Mirrors/Zines
1
0
Fork 0
mirror of https://github.com/fdiskyou/Zines.git synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity
Zines/phrack/15/4.txt
Rui Reis a998d1b065 1st import into tree
2016-12-14 22:07:35 +00:00

214 lines
12 KiB
Text
Raw Permalink Blame History

===== Phrack Magazine presents Phrack 15 =====
===== File 4 of 8 =====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ The Disk Jockey ~
~ ~
~ presents: ~
~ ~
~ Advanced Carding XIV: ~
~ Clarification of Many Credit Card Misconceptions ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(A 2af Presentation)
Preface:
-------
After reading files that have been put out by various groups and
individuals concerning carding, credit fraud, and the credit system in
general, I am finding more and more that people are basing these files on
ideas, rather than knowing how the system actually works. In this article I
hope to enlighten you on some of the grey areas that I find most people either
do not clarify, or don't know what they are talking about. I can safely say
that this will be the most accurate file available dealing with credit fraud.
I have worked for and against credit companies, and know how they work from
the insiders point of view, and I have yet to meet someone in the modem world
that knows it better.
This file is dedicated to all the phreaks/hacks that were busted for various
reasons in the summer of 1987.
Obtaining Cards:
---------------
Despite popular belief, there IS a formula for Visa and Mastercard
numbers. All credit card account numbers are issued by on issuing company, in
this case, Visa or Mastercard. Although the banks are not aware of any type
of pattern to the account numbers, there IS one that can be found. I plan to
publish programs in the near future that will use the various formulas for
Visa, Mastercard and American Express to create valid accounts.
Accounts:
--------
All that is needed to successfully use a Visa/MC account is the account
number itself. I don't know how many times I have gotten into arguments with
people over this, but this is the way it is. I'll expand on this.
First of all, on all Visa/MC cards, the name means NOTHING. NOTHING AT ALL.
You do not need this name and address of the cardholder to successfully use
the account, at no time during authorization is the name ever needed, and with
over 50,000 banks, credit unions, and various other financial institutions
issuing credit cards, and only 5 major credit verification services, it is
impossible to keep personal data on each cardholder.
Ordering something and having it sent with the real cardholder's name is only
going to make things more difficult, at best. There is no way that you can
tell if the card is a normal card, or a premium (gold) card merely by looking
at the account number. The only thing that can be told by the account number
is the bank that issued the card, but this again, is not needed.
The expiration date means nothing. Don't believe me? Call up an
authorization number and check a card and substitute 12/94, and if the account
number is good, the card will pass. The expiration date is only a binary-type
check to see if the card is good, (Yes/No), it is NOT a checksum-type check
code that has to be matched up to the card account to be valid.
Carding Stupid Things:
---------------------
Whenever anyone, ANYONE tries to card something for the first time, they
ALWAYS want to get something for their computer. This is nice and all, but
just think that every person that has ever tried to card has tried to get a
hard drive and a new modem. Everyone does it, thus every single computer
company out there is aware and watching for that. If I could give every
single person who ever tries to card one piece of advice, it would be to NEVER
order computer equipment. I know there are a hundred guys that will argue
with me about it, but common sense should tell you that the merchants are
going to go out of there way to check these cards.
Merchant Checking:
-----------------
Since I brought up merchants checking the cards, I will review the two
basic ways that almost all mail-order merchants use. Keep these in mind when
designing your name, address and phone number for your drop.
The Directory Assistance Cross-Reference:
----------------------------------------
This method is most popular because it is cheap, yet effective. You can
usually tell these types of checks because during the actual order, you are
asked questions such as "What is your HOME telephone number" and your billing
address. Once they have this information, they can call directory assistance
for your area code, say 312, and ask "May I have the phone number for a Larry
Jerutis at 342 Stonegate Drive?" Of course, the operator should give a number
that matches up with the one that you gave them as your home number. If it
doesn't, the merchant knows that something is up. Even if it is an unlisted
number, the operator will say that there is a Jerutis at that address, but the
telephone number is non-published, which is enough to satisfy the merchant.
If a problem is encountered, the order goes to a special pile that is actually
called and the merchant will talk to the customer directly. Many merchants
have policy to not ship at all if the customer can not provide a home phone
number that corresponds with the address.
The Call Back:
-------------
This deals with the merchant calling you back to verify the order. This
does not imply, however, that you can stand by a payphone and wait for them to
call back. Waiting by a payphone is one of the stupidest things I have ever
heard of, being that few, if any, places other than the pizza place will call
back immediately like that. What most places will do is process your order,
etc, and then call you, sometimes it's the next day, sometimes that night. It
is too difficult to predict when they will call back, but if they don't get a
hold of you, or only get a busy, or an answering machine, they won't send the
merchandise until they speak with you voice. This method is difficult to
defeat, but fortunately, due to the high cost of phone bills, the directory
assistance method is preferred.
Billing Address:
---------------
This should ALWAYS be the address that you are having the stuff sent to.
One of the most stupidest things that you could do to botch up a carding job
would be to say something like "Well, I don't want it sent to my house, I want
it sent to....", or "Well, this is my wife's card, and her name is....".
These methods may work, but for the most part, only rouse suspicion on you.
If the order sounds pretty straightforward, and there isn't any unusual
situations, it will better the chances of the order going through.
Drop Houses:
-----------
These are getting harder and harder to come by for the reasons that
people are more careful then before, and that UPS is smarter, also. Your best
bet is to hit somebody that just moved, and I mean JUST moved, being that UPS
will not know that there is nobody at the house anymore if it is within, say,
a week of their moving. It's getting to the point where in some areas, UPS
won't even leave the stuff on the doorstep, due to liability on their part of
doing that. The old "Leave the stuff in the shrubs while I am at work" note
won't work, most people are smart enough to know that something is odd, and
will more than likely leave the packages with the neighbors before they shove
that hard drive in the bushes. Many places, such as Cincinnati Microwave
(maker of the Escort and Passport radar detectors) require a signature when
the package is dropped off, making it that much harder.
Best Bet:
--------
Here is the method that I use that seems to work well, despite it being a
little harder to match up names and phone numbers. Go to an apartment
building and go to the top floor. The trashier the place, the better. Knock
on the door and ask if "Bill" is there. Of course, or at least hopefully,
there will be no Bill at that address. Look surprised, then say "Well, my
friend Bill gave me this address as being his." The occupants will again say
"Sorry, but there is no Bill here...". Then, say that "I just moved here to
go to school, and I had my parents sent me a bunch of stuff for school here,
thinking that this was Bill's place." They almost always say "Oh Boy...".
Then respond with "Well, if something comes, could you hold on to it for me,
and I will come by in a week and see if anything came?" They will always say
something to the effect of "Sure, I guess we could do that...". Thank them a
million times for helping you out, then leave. A few days after your stuff
comes, drop by and say, "Hi, I'm Jim, did anything come for me?". If
everything was cool, it should have. The best thing to do with this is only
order one or two small things, rather than an AT system with an extra monitor.
People feel more comfortable about signing for something small for someone,
rather than something big, being that most people naturally think that the
bigger it is, the more expensive it is.
This is the best method that I know of, the apartment occupants will
usually sign for the stuff, and be more than happy to help you out.
Advice:
------
The thing that I can never stress enough is to not become greedy. Sure,
the first shipment may come in so easy, so risk-free that you feel as if you
can do it forever. Well, you can't. Eventually, if you do it frequently
enough, you will become the subject of a major investigation by the local
authorities if this becomes a real habit. Despite anything that anyone ever
tells you about the police being "stupid and ignorant", you better reconsider.
The police force is a VERY efficient organization once they have an idea as to
who is committing these crimes. They have the time and the money to catch
you.
Don't do it with friends. Don't even TELL friends that you are doing it. This
is the most stupid, dangerous thing that you could do. First of all, I don't
care how good of friends anyone may be, but if a time came that you hated each
other, this incident could be very bad for you. What could be even worse is a
most common scenario: You and a friend get a bunch of stuff, very
successfully. You tell a few friends at school, either you or him have to
tell only one person and it gets all over. Anyways, there is ALWAYS some type
of informant in every high-school. Be it a teacher, son or daughter of a cop,
or whatever, there is always a leak in every high school. The police decide
to investigate, and find that it is becoming common knowledge that you and/or
your friend have ways of getting stuff for "free" via the computer. Upon
investigation, they call in your friend, and tell him that they have enough
evidence to put out a warrant for his arrest, and that they might be able to
make a deal with him. If he gives a complete confession, and be willing to
testify against your in court, they will let him off with only paying the
restitution (paying for the stuff you got). Of course, just about anyone is
going to think about themselves, which is understandable, and you will get the
raw end of the deal. Don't let anyone ever tell you that as a minor, you
won't get in any trouble, because you can and will. If you are really
uncooperative, they may have you tried as an adult, which would really put you
up the creek, and even as a juvenile, you are eligible to receive probation,
fines, court costs, and just about anything else the judge wants to do with
you. All this boils down to is to not tell anyone anything, and try not to do
it with anyone.
Well, that should about wrap up this file. I hope this clears up some
misconceptions about carding. I am on many boards, and am always open to any
comments/suggestions/threats that anyone might have. I can always be reached
on The Free World II (301-668-7657) or Lunatic Labs (415-278-7421).
Good luck.
-The Disk Jockey
Reference in a new issue View git blame Copy permalink