Blueprint 1 : Protecting your self online

In this section we will talk about the three basic things (your best friends) you will most likely tackle
when carding online.
1. Your Virtual Machine
Usually this is an installation of VMWare or Oracle Virtualbox which is like another computer on your
computer. Always place everything related to carding on your virtual machine and not on your main
machine. You will never know when law enforcement might come barging at your doorstep.
After installing your preferred VM, install Truecrypt as well. Create a Truecrypt volume and put all
your VM files on it. Never leave traces on your machine and only mount your Truecrypt volume when
you want access to your carding stuff. By using this software along with your VM, you are assured
that your VM is encrypted and everything “vanishes” once the power is switched off.
2. Virtual Private Network (VPN)
Simply put, VPN hides your identity online. When you use VPN, your IP address is mixed with all users
of the VPN and all traffic is forwarded to the desired site/s and shielded with the VPN IP address. It
makes you anonymous and without it, your real IP address shows up. It only takes one phone call
from law enforcement to your ISP to trace you. In cases where you have dynamic (always changing)
IPs, they still can subpoena your ISP to reveal logs so they can trace you. As a general rule, whenever
carding or doing anything related to that, always use VPN.
3. SOCKS
SOCKS are IP addresses which you use primarily to spoof your location. Since merchants also track
location of the IP and adds it up to their fraud criteria, getting same city or same state SOCKS as that
of the cardholder is a must. Always remember that carding is BECOMING the cardholder in almost all
aspects possible. Never expect to just input CC details and expect an iPhone 6 to be delivered right at
your doorstep. It doesn’t work that way and you will most likely fail. If it works that way then the
world would be in chaos and nobody would buy credit cards if it were that easy.
Bonus: Remote Desktop Protocol (RDP)
RDPs are my favorite! These are remote computers (some hacked, some offered for rent) which you
are given access usually via Remote Desktop Connection on Windows. It’s like having an extra device
on another country of your choosing. With RDP you won’t need to access VPN and SOCKS just make
sure that for your device, you pick an IP address which is the same state as your cardholder. Don’t
worry as a lot of RDP providers allow you to choose and change which IP you will be using. RDPs have
many uses asides from carding, one of my favorite is creating bank drops online, and spoofing CPA
offers.
Final Words
As final words of advice, here are four things I want you to stick to your mind as far as not only
carding but also on your day to day life.
1. Always do homework – before trying your first carding heist, whatever it may be, it always pays to
do lots of research beforehand. Remember, you only get one shot and if you repeat the same steps
on a declined CC, chances are, it will get burned.
2. Be creative – in cases of failure, don’t be discouraged. Instead, think about why you failed and
what else could you have done to succeed. Creativity is what carding masters and guide creators
have in abundance. Also, it is not a given trait. The reason why masters are creative is because they
explore and do their homework and by doing so learn a lot of things that in turn give life to new
ideas. That is creativity.
3. Don’t be lazy – you might be the most intelligent, creative and knowledgeable person in the world
but without action, you will get no results. Without action, you are nothing!
4. Stay ahead of the game – The carding world is ever changing. Come to think of it, everything in this
world is. So don’t expect to do the same method month after month and expect the same results.
Once you get a working method, spam it and cashout immediately. You will never know whether it
might get burned the next day.

Blueprint 2 :Auto Carding-STRIPE

Now that we are done with the basics, it’s time to head on over to perhaps one of the most widely
used processors to card yourself some dough. Widely used however does not mean that it is too
saturated. In my opinion, this site has reached its security threshold wherein it cannot add any more
security functions without sacrificing user functionality. If it adds more of these security functions
then the processor might end up rejecting and declining every transaction whether fraudulent or
legit. The site I am talking about is…
Stripe.com
Stripe was created on 2010 and has received $130 million in funding ever since. The main goal of the
company is to provide a way for individuals and businesses to accept payments over the internet.
Currently used by around 17000 sites, it makes credit card payment transactions and cashing out
funds to bank accounts of supported countries possible.
Okay let’s head right down to business. This will be a step by step guide on how to exploit Stripe to
withdraw money from credit cards. You will need the following components:
1. A bank drop in an active supported country on Stripe.com. Usually USA bank drops are the easiest.
Also prepare the fullz info of the bank drop you have as we will use these as the account holder.
2. Good live credit cards preferably good BINs as well. Mixed types and mixed BINs. Don’t get all from
the same BIN.
3. HTTrack Website copier (freeware)
4. Notepad++ Text Editor (freeware)
5. Basic computer skills
Setting up your fake online shop
The plan involves having a fake online shop and being able to process fraudulent payments using
Stripe as backend. The first step is to create a fake web shop. You can do this by searching Google for
some terms such as “usa earrings and accessories online” and check the results on the deeper pages
preferably page 10 and beyond. Try to look for a small site with around 200 or less products because
you will be cloning it and making it yours.
Ok to clone it use HTTrack website copier and clone the whole thing. The good part is that you can
leave the cloning process while doing something else. A local copy of the whole site will be saved on
your computer. Try to stay under 500 Mb because the goal is just to make it look legit not to create a
huge site or to clone the whole thing.
Once done, the next step is to check each of the pages using notepad++. Make sure to change all
hyperlinks to the desired ones and make it all work
especially if you upload it to your webhost. One of the important pages to edit would be the contact
page. Change the contact information to the fullz information of the bank drop account holder. If it
has a Google map snippet, change it as well. Also, avoid dead links as much as possible. Remember,
make it all look legit – a website with a lot of dead links will not look legit.
Use a lot of common sense and never be lazy. Check out site footers, headers, sidebars and
everything and change the links to fit your domain. Always check every page. It doesn’t matter if this
takes you 1-2 hours or half a day. Always remember, you are creating a legit business that took years
for other persons to make.
(For the editing part, you will need HTML skills. I suggest you get a free course on the internet that
teaches HTML. This language is very easy to learn and is a very valuable skill. Also, when you already
have a domain and webhost setup, please make sure you know the steps on how to upload your site.
There are a lot of online tutorials for that as well. It might seem daunting at first but once you get the
hang of it, it’s as easy as cake! )
Use Notepad++ to do a search & replace for the regular expression “<!-- Mirrored[^>]*GMT -->”
(never include the quotes in any example) and replace it by nothing. This will remove all the
“Mirorred by HTTrack” comments in the source code. Always remember to organize website images
by placing them into a single folder. This might take a few more hours but it is well worth it.
Don’t forget to replace all phone numbers in the cloned site with a random toll free number. Do not
worry, no one will call.
Lastly, double check and keep on double checking until the site is perfected. Remove all instances of
the real site you cloned and change them all to your site.
Hosting for your fake webshop
First, try to have some a good email (not Hotmail, or Yahoo) which have your bank drop fullz details
because you need it to register with the webhost.
It is integral that you get an anonymous webhost service such as Arvixe (http://www.arvixe.com).
Always use the bank drop fullz details when registering in this webhost. The host will ask for address
info so come prepared with the address on the fullz. Uploading on the webhost/web server is usually
done via FTP which is very easy to do. There are a lot of online tutorials and even webhosts provide
upload tutorials via FTP so it won’t be a problem. After fully uploading the site, make sure that it
works properly by typing in the domain and checking each page and the link structure as well.
The next thing to consider is WHOIS details. Your webhost will allow you to change WHOIS
information for your site to match the information on the bank drop fullz. Always remember that the
bank drop info, WHOIS info, webhost info and Stripe info should be all the same person to avoid any
flags being raised.
Next, create an email account using the domain of your fake webshop. Make it
“[email protected]”. This makes the Stripe application look legitimate.