MRforeigner

Basic
Joined
23.12.21
Messages
149
Reaction score
109
Points
43

🛍️ Carding Guide: Shein (Clothes, Lingerie, Everything) 🛍️



Welcome back, you degenerates. Today were setting our scopes on Shein.com, the fast fashion behemoth thats been flooding the market with cheap clothes and even cheaper security. If youve been sleeping on this shit its time to wake the fuck up.
Shein's not just another fashion ecom site. These Chinese legends ship to over 150 countries with a product range wider than your moms ass. Were talking clothes, accessories and home goods - you name it, theyve got it. And guess what? Their security isn't too shabby.

View attachment 45755


Shein might be an easier target, but that doesnt mean you can half-ass this shit. Were gonna dive deep into their security setup, exploit their weaknesses, and walk away with more clothes than we can wear.
So grab your cards, fire up your proxies and lets turn this fast fashion empire into our girlfriends' (if you have one) personal wardrobe.



Why Shein?

Lets talk about why Shein's become a prime target for carders. This Chinese fast fashion giant isnt just pumping out cheap clothes - theyve inadvertently created the perfect site for our kind of work.

  • Look at their price points. Most Shein items cost less than $50. This sweet spot lets you card multiple times without triggering any high value purchase flags. You can rack up significant profit through volume without drawing too much attention.
  • The market for this shit is massive. From Instagram 'boutiques' to flea market vendors, theres no shortage of people willing to buy Shein gear at a markup. Quick flips mean fast profit and lower risk of chargebacks catching up to you.
View attachment 45757

Now lets talk security. Shein's actually invested in some decent fraud prevention. The Chinese arent complete idiots. Theyve got basic device fingerprinting, some IP checks, and theyll occasionally throw 3D Secure at you if something smells fishy.

But heres where it gets good - and where we can make our money. Shein's primary chokepoint is their absolutely massive order volume. Were talking millions of transactions daily across the globe. This tidal wave of orders forces them to make a critical tradeoffs.

To handle this insane volume, Shein has to process orders quickly. They cant afford to scrutinize every single transaction like smaller sites can. So theyve tuned their fraud detection to be more permissive. Theyre playing a numbers game: willing to let some fraudulent orders slip through to keep their overall operation running smoothly.

This creates a sweet spot for us. If we play it smart - using fresh cards, rotating proxies and not getting too greedy - we can slip our orders in among the legit ones. Your fraudulent purchases vanish into that flood and becomes practically invisible. The system might flag some sure. But with the sheer volume of transactions a good percentage will make it through. Its a numbers game and the odds are in our favor.


Recon & Security Overview

Lets dive into Shein's HTTP requests. Firing up our trusty Burp Suite (we ditched Caido - that piece of shit became too slow) we start poking around. The IP logs show multiple instances of fingerprinting, but none of them ping externally. At first glance this might suggest all fraud prevention is done inhouse which would make sense given Shein's massive order volume.

But dont get too excited. If youve been paying attention to our previous guides, you know that HTTP logs only tell half the story. Using Google, we did some research on popular antifraud systems and their client lists. Lo and behold: Riskified proudly boasts about being Shein's antifraud provider.

This changes the game. Riskified isnt some stupid fraud detection - these fuckers are good. They use machine learning and data from multiple merchants to spot patterns. Your typical tricks might not cut it here.

But remember that Shein's volume is still our friend. Riskified might be smart, but its like trying to spot a single counterfeit bill in a giant money warehouse. The sheer number of transactions means some will slip through.

Since they also use Adyen, 3D Secure pops up occasionally but its not consistent. Theyre using it selectively probably based on some risk scoring Adyen itself runs.

Also, and this is important: the fraud systems in place differ from country to country for SHEIN. Look at this one, I've tried browsing through their US site and they run FORTER.

View attachment 45758

So you need to essentially pick your own poison. If you're having troubles with Riskified whooping your ass, try rotating to a different location of Shein and check whichever fraud system they have in place. You never know, maybe you hit a branch that has no AI system implemented yet.



Secret Method
*** Hidden text: cannot be quoted. ***



Requirements and Process

To hit Shein successfully, youll need:

  • Non-VBV cards not blacklisted by Adyen. Given Adyen's occasional 3DS pop-ups, this is crucial.
  • Clean residential proxies matching your cards country.
  • A solid antidetect browser setup to bypass Riskified's fingerprinting.
  • An aged Shein account (sourced from logs) or a highly trusted email for signup.
  • The cardholders actual email address (for our bypass trick).

Process:
View attachment 45759
  1. Set up your environment (proxy, antidetect browser).
  2. If using an aged account, log in. Otherwise, create a new account using a trusted email.
  3. Browse the site naturally. Add and remove items from your cart.
  4. Build a cart with a mix of items, keeping the total under $200 for your first attempts.
  5. Proceed to checkout. Use the cardholders email address. We can do this because Shein doesnt validate email on signup, giving us an important advantage.
  6. Enter shipping details carefully. Take your time, no copy-pasting.
  7. Submit the order.
  8. Immediately after order confirmation, change the email address on the account.
  9. If successful, wait at least 24 hours before attempting another order.
Bins that workeds (BIN doesn't matter if you lower your fraud score, I just include them here since you guys keep asking for fucking BINs):*** Hidden text: cannot be quoted. ***



Caveats
View attachment 45760
While Shein can be a huge cash cow, there are some problems to watch out for:

  • Order Limits: Shein has daily and weekly order limits. Exceed these, and youre asking for trouble.
  • Account Bans: Theyre quick to ban suspicious accounts as decided by Riskified. Dont reuse burned accounts or IPs.
  • Delayed Cancellations: Sometimes orders get cancelled days after placement. Dont count your chickens until the package ships.
  • Shipping Delays: Shein's known for slow shipping. This increases the window for chargebacks to hit before you can flip the goods.


Conclusion

Shein presents a unique opportunity in the carding world. Its massive volume and diverse product range make it an attractive target, but dont underestimate its security measures. Success here requires a delicate balance of patience, strategy, and adaptability.

Remember, were exploiting a numbers game. Not every attempt will succeed, but with the right approach, enough will slip through to make it worthwhile. Keep your operations diverse, dont get greedy, and always be ready to adapt your tactics.

The problem is that too many carders get tunnel vision on BINs when targeting Shein. Thats a rookie mistake. As Ive pointed out in most of my guides, fixating on BINs is a surefire way to limit your success. The real approach is to understand the antifraud system and payment processor behind the store. Master that, and youll find that any BIN can work its magic - provided the card is clean and has a decent balance.

As always, this guide is just a starting point. The landscape of e-commerce fraud is constantly evolving, and so should your techniques. Stay informed, stay cautious, and maybe youll turn Shein into your personal cash cow.

Now get out there and make those Chinese fast fashion moguls regret their lax security. Just dont come crying to me when youre drowning in cheap polyester. Happy hunting, you degenerates.
thank you
 
Top Bottom