Carding 🚗 Carding Guide: CARiD 🚗

[Cheapskatedummy]

Thx

 

[calicoxhx]

mixelente informacion gracias

 

[6ixxboss]

thanks

 

[Matthewsch]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

ty

 

[Mahmud]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Даже карты, которые обычно срабатывают 3DS может обойти это, если мы достаточно снизим наш рейтинг риска. Все зависит от того, как Кардинал Коммерс, 3DS процессор, видит нашу транзакцию ( при условии, что между ) нет системы мошенничества с искусственным интеллектом.

У нас есть два варианта:

• Карты, отличные от VBV: Все равно самое простое, если оно доступно.
• Манипулирование оценкой риска: Настраивая отпечаток пальца устройства, мы потенциально можем обойти его 3DS на картах, которые этого требуют.

3DS 2.0s попытка сбалансировать безопасность и пользовательский опыт дала нам возможность. Собирались этим воспользоваться.

---

Минимизируя свой 3DS 2.0 Оценка риска​

Давайте займемся хорошими вещами. В отличие от этих причудливых систем мошенничества с искусственным интеллектом, 3DS 2.0 связан политикой конфиденциальности и законами об обработке данных. Это означает, что он работает с ограниченным набором данных - только с вашим IP-адресом и отпечатком браузера.

Возможно, я ошибаюсь в некоторых деталях, но вот что у меня работает:
*** Скрытый текст: не может быть процитирован. ***

Помните, это не безупречно. Но это простой и эффективный способ снизить ваш уровень 3DS 2.0 оценка риска и увеличьте свои шансы обойти этих надоедливых 3DS подсказки. Вы не хотите получить этот экран:

View attachment 46387​

---

Требования и расход
​

Требования:

• Карта не-VBV ИЛИ используйте наш трюк выше.
• Чистые жилые прокси страна подходящих карт
• Надежная настройка браузера антидетекта
• Адрес сброса

Поток:

• Используйте наш трюк выше, если вы используете Карты VBV
• Добавить товары в корзину.
• Перейти к кассе. По возможности используйте гостевой кассу.
• Внимательно заполните детали доставки. Никакой вставки копий.
• Отправьте заказ и задержите дыхание.
• В случае успеха не бейте Карид опять немедленно. Разместите свои попытки.

По моему опыту, никогда не было Карид отмените транзакцию или запросите возврат товара. Но я не ударил их более пяти раз в общей сложности (all отгружен), поэтому ваши результаты могут различаться. Всегда будьте готовы к отмене или возврату.

---

Заключение
View attachment 46388​

Мы получили Кариды секреты, и теперь у вас есть план превратить их инвентарь в собственный магазин запчастей. Из 3DS 2.0s слабости простого трюка: у вас есть инструменты, чтобы заработать большие деньги.

Теперь создайте машину мечты - по одной кардочесанной детали за раз.

Просто помни, если тебя поймают и ты облажаешься, ты не узнал от меня ничего из этого. d0ctrine out.

cool

 

[Mahmud]

Руководство по чесанию: CARiD

---

Готовьтесь. Если вы приоткрывались завышенная цена глушители и причудливые диски, не владея ими на самом деле, пора применить свои навыки чесания там, где находится рот и по нему бьются Карид.

View attachment 46383

CarID.com имеет гору автозапчастей и их безопасность слаб как вода. От дешевых освежителей воздуха до индивидуальных обвесов - у них есть все - и они собирались помочь себе сами.

Речь идет не только о бесплатном глушителе. Собирались повернуть Карид в нашего собственного поставщика запчастей. Их запасы огромны, цены на них высокий и их защита есть дерьмо. Идеально подходит для нас.
Хотя не будь слишком дерзким. Это все равно требует некоторого мастерства. Ну, нужно ориентироваться в своей системе, использовать свои слабости и уйти с рук, не сработав ни одной сигнализации.

Так что приготовьте карты и зажгите свои доверенные лица. Вот-вот показывали Карид что происходит, когда вы оставляете дверь своего склада открытой. Давайте зайдем и посмотрим, как мы можем превратить их акции в нашу прибыль.

---

Почему Карид?​

Карид дерьмо, когда дело доходит до высокая ценность автозапчасти с безопасностью как слаб, как моча. Их инвентарь огромен: от дешевых освежителей воздуха до индивидуальных обвесов стоимостью в тысячи долларов. Этот сорт позволяет нам смешивать наши хиты и сохранять их законными.

View attachment 46384​

Настоящие деньги в их высокие билетные отправления. Производительность частей, пользовательские колеса, высокого класса стерео системы - один хороший счет может настроить вас на недели. И эта штука быстро продается. Автолюбители всегда ищут предложения, то есть быстрые перевороты и меньшие шансы на возврат средств.

Карид работает с сотнями брендов, поэтому мы можем распространять нашу деятельность и избегать закономерностей. Их глобальная доставка открывает возможности международных карт и дропов. И они используются для подачи заказов, поэтому разные адреса выставления счетов и доставки не вызывают никаких флагов.

Короче, Карид является идеальной целью - дорогостоящие товары, разнообразный инвентарь и слабая безопасность. В то время как другие борются за электронику и моду, они совершали набеги на завод по производству автозапчастей.

---

Рекон​

Открытие Берп-люкс мы можем это видеть Кариды безопасность такая же элементарная, как клуб пещерных людей. Никакой сторонней системы мошенничества не видно, просто какая-то бесполезная аналитическая чушь, которая не поможет нам остановить нас.

View attachment 46385

Теперь вот где становится интересно. Карид использует КиберИсточник для платежей, которые реализуют 3DS 2.0. Вы можете подумать, что это плохая новость, но держите своих лошадей - на самом деле это подарок, если вы умеете играть правильно.

View attachment 46386

Еще до того, как вы отправите платежные реквизиты, отпечаток вашего устройства будет отправлен по адресу Кардинал Коммерс, 3DS процессор. Код выглядит примерно так:

{
  "Печенье": {
    "Наследие": правда,
    "LocalStorage": правда,
    "SessionStorage": правда
  },
  "DeviceChannel": "Мобильный",
  "Расширенный": {
    "Браузер": {
      "Адблок": правда,
      "AvailableJsFonts": [
        "Комикс без рассеянного склероза",
        "Грузия",
        "Папирус",
        "Ариал Блэк",
        "Требушет МС"
      ],
      "DoNotTrack": "отключен",
      "JavaEnabled": правда
    },
    "Устройство": {
      "ColorDepth": 24,
      "Цпу": "АРМ",
      "Платформа": "Линукс",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": правда,
        "TouchEventCreationSuccessful": правда
      }
    }
  },
  "Отпечаток пальца: "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "Время снятия отпечатков пальцев": 42,
  "FingerprintDetails": {
    "Версия": "2.1.0"
  },
  "Язык": "en-GB",
  "Широта": нулевая,
  "Длинность": нулевая,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Происхождение": "Сокол",
  "Плагины": [
    "QuickTime::Видеоформат::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Формат::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Реферер": "https://carid.com","
  "Экран": {
    "FakedResolution": ложь,
    "Соотношение": 1,777,
    "Резолюция": "2560х1440",
    "UsableResolution": "2560х1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": ноль,
  "ThreatMetrixEnabled": ложь,
  "ThreatMetrixEventType": "ВХОД",
  "ThreatMetrixAlias: "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, как Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": ложь,
    "FakedBrowser": ложь
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Так что же это значит для нас? Это означает, что ваша настройка антидетекта имеет ключевое значение. Если ваш отпечаток пальца выглядит схематично, вы облажались еще до того, как ввели данные своей карты. Но сделайте это правильно, и у вас будет четкий путь к деньгам.

Но пока не забегайте вперед. У меня в рукаве есть хитрость, которая сделает чесание Карид легче. Ну, займитесь этим хорошим делом достаточно скоро.

---

Обработка платежей​

Карид использует КиберИсточник с 3DS 2.0 для платежей. Это может показаться проблемой, но на самом деле это хорошая новость для нас.

View attachment 46389​

3DS 2.0 является более гибким, чем предыдущий. Компании, стоящие за этим, поняли, что строгая безопасность убивает продажи, поэтому сделали их динамичными. Это работает в нашу пользу.

Вот в чем дело: 3DS 2.0 решает в режиме реального времени, показывать ли a 3DS подсказка. Это уже не простое "да/нет" на основе карты. Это дает нам место.

Даже карты, которые обычно срабатывают 3DS может обойти это, если мы достаточно снизим наш рейтинг риска. Все зависит от того, как Кардинал Коммерс, 3DS процессор, видит нашу транзакцию ( при условии, что между ) нет системы мошенничества с искусственным интеллектом.

У нас есть два варианта:

• Карты, отличные от VBV: Все равно самое простое, если оно доступно.
• Манипулирование оценкой риска: Настраивая отпечаток пальца устройства, мы потенциально можем обойти его 3DS на картах, которые этого требуют.

3DS 2.0s попытка сбалансировать безопасность и пользовательский опыт дала нам возможность. Собирались этим воспользоваться.

---

Минимизируя свой 3DS 2.0 Оценка риска​

Давайте займемся хорошими вещами. В отличие от этих причудливых систем мошенничества с искусственным интеллектом, 3DS 2.0 связан политикой конфиденциальности и законами об обработке данных. Это означает, что он работает с ограниченным набором данных - только с вашим IP-адресом и отпечатком браузера.

Возможно, я ошибаюсь в некоторых деталях, но вот что у меня работает:
*** Скрытый текст: не может быть процитирован. ***

Помните, это не безупречно. Но это простой и эффективный способ снизить ваш уровень 3DS 2.0 оценка риска и увеличьте свои шансы обойти этих надоедливых 3DS подсказки. Вы не хотите получить этот экран:

View attachment 46387​

---

Требования и расход
​

Требования:

• Карта не-VBV ИЛИ используйте наш трюк выше.
• Чистые жилые прокси страна подходящих карт
• Надежная настройка браузера антидетекта
• Адрес сброса

Поток:

• Используйте наш трюк выше, если вы используете Карты VBV
• Добавить товары в корзину.
• Перейти к кассе. По возможности используйте гостевой кассу.
• Внимательно заполните детали доставки. Никакой вставки копий.
• Отправьте заказ и задержите дыхание.
• В случае успеха не бейте Карид опять немедленно. Разместите свои попытки.

По моему опыту, никогда не было Карид отмените транзакцию или запросите возврат товара. Но я не ударил их более пяти раз в общей сложности (all отгружен), поэтому ваши результаты могут различаться. Всегда будьте готовы к отмене или возврату.

---

Заключение
View attachment 46388​

Мы получили Кариды секреты, и теперь у вас есть план превратить их инвентарь в собственный магазин запчастей. Из 3DS 2.0s слабости простого трюка: у вас есть инструменты, чтобы заработать большие деньги.

Теперь создайте машину мечты - по одной кардочесанной детали за раз.

Просто помни, если тебя поймают и ты облажаешься, ты не узнал от меня ничего из этого. d0ctrine out.

good info

 

[Gman991]

Helped bro thanks

 

[xiaofunny]

 

[trapsisic7c]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

goat

 

[zacurrypstein]

Appreciate it

 

[watermark55s]

Thx

 

[watermark55s]

Thx

 

[ataraxia]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

Thank you for the method

 

[Rize0001]

• Non-VBV cards: Still the easiest if available.

thank youu

 

[eminemem]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

6666

 

[Swipgd1]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

Thx

 

[Blacksheep999]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

on point

 

[jackzhao001]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

456

 

[kaishiba11]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

如果我们降低风险评分，即使是通常触发3DS 的卡也可以绕过它。这完全取决于3DS处理器Cardinal Commerce如何看待我们的交易（前提是中间没有 AI 欺诈系统）。

我们有两个选择：

• 非 VBV 卡：如果可用的话仍然是最简单的。
• 风险评分操纵：通过调整设备指纹，我们可以绕过需要它的卡上的3DS 。

3DS 2.0尝试平衡安全性和用户体验，这给了我们一个机会。我们将利用它。

---

最大限度地降低3DS 2.0风险评分​

让我们来看看精彩内容。与那些花哨的 AI 欺诈系统不同，3DS 2.0受隐私政策和数据处理法律的约束。这意味着它只能使用有限的数据集 - 仅使用您的 IP 和浏览器指纹。

现在我可能在某些细节上是错误的，但这对我来说是有效的：
*** 隐藏文字：无法引用。***

请记住，这不是万无一失的。但它是一种简单有效的方法，可以降低您的3DS 2.0风险评分并增加您绕过那些烦人的3DS提示的机会。您不会想看到这个屏幕：

View attachment 46387​

---

要求和流程
​

要求：

• 非 VBV 卡或者使用上面的技巧。
• 清洁住宅代理匹配卡国家
• 可靠的反检测浏览器设置
• 投放地址

流动：

• 如果你使用VBV 卡，请使用上面的技巧
• 将商品添加到购物车。
• 去结账。如果可能，请使用访客结账。
• 仔细填写运输详情。请勿复制粘贴。
• 提交订单并屏住呼吸。
• 如果成功，不要立即再次点击CarID。请间隔一段时间再尝试。

根据我的经验， CarID从未取消过交易或要求退货。但我总共没有遇到过超过五次（全部发货），所以您的结果可能会有所不同。始终做好取消或退货的准备。

---

结论
View attachment 46388​

我们掌握了CarID 的秘密，现在您可以计划将其库存转变为自己的零件商店。从3DS 2.0 的弱点到简单的技巧，您拥有赚大钱的工具。

现在就去打造那辆梦想中的汽车吧——每次打造一个零件。

只要记住，如果你被抓住并且搞砸了，你就没有从我这里学到任何东西。d0ctrine out。

 

[gingam12]

Carding Guide: CARiD

---

Get ready. If youve been jacking off to overpriced mufflers and fancy rims without actually owning them, its time to put your carding skills where your mouth is and hit CarID.

View attachment 46383

CarID.com has a mountain of auto parts and their security is weak as water. From cheap air fresheners to custom body kits, they have it all - and were about to help ourselves.

This isnt just about getting a free muffler. Were going to turn CarID into our own parts supplier. Their inventory is huge, their prices are high and their protection is crap. Perfect for us.
Dont get too cocky though. This still takes some skill. Well need to navigate their system, exploit their weaknesses and get away with the goods without tripping any alarms.

So get your cards ready and fire up your proxies. Were about to show CarID what happens when you leave your warehouse door open. Lets get in and see how we can turn their stock into our profit.

---

Why CarID?​

CarID is the shit when it comes to high value auto parts with security as weak as piss. Their inventory is huge, from cheap air fresheners to custom body kits worth thousands. This variety lets us mix our hits and keep it legit.

View attachment 46384​

The real money is in their high ticket items. Performance parts, custom wheels, high end stereo systems - one good score can set you up for weeks. And this stuff sells fast. Car enthusiasts are always looking for deals, meaning quick flips and less chance of chargebacks.

CarID works with hundreds of brands, so we can spread our activity and avoid patterns. Their global shipping opens up international card and drop possibilities. And theyre used to gift orders, so different billing and shipping addresses wont raise any flags.

In short, CarID is the perfect target - high value goods, diverse inventory and weak security. While others are fighting over electronics and fashion, were raiding an auto parts factory.

---

Recon​

Opening up the Burp Suite we can see that CarIDs security is as basic as a cavemans club. No third party fraud system in sight, just some useless analytics crap that wont do jack to stop us.

View attachment 46385

Now heres where it gets interesting. CarID uses CyberSource for payments which implements 3DS 2.0. You might think this is bad news, but hold your horses - its actually a gift if you know how to play it right.

View attachment 46386

Before you even send over the payment details your devices fingerprint gets sent to Cardinal Commerce, the 3DS processor. The code looks something like this:

{
  "Cookies": {
    "Legacy": true,
    "LocalStorage": true,
    "SessionStorage": true
  },
  "DeviceChannel": "Mobile",
  "Extended": {
    "Browser": {
      "Adblock": true,
      "AvailableJsFonts": [
        "Comic Sans MS",
        "Georgia",
        "Papyrus",
        "Arial Black",
        "Trebuchet MS"
      ],
      "DoNotTrack": "disabled",
      "JavaEnabled": true
    },
    "Device": {
      "ColorDepth": 24,
      "Cpu": "ARM",
      "Platform": "Linux",
      "TouchSupport": {
        "MaxTouchPoints": 5,
        "OnTouchStartAvailable": true,
        "TouchEventCreationSuccessful": true
      }
    }
  },
  "Fingerprint": "d9f8a4b5c3d2e1f0a5b6c7d8e9f0a1b2",
  "FingerprintingTime": 42,
  "FingerprintDetails": {
    "Version": "2.1.0"
  },
  "Language": "en-GB",
  "Latitude": null,
  "Longitude": null,
  "OrgUnitId": "61ddefdbcac40279f9950adf",
  "Origin": "Falcon",
  "Plugins": [
    "QuickTime::Video Format::video/quicktime~mov",
    "Flash Player::Flash Content::application/x-shockwave-flash",
    "HTML5 Audio::Audio Format::audio/mpeg"
  ],
  "ReferenceId": "e1f23456-g7h8-90ij-klmn-opqrstuvwxyz",
  "Referrer": "https://carid.com",
  "Screen": {
    "FakedResolution": false,
    "Ratio": 1.777,
    "Resolution": "2560x1440",
    "UsableResolution": "2560x1300",
    "CCAScreenSize": "01"
  },
  "CallSignEnabled": null,
  "ThreatMetrixEnabled": false,
  "ThreatMetrixEventType": "LOGIN",
  "ThreatMetrixAlias": "UserAlias456",
  "TimeOffset": -300,
  "UserAgent": "Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36",
  "UserAgentDetails": {
    "FakedOS": false,
    "FakedBrowser": false
  },
  "BinSessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

So what does this mean for us? It means your antidetect setup is key. If your fingerprint looks sketchy youre screwed before you even enter your card details. But get this right and youve got a clear path to the money.

But dont get ahead of yourself just yet. Ive got a trick up my sleeve thatll make carding CarID easier. Well get to that good stuff soon enough.

---

Payment Processing​

CarID uses CyberSource with 3DS 2.0 for payments. This might seem like a problem, but its actually good news for us.

View attachment 46389​

3DS 2.0 is more flexible than the previous one. The companies behind it realized strict security was killing sales so they made it dynamic. This works in our favor.

Heres the thing: 3DS 2.0 decides in real-time whether to show a 3DS prompt. Its not a simple yes/no based on the card anymore. This gives us room.

Even cards that normally trigger 3DS can bypass it if we lower our risk score enough. It all depends on how Cardinal Commerce, the 3DS processor, sees our transaction (provided there are no AI fraud system in between).

We have two options:

• Non-VBV cards: Still the easiest if available.
• Risk score manipulation: By tweaking device fingerprint we can potentially bypass 3DS on cards that require it.

3DS 2.0s attempt to balance security and user experience has given us an opportunity. Were going to take advantage of it.

---

Minimizing your 3DS 2.0 Risk Score​

Lets get into the good stuff. Unlike those fancy AI fraud systems, 3DS 2.0 is bound by privacy policies and data handling laws. This means its working with a limited dataset - just your IP and browser fingerprint.

Now I might be wrong on some of the details but heres whats been working for me:
*** Hidden text: cannot be quoted. ***

Remember, this isnt foolproof. But its a simple, effective way to lower your 3DS 2.0 risk score and increase your chances of possibly bypassing those pesky 3DS prompts. You dont want to get this screen:

View attachment 46387​

---

Requirements and Flow
​

Requirements:

• Non-VBV card OR use our trick above.
• Clean residential proxies matching cards country
• Solid antidetect browser setup
• Drop address

Flow:

• Use our trick above if youre using VBV cards
• Add items to cart.
• Go to checkout. Use guest checkout if possible.
• Fill in shipping details carefully. No copy pasting.
• Submit order and hold your breath.
• If successful dont hit CarID again immediately. Space out your attempts.

In my experience Ive never had CarID cancel a transaction or request an item to be returned. But I havent hit them more than five times in total (all shipped) so your results may vary. Always be prepared for cancellations or returns.

---

Conclusion
View attachment 46388​

We got CarIDs secrets and now you have a plan to turn their inventory into your own parts store. From 3DS 2.0s weaknesses to the simple trick, you have the tools to make some big money.

Now go build that dream car - one carded part at a time.

Just remember if you get caught and fuck up, you didnt learn any of this from me. d0ctrine out.

thank