anonymous27 February 2016 at 15:34

http://blacklordhackerz.blogspot.com liar !! he is 100% SCAM !

Reply

22.

Unknown1 March 2016 at 17:38

Good
Reply
23.
 Anonymous7 April 2016 at 01:35

Why does it add a question mark and a semicolon to my track 2

Reply
24.

Anonymous13 September 2016 at 01:03

Nothing about EMV cards with PINS though..... Plain white cards are old news we need
more info about how to extract track1+track2 onto a EMV card.
Reply