Friday, November 27, 2015

Glossary of Buyer/Seller Terms in Carding

Base:

An arbitrary name that a seller assigns to a unique batch of cards hacked from a particular compromised merchant or a mix of merchants. Most often, bases are named after the state or region of the compromised merchant. Base names allow dumps shop owners to have a consistent naming convention when adding freshly hacked cards from a specific breached merchant. In addition, base names allow happy customers to have an easy way to come back to the seller and request more of the same cards; conversely, buyers who have little success “cashing out” cards from a particular base have a frame of reference with which to warn other potential buyers away from a specific batch of cards (bad cards = “brown acid“).

BINs:

Short for “Bank Identification Number,” this is the first six digits of any debit or credit credit cards, and it uniquely identifies the financial institution that issued the card. BINs are the primary method that sellers use to index cards for sale, and all buyers have their favorite BINs with which they’ve found success in the past. There are tens of thousands of BINs in use today, and few people legitimately employed in the banking industry have comprehensive BIN lists (which most banks consider proprietary). For that, you typically need to turn to the professional sellers, which track BIN usage quite closely.

Checker:

A form of buyer’s insurance, this is an automated, optional service that customers can use after purchasing cards to validate whether the cards they just bought are still active. Most sellers have “money-back” guarantees in place that will automatically refund the purchase price for any cards found to be invalid shortly after the cards are bought (usually a window of a few minutes up to a few hours is given to buyers to check and replace cards).

Dump:

Refers to a string of data that is pulled (usually by malicious software that infects cash registers or point-of-sale devices inside compromised merchants) from the magnetic stripe on the back of cards. Buyers typically receive a text file that includes all of their dumps. Those individual dumps records — when encoded onto a new magnetic stripe on virtually anything the size of a credit card — can be used to purchase merchandise in stores.

Packs:

Large bundles of dumps (often from a variety of hacked merchants in a particular region) — sold at wholesale prices which is usually discounted.

First-Hand Base:

A batch of cards hacked from a merchant breach in which the seller himself played a key role.

Reseller:

Most sellers rely on multiple suppliers of hacked cards. Contrary to the conventional meaning of the word, these hackers are supplying cards that are not sold anywhere else; once a card is sold, it is removed from the marketplace, and any suppliers found to be double dipping are quickly banned from the dumps community. Rather, resellers are merely hacking the cards and then selling them to the main verified seller.

Valid Rate:

The dumps store’s best guess about the percentage of cards from a given base that will come back as valid versus canceled by the issuing bank. If a base is advertised at a 80 percent valid rate, customers can expect an average 8 out of every 10 cards they buy from that base to be working and valid. Cards advertised at valid rates in excess of 90 percent typically demand the highest prices, and are a strong indicator of a breach that has only just been discovered by the breached merchant or some of the larger financial institutions.

No comments:

Post a Comment