d0ctrine
Diamond
- Joined
- 17.08.24
- Messages
- 74
- Reaction score
- 478
- Points
- 53
A Newcomer's Fraud Dictionary To everyone starting out in carding you might feel lost in the sauce with all the jargon and terms being thrown around. I get tons of basic questions about carding terminology in my inbox every day. So I put together this no-bullshit dictionary focused on the fundamentals. No fluff or filler - just straight facts about the key concepts and terms handpicked by yours truly. This list will help you learn the basics while avoiding the parasites and scammers in the scene. I will be updating it regularly to keep the info fresh since there are simply too many terms to list all at once. See something missing outdated or just plain wrong? Just reply to add more info. The more knowledge we share the stronger we get. Lets get it.
Online Carding
- CC - A payment card (debit or credit) issued by banks that lets people make purchases. Contains important data like card number expiration date and security code
- CVV - The card verification value is a 3-4 digit security code found on the back of cards. Also used to refer to a credit card that includes this security code
- CCN - Credit card number without the CVV security code. Used on sites with lower security or for certain subscription services
- Fullz - Complete identity information package including name address SSN DOB and other personal details needed to verify identities. Essential for opening accounts and verifying purchases
- Proxies - Servers that forward traffic to hide real IP address. Essential for avoiding detection when making purchases and accessing sites
- Socks - Type of proxy that routes traffic through the SOCKS protocol. More secure than regular HTTP proxies.
- Residential Proxies - IP addresses from real homes and ISPs that mask location. Most effective for avoiding detection since they look like real users
- RDP - Remote desktop protocol lets you control another computer from anywhere. Used to access virtual machines for carding from clean IPs
- VPN - Virtual private network encrypts your internet traffic and hides your real IP address. Basic protection but not as good as residential proxies
- Bins - Bank identification numbers are the first 6-8 digits of a card that identify the issuing bank and card type. Different bins have different success rates and sensitivities.
- Enrolls - Cards with online banking access that can be registered to bank accounts. Requires SSN and specific BINs to sign up. Allows viewing transactions and some BINs let you change billing address
- AVS - Address verification system used by merchants for certain countries (US,CA,UK,etc) to check if billing address matches card records. Important security measure which means you need accurate billing information to process transactions.
- Visa Alerts - Notification system that sends text/email alerts for card transactions. Useful for low-value transactions that need minicode
In-Store Carding
- Cloning - Process of copying card data onto blank cards to create physical duplicates. Requires dumps MSR and proper encoding settings
- MSR - Magnetic stripe reader device reads and writes card data to magnetic stripes. Used to create physical cloned cards from dumps
- EMV - Chip cards contain a secure microchip that makes them harder to clone than magnetic stripe cards. Most modern cards use EMV technology.
- Dipping - Dipping a cloned card multiple times to force terminal to use magstripe instead.
- NFC - Contactless payment technology in cards lets you tap to pay. Mostly used on phones with data stored digitally.
- Skimmer - Device installed on card readers to steal card data when cards are swiped. Common on ATMs and gas pumps
- POS - Point of sale terminal processes card payments at stores. Some terminals are more vulnerable to attacks than others
- ATM - Automated teller machines dispense cash and accept deposits. Popular target for skimmers and shimming devices
Antidetection
- Antidetect - Browser software that generates unique fingerprints to appear as different users. Needed to avoid browser fingerprinting detection
- Antifraud - Security systems that detect and block fraudulent transactions. Uses AI machine learning and risk scoring to identify suspicious patterns
- Fraud Score - Numerical value assigned to transactions based on fraud likelihood. Higher scores mean higher chance of being blocked
- Fingerprint - Unique combination of browser settings and data that identifies users. Includes canvas fonts plugins and other data points that need to be spoofed
- Canvas - HTML5 feature that renders graphics. Sites use canvas fingerprinting to identify users so antidetects must randomize canvas data
- WebRTC - Web protocol that can leak real IP address even with VPN. Must be disabled or properly configured in antidetect browsers
- Leaks - Various browser features that can reveal true identity. WebRTC DNS and other leaks must be patched
- Cookies - Small text files stored by browsers that contain login sessions and preferences. Stealing cookies can bypass 2FA and access accounts without passwords
Marketplace Terms
- Escrow - Trusted third party service holds funds until both buyer and seller complete a transaction. Protects against scams but escrow services can exit scam too
- PGP - Pretty Good Privacy encryption protects messages and files from being read by others. Essential for secure marketplace communications
- Opsec - Operational security includes all practices to stay anonymous and avoid detection. Includes using secure communications VPNs and proper opsec habits
- Drop - Shipping address that cant be traced back to you for receiving purchases. Usually abandoned houses or services
- Method - Specific technique or process for committing transactions successfully. Good methods are closely guarded and sold for high prices
- Logs - Stolen login credentials and session data from hacked accounts typically through malware. Can include banking email and shopping accounts
- Sauce - Working method that consistently generates profits. Finding reliable sauce takes trial and error
- Burner - Temporary disposable phone number or email used to register accounts. Should only be used once then discarded
- RAT - Remote access trojan malware gives hackers control of infected computers. Used to steal credentials and data
- Vendor - Seller on dark web marketplaces who offers cards dumps or fraud tools. Reputation and reviews are important
- Exit Scam - When a marketplace or vendor suddenly disappears with everyones money. Always keep minimum balance in markets
- BTC - Bitcoin cryptocurrency used for most dark web purchases. Somewhat traceable so needs to be properly mixed
- XMR - Monero cryptocurrency focuses on privacy and untraceability. Preferred over Bitcoin for maximum anonymity
- Pros - Business identities and information packages sold on marketplaces. Contains EIN numbers business credit profiles and other data needed for business fraud and applying for loans/credit cards. High credit scores most valuable for loan fraud
- CPN - Credit profile number is a nine-digit number used instead of SSN to apply for credit. Created through various methods and sold on marketplaces. Used to take out loans open credit cards and build alternate credit profiles
- Stimmys - Government stimulus payments sent during emergencies like COVID-19. Targeted using stolen identities to claim multiple payments
- CR - Credit reports showing detailed history and scores. Used to verify business credit profiles and find high-value targets
- Scans - High quality scans of ID documents bank statements and utility bills. Essential for verifying identities and passing KYC
- Slips - Checks money orders and deposit slips used for bank fraud. Quality scans needed for successful deposits
Card Stuff
- Dump - Raw magnetic stripe data containing card details in track1/track2 format. Used to create physical cloned cards
- PIN - Personal identification number needed for debit card purchases and ATM withdrawals. Usually 4-6 digits
- Balance - Amount of money available to spend on a card. Check balance before purchasing to avoid declines
- Limit - Maximum amount that can be charged to a card. Higher limits are more valuable but attract more attention
- Issuer - Bank that issued the credit card and processes its transactions. Different issuers have different security measures
- 3DS - 3D Secure is an authentication protocol that adds an extra security layer for online card payments. Requires additional verification through bank apps or SMS codes
- VBV - Verified by Visa is Visas version of 3DS. More commonly used as general term for any 3DS verification
- MCSC - Mastercard Secure Code protection for online transactions. Similar to VBV requires additional verification
- AMEX Safe - American Express SafeKey verification system for online purchases
- Auth - Authorization code proves a transaction was approved. Different auth codes mean different things.
- Decline - Failed transaction due to insufficient funds fraud detection or other issues. Too many declines burn cards faster
- ZIP - Billing zip code must match card records for address verification. Important part of cardholder data
- DOB - Date of birth of cardholder needed for verification. Part of fullz data used to verify identity
- MMN - Mothers maiden name is a common security question for card verification. Included in quality fullz
- SSN - Social security number uniquely identifies US citizens. Critical part of fullz used for identity verification
- Checker - Tool that tests if cards are valid and active. Essential for verifying card status before use
- Auth check - Small test charge to verify card works. Usually $1-2 that gets refunded
- Simple check - Basic card check charge. Higher success rate but can give false positives
- Refund - Methods to get money back from merchants after receiving goods. Social engineering and fake tracking numbers common tactics
Banking
- Bank Drop - Bank account opened with fake or stolen identity to receive fraudulent transfers. Needs proper setup and maintenance to avoid closure
- SWIFT - International bank transfer system used to move large amounts between banks. High value target but heavily monitored
- Wire - Bank transfer between accounts usually domestic. Faster than ACH but has higher fees and scrutiny
- ACH - Automated clearing house transfer system for US bank transactions. Takes several days but less monitored than wires. Essential for large bank fraud schemes
- Bank Logs - Stolen online banking credentials with account access. Quality logs have good balance and minimal security
- Zelle - Bank-to-bank transfer service for sending money instantly. Critical tool for bank fraud due to instant transfers and hard to reverse. Popular but risky due to verification
- Cashapp - Payment app that can link to bank accounts. Used to cash out amounts with less scrutiny
- Bank Method - Specific technique for successfully getting money from bank accounts. Methods vary by bank and account type
- Bank Login - Credentials to access online banking portals. More valuable with higher balances and business accounts
- EMT - Electronic money transfer system used by banks. Methods exist to bypass recipient verification and send to any account instantly
- Load - Process of sending stolen funds to bank accounts under fraudster control. Usually done through online banking access for later cashout
- CU - Credit union accounts with lower security than major banks. Easier targets for fraud.
Spamming
- Spam - Mass sending of unsolicited messages for fraud or scams. Used to get bank logs credit cards accounts and spread malware. Success depends on volume and avoiding detection
- Mailer - Software like AMS (Advanced Mass Sender) used for spam campaigns. Requires SMTP leads letter templates and proxy support
- SMTP - Simple Mail Transfer Protocol server that transmits emails. Private SMTP servers needed to send mass spam campaigns reliably
- Proxy - Server that forwards traffic to hide real IP address. Essential for avoiding spam detection and blacklists
- Leads - Email lists or phone number lists containing potential spam targets. Quality leads of active emails/active phones improve success rates
- Letter - Fake email template that mimics legitimate companies. Edited to trick victims into clicking phishing links
- Blast - Large spam campaign targeting many victims at once. Success needs good leads templates and sending setup
- Warmup - Process of gradually increasing spam volume to avoid detection. New IPs and domains need proper warmup
- Blacklist - List of blocked IPs and domains known for spam. Getting blacklisted stops spam campaigns
- Spamtrap - Fake email address used to detect spammers. Hitting spamtraps gets IPs blocked fast
- Cpanel - Hosting control panel used to host phishing pages. Hacked cpanels needed since legit hosts block phishing sites
- PHP Mailer - PHP script alternative to AMS tools for sending spam. Requires proper hosting and SMTP setup
General Terms
- Opsec - Operational security includes using secure communications protecting identity and avoiding mistakes. Good opsec keeps you safe and profitable
- Resold - Cards resold on multiple marketplaces. Have high chance of being dead and blacklisted due to multiple buyers using them. Avoid unless price is very low
- KYC - Know Your Customer verification required by banks and some sites. Typically requires ID and selfie etc
- Burn - When a method stops working due to patches or detection. All methods eventually burn so diversify approaches
- Clean - Card or method that hasnt been used yet. Clean cards have highest success rates
- Hot - Flagged by fraud detection systems for suspicious activity
- Dead - Card or method that no longer works at all
- SE - Social engineering manipulates people into giving up sensitive information or access or allowing certain things to happen. Uses psychology and deception rather than technical hacks
- Fresh - New unused cards or methods with no fraud history. Best chances of success with fresh stuff
- Cashout - Process of converting stolen funds into clean cash. Many methods like purchases gift cards and bitcoin
- Linkable - Cards that can be easily added to digital payment apps like Cashapp Apple Pay or Google Pay. Often sold at premium but high risk of being fake or already linked. Many rippers pretend to sell linkables. Verify first
- Reship - Service that forwards packages to final destination. Adds layer of protection for carded goods
- Receiver - Person who receives and forwards money for commission. Takes on risk of detection
- Phishing - Creating fake websites to steal login credentials and card details. Common way to get fresh cards
- Scamshops - Online storefronts designed to steal credit card details. Spread through ads and fake deals. Look legitimate but only exist to collect card data
- Botnet - Network of compromised computers controlled remotely. Used for getting logs and DDoS attacks
- Loader - Person who specializes in sending fraudulent transfers and payment links to cash out cards/bank accounts.
Ripper Terms
- Flash Transactions/Crypto Flashing - Fake blockchain exploit that claims to multiply cryptocurrency transactions. Scam method sold by rippers that doesnt actually work on any blockchain network. Common ripoff targeting new users
- EMV Clone - Methods that claim to enable EMV chip cloning for specific banks/BINs. Outdated scam that dont work in modern EMV systems. Commonly sold by rippers despite being useless
- WU Transfers - Western Union transfer scam where rippers claim to have exploits in WUs system. They ask for payment upfront promising to send larger amounts back through Western Union. Classic decades-old scam that never works but still commonly used to target new users
- More to be added soon...
