CLASS STARTING RIGHT NOW

Conventionally, the act of carding can be reduced to preparing material and

transmitting data to a store or service, but in fact, like we have discussed in
previous classes, there are anti-fraud systems — a real minefield containing a lot
of filters of a technical, statistical and behavioral nature. In a broader sense,
"carding" is a collective term of many parameters and actions.
It is wrong to rely entirely on the technical part only, because in addition to the
"valid/invalid" patterns, both the user's psychology and circumstances beyond our
control or the older are involved in the process. While not easy to account for,
having an overview of the process can expand the boundaries and fill in the gaps.
In an area where every detail can somehow provoke financial losses, learning about
the subtleties and working on mistakes in advance is no less of a significant
contribution to the activity than, for example, good material. The basis of this
lecture is the study of the components of the process, prerequisites and causes of
failure.
Let's first dive into the material.
Of course, material is one of the key parameters in the job, but this alone is not
enough. The card can be limited by credit limits, technical design or modest
balance. The technical side of the issue, as a rule, is learned by experience, and
the main variables are:
• VALIDITY – Working material, of course, first over everything. Please keep in
mind that “validity” does not ensure an unlimited number of tries for a specific
CC. A huge number of payment attempts, a frankly bad user profile (IP, SYSTEM),
checkers, and a suspicious order can ruin a good material or, at least, cause
various checks to be conducted, which will be described below. Moreover, already
limited material can lead to failure, even if the material is “alive”. You can
reliably make sure that the card is working only by calling the bank or using
specific material such as ENROLL. Simply put, the basic verification methods
absolutely in every single episode should not be trusted.
• VBV and its variants (MCSC MASTERCARD, AMEX SAFEKEY) – In the course of working
with VBV cards, being unprepared in this matter will become a problem if the
material is limited to such a system. However, you can change the password with
knowledge of the owner’s data, based on the BIN.
• PROBABILITY & SPEED OF CHARGEBACK – This leads to cancellation of a successful
transaction. It usually happens automatically immediately, but when the owner
intervenes, the time depends on his activity, the type of notifications about
spending (periodic statements, online access, SMS text..) and the bank’s speed: if
necessary, for example, for a transaction with VBV, a call to the bank may be
required to verify identity and authorize the transaction.
• To a certain extent, the balance can be estimated using the type and level of the
card: DEBIT, CREDIT;CLASSIC, PREMIER, GOLD, PLATINUM, and so on. It is believed
that PLATINUM CC are often higher in credit limits than CLASSIC DEBIT CARDS, but
this is more of an observation than an actual pattern, so this factor should not be
ruled out.
The above characteristics converge under a common label – BIN list. And certain
BINs, similar to, for example, addresses, due to the actions of other buyers or
fraudsters, can be marked as a risk factor or even be on the blacklist of stores
and anti-fraud systems. In addition, what works today may fail tomorrow.
As you can probably see, there is a development of events in which outwardly good
material becomes dead weight, therefore, working material is by no means a
guarantee of success.
Expanding on the masking topic, let's dwell on the session configuration: IP
ADDRESS, SYSTEM & BROWSER.
First, let’s briefly refresh our memory. IP ADDRESS: BLACKLISTS, ISP, DNS, PING,
PORTS; SYSTEM: USER-AGENT, FINGERPRINTS; BROWSER: PLUGINS, ANTIDETECT, COOKIES.
Apart from what has been said in previous lectures about these topics, it is worth
bringing up some details regarding the current subject of discussion – practice.
However, it is very important to keep in mind that the then and now settings are
not mutually exclusive. And dirty IP addresses, questionable fingerprints, and even
more so security principles do not lose their relevance, but only complement the
bigger picture.
The first detail we should pay attention is the distance between the ZIP code of
the IP address we’re using and the ZIP code of the CC. For example: if the ZIP of
the card is “97401”, then the IP address should be as close as possible – 97401,
9740*, 974** and so on. An increase in the distance will affect the attitude of
anti-fraud systems.
https://www.freemaptools.com/distance-between-usa-zip-codes.htm
You can also use this website to calculate the distance of the ZIP
Alas, the geolocation of IP addresses named by anonymity check websites can be
strikingly different from the stores’ own information about the customer’s
location, up to tens and hundreds of miles. This is due to different sources of
information, moreover, the databases are updated daily.
Stores often offer auto-filling of some data such as ZIP, CITY, STATE. Thus, it is
better to focus on their performance, where possible – first check, then search for
material with a suitable location.
For reference: when choosing a setup, you should start with an IP address – it’s
easier than finding pure IP access for the card location. An exception is the
search for a specific material (for example, BIN), in this case you are forced to
do the inverse order.
The second detail is the system and statistics. Obviously, we are not alone in
shopping. Over time, configurations wear out, overlaps with other fraudulent orders
begin to appear, which leads to the need of changing characteristics, stores,
actions, directions – in other words, changing the “approach”.
The field of carding is in constant change, and in order to always keep your finger
on the pulse of events, you need to continue to experiment or you will be left
behind.
The third is the browser. This includes the actions of the client prior to visiting
a store. Among other things, many stores automatically check the registration of
social networks on the client’s email: Google, LinkedIn, Instagram, Facebook and
others. The specific list of searched websites may differ depending on the anti-
fraud system, but Facebook & Instagram are usually the benchmark.
Rationale: Firstly, various anti-fraud systems note the presence of mechanisms for
checking the client’s social networks in their arsenal; secondly, in the
conditions of using the social networks themselves, there is the possibility of
transferring some information about users to third parties, for example,
advertisers.
It is not necessary to fill in accounts with information and photos, since in a
normal situation there is no manual assessment, but with automatic accounts
themselves play in favor of the image of a normal client. Also, you can establish
the fact of authorization in the browser: https://browserleaks.com/social -- an
example.
Another aspect that positively affects the portrait of the client is the imitation
of the behavior of an ordinary person. By surfing the web, clicking on relevant
(from the perspective of the owner of the website) advertisements and consciously
searching for goods or services, one can play along with large analytical companies
and advertising managers.
The latter will collect information about the user, then, perhaps, through the
chain of analytics and advertising, it will go to popular websites, thereby
reinforcing the illusion. We specify the actions: choosing local stores,
restaurants, clinics, viewing articles, media, well-known catalogs, registering on
third-party websites, and so on.
Strictly speaking, this will kill two birds with one stone: fill in your own
cookies, and mimic the behavior of the average client. Obviously, the
implementation requires an already configured setup. When all the preparations are
done, it remains to visit the desired store, but there is something to pay
attention to.
The way a customer enters the store is tracked to collect statistics and analyze
the effectiveness of a particular advertising integration (from the store’s point
of view, this is a traffic source). Surely at least once met a survey on how you
found the website – proof that stores are interested in this. A few examples:
BROWSER HOME PAGE > STORE
SEARCH > STORE
SOCIAL NETWORKS, ADVERTISING ON WEBSITES, COUPON OR CASHBACK
SERVICES, MAILING TO EMAILS > STORE
The most non-obvious and unexpected ways are an additional stone in the foundation
of the entire image of the client
MODE OF ACTION
The next stage is the behavior in the store or service. Before describing it, it
should be emphasized that there is no formula for success – each individual
indicator is in a “suspended” state and changes depending on the circumstances,
services, stores, current settings and human factor.
At the same time, there are a number of popular technical and behavioral patterns
adopted by most anti-fraud systems. Let’s move on to the description.
The first part is general information about the client.
Once again, there is no need to talk about the unacceptability of “COPY/PASTE”,
because there are other errors in the area of unnatural behavior: chaotic switching
between tabs (for example, to use a translator) or amazing awareness a “New” client
has about all the functions and products of the website.
Long break between registration and purchase to increase store loyalty. Do not
break off at the last moment before ordering, having already tied the card, in
order to continue from the place a week later, but copy the adequate behavior of
people – studying the assortment, registering, choosing, comparing…
In general, such actions are variable and this includes the whole warm-up scenario.
It is useful to learn the following: “cardholders” are not an abstract term, they
are real, ordinary people. One will put himself VBV, the other will not; a third
person will go through dozens of websites before buying, or on the contrary, will
immediately make an order.
In the case when the true owner of the card has previously bought something or has
an account in a particular store, the chance of selling the material in it
decreases in proportion to a number of factors: the owner’s activity, his account
in the store, billing & shipping distance.
When the owner made purchases in a local store, on the Internet without
registering, or long enough for the time interval between the creation of the old
and new accounts to look natural, chances remain.
On the one hand, the customer’s knowledge of offline purchases says little about
his online activity, and the personality without registration is not so pronounced,
but if it happened, forget about the account of a particular store or its data, in
principle, a matter of everyday life, especially over time.
On the other hand, the activity itself plays a role: the dates and frequency of the
last visits, the type and amount of transactions, a selection from the assortment.
Obviously, a parallel session with the real owner or switching between cities in
short periods of time is something out of the ordinary.
A sharp change in preference from laundry detergents to laptops from the point of
view of an extremely sensitive bank, alone or together with other details of the
order, can affect the request for verifications and the life of the card in
general, since its customer information is deeper and more comprehensive than the
store’s anti-fraud system.
A simple example: the owner of the material in recent months only bought groceries
and clothes in stores or paid bills – in short, satisfied domestic needs. And then,
one day he bought a Rolex on the Internet. It is very likely that if you do not
block the card, then at least the bank can cancel the transaction immediately.
CUSTOMER TECHNICAL DATA
PURCHASE METHOD. In most stores, it is possible to place an order with the
registration of an account or checkout as a “guest”. Yes, the account will be
assessed as recent, not to mention the possibility that the owner of the card has
an account in the store (mainly if it is popular such as Amazon, Bestbuy, and so
on). On the other hand, the fact of registration can add loyalty.
Plus, a guest without an account is, in a sense, also a new, unverified user. In
other words, one or another idea of the client cannot be avoided, therefore the
result depends on the mood of the anti-fraud system and the totality of all the
details. Conclusion: it is pointless to get hung up, you need to strive to improve
the general opinion.
PAYMENT METHOD. Elapsed time since binding, number of cards, billing addresses,
payment attempts, changes in personal data; use of promotional codes, gift
certificates, filling the basket or “buy now” – all this to some extent gives an
impression of the client.
Paying on the tenth try or the third linked card will cast an immense shadow of
doubt, while a promo code or discount for mail left for distribution can contribute
to success. In practice, it is necessary to act within the limits of the norms of
behavior – “special” actions stand out against the background of the average buyer.
Typing is okay, copying and pasting your own name is not.
ORDER BY PHONE. Some stores provide an opportunity to place an order through an
operator by phone. It happens that a client cannot use the website due to technical
problems and turns to support, which independently enters all the information. The
store’s anti-fraud system does not evaluate the customer’s prints, but the method
itself is costly and suspicious.
ORDER CHARACTERISTICS AND CUSTOMER PERSONAL DATA
PRODUCT CATEGORY & PRICE. Certain positions and price thresholds in stores can be
treated with increased attention and the anti-fraud system filters can be adjusted
accordingly. It manifests itself in the form of a more serious assessment,
verification, manual verification. For example: gift certificates or a particularly
expensive product.
COINCIDENCE OF CHARACTERISTICS WITH OTHER ORDERS. First, it allows you to recognize
the client or detect multiple accounts; second, to compare the order with
fraudulent precedents. The signal can be: fingerprints, BINs, e-mails; personal
data such as addresses.
Crossing multiple parameters with fraudulent orders will increase the risk, full
compliance is a fatal error, and the similarity or identity of individual elements
will signal the participation of the multi-account owner. It also works in the
opposite direction – according to the principle of the average buyer.
If you do not go into technical details, the processing of personal by stores and
services, according to formal doctrines, is needed to collect statistics and issue
relevant advertisements, although in fact it is used for intrusive advertisement
tracking, selling data and more.
But this coin has a flip side, the value of the study which coincides with the
interests of the lecture – analyzing the involvement of data in customer
identification and transactions. A prominent place here is occupied, in particular,
by the billing and shipping addresses of the client, that is, personal and delivery
addresses.
The first is verified by AVS (ADDRESS VERIFICATION SYSTEM) – a verification system
that compares the billing address used with the client’s data with the bank.
Provided in USA, CA & UK and allows you to at least indicate a security risk in
case of address mismatch – validation failure means incorrect card information.
Mostly, a data error is the result of a method for obtaining cards, in which the
source is the owner himself, like phishing or sniffing, although there are also
loss of relevance and technical failures. You can dispel suspicions, check or
correct the defect like this:
• Attempt to find information available in the public domain, for example, through
SOCIAL NETWORKS.
• Use whitepages or similar services.
• CC of the “BUSINESS” type, where billing in most cases corresponds to a work
address, and purchases are made for the purpose of the company (there may be
exceptions).
• SHIPPING, in turn, is the competence of the anti-fraud system and shows: identity
with billing, and therefore with a bank; use of blacklisted addresses and
locations. To check AVS, billing is enough, which implies the ability to work on
different addresses.
Continuing with this thought, in comparison with orders for a work or alternate
address, specifically consumer goods (clothing, popular electronics, etc..) are
much more likely to be bought by customers at home, in most cases the same with a
bank file.
Thus, different addresses reflect “work for different bill/shipping” and give rise
to suspicion, since even without that from a relatively small sample of orders with
this pattern, fraudulent activities are often encountered, for example, when using
reshippers or drops.
However, suspicion doesn’t necessarily translate into action. An order for a work
or relatives address fits into the framework of what is permissible, though not
without exceptions: firstly, some stores may be critical of such orders; secondly,
purchases from a different billing and shipping are less trusted, the greater the
distance between them.
The latter is easy enough to understand: people tend to work closer to home, and
orders, for example, in their own or a neighboring city are much more common than
in another state, not even mentioning another country. In addition, comparison is
possible not only in relation to address locations, but also considering the IP
address.
Accordingly, as the distance increases, the chance of an approval decreases, and if
the real owner can insist or verify the order, then from the point of view of a
third party this is additional costs in the form of calling, warming up, doxing and
time, for which one cannot always be prepared.
If you cannot find the key to the tactics of different addresses, besides the
above, there are the following options:
• Order for billing address with the purpose of further redirecting the parcel or
stopping it at the post office (reroute, pickup);
• Search for stores with a qualitatively lower level of anti-fraud systems
• Special warm-up (“I want to order a gift for a friend”);
• Enroll with the function of changing the address, which can also help with
incorrect billing;
And the extreme is to avoid AVS entirely. Quite special cases, but in short:
working with digital goods, payment systems and banks where address speculation is
not required, as well as countries without AVS.
REACTIONS. Suppose the order is completed and it remains to wait for news from the
store or service. AKA PROCESSING.
With rare exceptions, the universal responses of stores and services to customer
actions are as follows.

1
CONFIRMATION. Conditionally positive and contains two options:
A. PRIMARY. A notification about the formation of an order, figuratively speaking –
the creation of an order that has yet to be processed.
B. ACTUAL. The request has been processed, and the funds have been authorized or
debited. You need to wait for the order to ship.
It is possible to distinguish one from the other in a particular store only
empirically, therefore, as soon as you see “ORDER PLACED”, it will be hasty to
divide the result – confirmation remains pending. The primary can be followed by
cancellation or verification.

1
DECLINE. Instant refusal to conduct a transaction when paying, even before the
order is completed. Causes of occurrence in order of increasing probability:
• Source on the side of the store or service: excessive vigilance or technical
problems;
• Reaction of the anti-fraud system. Reflects the highest degree of customer
distrust.
• Problems with the payment method. In addition to invalidity, it includes
insufficient balance, and various restrictions or limits from the part of the bank.
1
CANCELLATION. Notification of the refusal to carry out the transaction after it has
been completed. Very common. A similar list:
• The store authorizes funds after placing an order and thus, may mistakenly accept
defective material (empty, with credit limits reached, etc..);
• Death of the material after the order, for example, due to the reaction of the
owner of the material.

1
CLIENT VERIFICATION. For reasons of lack of trust, harsh store policies due to
deplorable statistics or, in a word, “delayed”, as well as due to special attitude
towards certain categories, for example, electronic goods or high value items can
require such forms of verification:
• Photo of the card from which the payment was made. Usually it is allowed to leave
only the last 4 digits of the card, covering the rest.
• Request to contact support by phone to “clarify details” (the request comes to
the email from the order, they rarely call without notification). During the
conversation, they will ask leading questions or wish to confirm the identity of
the client with information pertaining to his life (background report). For
example, the make and year of a car, past places of work and addresses.
• It should be noted that the issuing bank can act in a similar way: requesting
confirmation of the transaction via the owner’s email or blocking the card before
contacting support. At the same time, under normal conditions, there is no access
to his email, and to call a bank you often need more inaccessible information than
with a store.
Moving on to services, companies from the business relations segment – exchanges,
some exchangers, payment systems and bookmakers – adhere to the so-called KYC
principle (Know Your Customer), legal norms for customer identification to prevent
money laundering, tax evasion, etc… At best, you will need:
• BANK STATEMENT
• PHOTO ID (PASSPORT OR DL) – FROM DIFFERENT SIDES/ANGLES
• PERSONAL PHOTOS WITH DOCUMENTS
• SELFIE HOLDING DOCUMENTS
• PROOF OF ADDRESS
At worst, this can turn into video recordings, live video conferencing, and even
office visits. Half of what was touched on can be bought from scan vendors online,
while the other half will require real people and verification services for scans
or real documents, depending on the specific situation.
I recommend @KoolKode for scans
The last outlined verification method is used by both shops and services –
requesting transaction data, for the issuance of which you will need access to the
personal account of a card (enroll) or a call to the bank:
• ID NUMBER OF TRANSACTION OR COMMENT TO IT
• THE EXACT SIZE OF A MICRO-TRANSACTION ($0.01-1.99) – COMMONLY CALLED MINIKI
Shops and services have common scenarios for requesting information, and sometimes
they involve third-party companies that conduct verification. So, having collected
statistics, you can assume the necessary measures – doxing information, scans and
so on.
Let’s summarize. In light of all that has been described, finding a working BIN or
a store does not necessarily mean hitting the jackpot. It may seem that the lecture
material exaggerates, but this is not entirely true. The lecture focuses on what
can go wrong, in which direction to look for potential errors, and generally
summarizes the data within a single process.
Now, let's speak about BANK ACCOUNTS
We will talk about working with bank accounts, what they are, where to get them,
how to register them, how to use them, and more
First, let's recap a couple of definitions
FULLZ: This is someone’s entire data cluster and it’s what is commonly used to open
bank accounts, apply for loans, set up payment processors, and many other types of
fraud. FULLZ are extremely valuable information to us and in fact a NECESSITY for
many operations. FULLZ usually comprise of BACKGROUND REPORT, CREDIT REPORT, FULL
NAME, SOCIAL SECURITY NUMBER (SSN), DATE OF BIRTH (DOB), DRIVER’S LICENSE NUMBER
(DL), MOTHER’S MAIDEN NAME (MMN), and more.
SSN: SOCIAL SECURITY NUMBER. This is a nine-digit number issued to US citizens,
permanent residents, and temporary (working) residents in the UNITED STATES.
Although its primary purpose is to track individuals for Social Security purposes,
the Social Security number has become the national identification number for
taxation and other purposes. SSN is frequently used by fraudsters, since it is
interconnected with many other forms of identification, and because people asking
for it treat as an authenticator. Financial institutions generally require an SSN
to set up bank accounts, credit cards, and loans -- partly because they assume that
no one except the person it was issued to knows it.
DOB: Date of Birth
MMN: Mother’s Maiden Name. This is the name of someone’s mother BEFORE they got
married, that is, her name with her original family name (or “surname”), the name
she used when she was a girl and a young woman. “MAIDEN” here means “unmarried
woman”. So “maiden name” refers to a woman’s name when she was still an unmarried
woman. In many cultures, when a woman gets married, she takes the family name of
her husband’s family, so her name changes. Example, let us say your mother’s name
was Mary and she was born into the Smith family. Her maiden name would be “Mary
Smith”. Then, let us say, she married your father, whose name was Tom Jones. When
she married him, she became Mary Jones. That is her married name, but her maiden
name will always be Mary Smith. This is very important when working with banks,
since a lot of them will ask this question to verify your identity when processing
big transactions or conducting changes to the account.
DL: Driver’s License
BACKGROUND REPORT (BG): This is an extensive report on an individual, and usually
includes their DATE OF BIRTH, CURRENT AND PAST OWNED VEHICLES, RESIDENCE HISTORY,
CONTACT DETAILS, FAMILY DETAILS, WORK HISTORY, and more. It is acquired from paid
subscription in report websites such as BEENVERIFIED & INSTANTCHECKMATE.
CREDIT SCORE: The score given to a specific person, based on many factors such as,
their credit history, their debt to income ratio, how many cards they have opened
and their history of paying them on time, and more.
Those definitions are of extreme importance, and everyone working in this business
should be familiar with them.
In America, there are hundreds of banks, and each of them offer bank accounts to
people who have credit in the United States. In some banks, accounts are opened
only with a personal visit to a branch, and in some banks, you are allowed to open
a bank account online -- via the bank's website
This is hardly possible in many countries, but in America, it is very common. Even
in Europe, this is extremely difficult.
BANK ACCOUNTS can be divided into 3 different types

1
2
3
4
5
BRUTE ACCOUNTS — You can buy these on many websites, as well with private sellers
via such chats as TELEGRAM or JABBER. From time to time, banks strengthen their
protections, introducing such things as 2FA via SMS CODE, and in consequence, the
opportunity of working with certain banks disappear.

SELF-REGISTERED ACCOUNTS/BANK DROPS — These are accounts you register yourself, for
personal use. Mostly used by fraudsters to funnel dirty money and "cash out"
ACCOUNTS FROM LOGS — You can either buy these from private sellers, or acquire them
from your own botnet
BRUTE ACCOUNTS
These accounts are on sale as just the text login: USERNAME & PASSWORD or USERNAME,
PASSWORD + EMAIL ACCESS
Accounts with email access are obviously much more expensive. The majority of banks
will enable 2FA by default, making any modification in the account, to be notified
immediately on the holder's phone or email.
Having access to the personal email of the holder, which is connected to the bank
account, we can turn off phone notifications, redirect them to the email, and put a
filter on the email so that correspondence from the bank would go immediately into
spam folder.
The prices for these accounts start at $50 and can go up to more than $800.
Recently, I've actually seen one of these accounts for $1200 on a market.
https://prnt.sc/rvykoq
Such accounts with access to email cost around $400 and they are not on sale for
very long — they go away very very fast.
It may seem expensive, but if you know what you're doing, you can easily make
thousands with these accounts.
SELF-REGISTERED ACCOUNTS
These accounts are just as the name implies. Accounts that we have registered with
a specific bank for our own use, using someone else's personal information (FULLZ),
no one else has access to our accounts.
To open one of these accounts, you will need:
FULLZ WITH BACKGROUND REPORT + CREDIT REPORT, GOOGLE VOICE, EMAIL (CORPORATE IS
BETTER)
The credit for your FULLZ should be at least 700 or more, otherwise the bank will
not give you good options and you will have a much worser chance of succeeding
In some cases, it may even deny you on the spot, and invite you to register in
person at a branch
After we have acquired what we need, we can start the bank account opening process.
First, we need to look for a bank. There are literally hundreds of banks in the US,
so I will not go much into each bank. I recommend you apply for different banks
many times. And make a spreadsheet of your results to track them. With time and
testing, you will have a good list of banks that work for you, and banks that are
tougher on security.
To gain experience, I recommend starting with simple banks such as BANK OF AMERICA,
CHASE, SUNTRUST, FIDELITY, CHARLES SCHWAB, ALLY, etc...
To register with banks, you need to adjust your setup accordingly. It is not
required to thoroughly change all the hardware parameters like we do for carding.
The ANTI-FRAUD system will look for these adjustments, but not as the main deciding
pattern.
I recommend a SOCKS5 max 30 miles from the address you're using to register the
account
I recommend using CHE BROWSER to manage your bank accounts. Their website is at
https://chebrowser.site/ and they charge $30 monthly for using their software + $1
per configuration you buy. I recommend a new configuration for each bank account.
Or an alternative to this is simply using Virtual Machines from VIRTUALBOX +
PROXIFIER on HOST
After you have either of those ready, go to browserleaks.com
, make sure your time zone is correct, and there are no open ports, and no proxies
detected. Also make sure your DNS matches UNITED STATES. When you have all that
checked, you may proceed to registering with the bank.
f.vision

Also a good website to check your setup

If you have adjusted your setup correctly, then possibly you will not receive any
verification questions. However, if you arouse suspicion in the bank, or if the
victim already has a bank account opened with the bank, then you will receive a
bunch of questions to verify your identity.

This is where your BG + CR on the victim will come in handy

You answer correctly, and you will be skipped to further steps, where you will come
up with a login to your account, a password, and a PIN code.
One step is to order a DEBIT CARD. You probably will not need it, so send to the
previous address shown on the victim's credit report, to avoid the holder being
notified of a new account under his name, and consequently closing it. If you can
skip a debit card, it is always preferred you do such instead of ordering to
previous address.
In case of successful registration (APPROVED) — login immediately
We have created a USERNAME + PASSWORD, then came up with secret answers to
questions, and wrote down the ACCOUNT & ROUTING NUMBERS for checking and saving
accounts, confirmed the account by EMAIL + GOOGLE VOICE NUMBER and don't forget to
enable alerts. In general, this is good behavior that will not raise any flags from
the bank's security system.
https://prnt.sc/ryvjzc
There is a small problem, which is the change in CREDIT HISTORY. When registering a
new bank account, an entry is made in the credit report and large banks carefully
check this in order to prevent fraud.
In America, every resident can once a year check their credit report for free, so
it is very rare they actually do. However, with the COVID-19 pandemic, I have
personally noticed that many people are constantly checking their credit reports,
so this may be a bit of a problem to us.
All of our manipulations affect the credit score of the victim as well
A good measure I've noticed works well to avoid the holder noticing anything, is to
register for bank accounts at the beginning of each month.
After these manipulations, you will get a clean bank account for your work, which
only yourself will have access to
BANK ACCOUNT FROM LOGS
BA from logs, are the most complete ones. You will get USER + PASSWORD, there are
cookies for signing into the account, email access, and more. You can either get
this material from your own botnet or buy from private sellers.
Buying from private sellers can get quite expensive, but if you know what you're
doing, they're totally worth it.
Almost all BA sellers work the accounts themselves, and sell the scraps to
inexperienced buyers. This is a scam in its purest form, what goes on sale is what
the seller themselves did not waster their time on.
Logs with USER + PASSWORD + EMAIL ACCESS is 60% of your success, with this set
there is a high probability of making a profit, as you can drain up to 2-3k, then
you will need to call, send docs or similar activity to verify yourself.
If you have your own botnet with access to bank holder's machine, then you can use
his machine just like you would your own, login to bank account, any shop accounts
he has stored, etc...
It is also possible to change the victim's phone number in the bank account to your
own, put a worker on this number and receive calls.
Now you have a BANK ACCOUNT obtained from any of these means, now what?
If this is not a self-registered account, we need to drain the victim's money,
which can be done by several methods

1
Buying products via online shops, by linking your BA with PayPal, accept MINIKIS
for confirmation and configure the system to work with PP
In addition to PP, you can also link your BA to other shops, such as AMAZON
Paying with BA in shops, has a much higher credibility and trust, but it is also
checked with much higher scrutiny. Most likely, for the verification, in addition
to the MINIKIS, the will also require docs. If you have linked and verified, then
the shops can give you a good amount immediately from the first transaction.
LINKING TO AMAZON EXAMPLE
https://prnt.sc/rwq9xe
There are also luxury shops that accept payment only from BA, where the price tag
for goods start at 2-3k. It is harder to get into such shops, and in addition to
linking the BA, calling and docs are also usually required.
The pitfalls are exactly the same as I described, the bank must be from a botnet,
preferably with a remotely accessible machine, since we won't send more than 2-3k
without the machine.

1
ACH & DIRECT DEPOSIT TRANSFERS — There are two ACH METHODS available:
• CREDIT (TRANSFER INITIATED BY THE SENDER)
• DEBIT (TRANSFER INITIATED BY THE RECIPIENT)
Both types of ACH have a lot in common.
First, almost all banks allow ACH transfers but only between the accounts of the
holder himself. If they find out that the names do not match, they cancel the
transfer and block the account where the transfer was initiated.
Therefore, it is necessary to do it between accounts for the same holder.
ACH CREDIT (SEND, PUSH)
TRANSACTION TIME – Registered in the evening of the next business day (7-8PM ET).
After 1-2 business days, the funds will be credited.
PROCESSING: Automatic, but if the payment seems suspicious, there will be a call to
the holder for clarification and verification.
AMOUNTS: Depends on the bank, many allow you to send 10-20k per day.
ABILITY TO REVERSE ACH AFTER SENDING: At the first request of the owner of the
account, usually only enabled within 24-48h of the payment been sent.
For this scheme, you will need access to both bank account and email of the victim.
ACH DEBIT (PULL)
TRANSACTION TIME: Registered in the evening of the next business day (7-8PM ET).
After 3 business days will pass before the funds are credited (sometimes they are
already available on the 3rd day).
PROCESSING: Automatic, but if the payment seems suspicious, a call to the holder
will be made for clarification and manual verification.
AMOUNTS: Varies from bank to bank, but usual amounts are 10-20k per day.
ABILITY TO REVERSE ACH AFTER SENDING: Available only within 24-48h of money being
sent.
These transfers are the best in the US BANKING SYSTEM
PP uses this method, which is why it is so popular in our environment. But PP is
one of the most fucked up and underdeveloped gateways with this method.
The possibilities with ACH are endless
ZELLE DRAIN
This method is very hard hitting, and you need to look for private banks that allow
Zelle transfers
This method has been raped for so long, so it is overused, but it does not mean
that it doesn't work. Zelle transactions exist and are in demand among both
ordinary people and us fraudsters
We need an approach that will come with experience and testing.
ZELLE POSTING TIME: Within 10 minutes, during the current business day.
PROCESSING: Automatic, but if the payment seems suspicious, there will be a call
made to the holder for clarification and manual verification.

AMOUNTS: Up to 2-2.5k per day usually.

ABILITY TO REVERSE AFTER SENT: Not possible
Our main task with Zelle is to make the payment go through auto mode. But each bank
has its own characteristics. For example, with CHASE, you can make 2 transfers in
auto to one recipient up to $500 each and on different days.,
However, the 3rd transaction will cause for manual processing (even if the other
conditions are met). Therefore, the method is suitable for cashing out small
accounts with valid email access (you will need this to accept the Zelle code).
1
WIRE TRANSFER
This type of transfer requires a caller and must be applied only after a certain
experience in working with bank accounts
POSTING TIME: Same or next business day
PROCESSING: Always manual
AMOUNTS: Unlimited
OPTION TO REVERSE WIRE: Not available
This is the most desirable type of transfer for our purposes. Money can be sent to
the crypto exchange, or to our own bank drop accounts. After receiving the money,
the transfer is not able to be reversed.
Unfortunately, almost all banks have closed the ability to make a wire transfer
online (and those that do not, still require the first wire to be shown an ID on
branch)

1
BILL PAY
This is another way, where we make statements from the necessary offices to your
bank account and pay directly from there.
POSTING TIME: Logged in the evening of the next business day (7-8PM). After that, 2
business days will pass before the funds are credited (for payments to large
companies) and 7-10 business days for payments to the rest (since they send a paper
check).
PROCESSING: Automatic, but if the payment seems suspicious, a call to the holder
will be made for clarification and manual verification.
AMOUNTS: Above a few thousands
CCPOSSIBILITY OF REVERSE BILL PAY: Only if the payment or check has not been
cashed/credited.
It used to be a very good method, but now it is almost completely burnt. You can
usually work via credit, and cashing them is not an easy task. Checks take a very
very long time to process.

1
PHYSICAL CARD
Another method for cashing bank accounts, is through the issue of a physical card
to the victim's address — then re-routing to a drop that will work the funds. This
method is interesting, but requires experience and manual drops.
All these 6 ways of draining concerned with options when we had BA money from
balances, but what about when we're dealing with SELF-REGISTERED ACCOUNTS/BANK
DROPS?
If the BA is self-registered, the task of updating the balance to your account is
all on you

1
2
3
4
5
BRUTE ACCOUNTS. I advise you to start with 1-2k
DIRECT DEPOSIT. Make a check, and credit it to a bank that works through direct
deposit.
BILL PAY. Placing a transfer from another BA to yours. Access to log is required.
EXTERNAL ACCOUNT. Linking your BA to various places or to the BA log. Then drain to
your own account.
WIRE. Transfer of funds from another BA via WIRE
After the money has been credited to your drop, you would drain it the same way as
from other accounts mentioned previously in this class
There are a lot of work schemes, your task is to find your own that will work best
for you
Finally, I will describe a few working bundles for working with accounts
This is not a one size fits all solutions, banks adapt on a daily basis, and what
worked yesterday may not work today.

1
BA FROM LOGS > SELF-REGISTERED DROP > LOCALBTC/EXCHANGES
A very robust and easy to implement scheme. Of course, the self-registration of the
drop will eventually be flagged as fraudulent, that is inevitable, but you can work
out good volumes until that happens.

1
BRUTE ACCOUNT > SELF-REGISTER > LOCALBTC/EXCHANGE
This is also a very common scheme
This bank account theme is endless, and I could speak here for an entire month, and
there would still be things to discuss. You need to find your own direction, and
work it until it does not work anymore. At the same time, watch for something new
that has not been worked out, etc…
This topic is financially costly and requires a very good knowledge base in our
business. Besides that, you also need the contacts of the right people and
services, and ideally your own team.
We have now finished the class. Those that have questions please type them in the
chat.