You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Carding The only guide you need for Antifraud systems
- Thread starter CheapTravels
- Start date
![lkm1](https://pic-cc.com/data/avatars/m/157/157206.jpg?1724240269"){kind=avatar}
![0x00sec](https://pic-cc.com/data/avatars/m/162/162232.jpg?1730023492"){kind=avatar}
greatharker1
Carding Novice
- Joined
- 10.11.24
- Messages
- 22
- Reaction score
- 1
- Points
- 3
Gyyy
![dkpk117](https://pic-cc.com/data/avatars/m/62/62045.jpg?1719361614"){kind=avatar}
thank youIn this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
View attachment 35275
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
View attachment 35276
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect. If you have any questions or queries always feel free to contact me at telegram @jo8ji.
thank youIn this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
Những người có kinh nghiệm đều nhớ thời điểm mà độ sạch của IP được đánh giá bằng khả năng đăng ký email trên Google mà không cần số điện thoại, tôi không biết bây giờ nó có hiệu quả hay không, nhưng bây giờ bạn hiểu rằng email mới, sạch sẽ là điểm sáng về bạn trong bất kỳ hệ thống chống gian lận nào, nhưng một IP sạch luôn tốt)
Ngoài ra, hệ thống SEO này có chức năng học máy, có thể đưa ra kết luận dựa trên lịch sử công việc, ngay cả khi ban đầu không có thông tin nào được cấu hình cho chức năng này.
Nó hoạt động như thế nào.
Bạn tìm thấy một cửa hàng cho phép bạn đặt hàng với số lượng lớn, bạn vui mừng, bạn đã kiếm được khoản lợi nhuận đầu tiên bằng cách bán nhân viên này với giá rẻ, nhận được một đồng xu và vì một lời nói hay ho, bạn đã kể về cửa hàng này và thùng rác trong nhóm nhỏ của mình trong TG. Những người bạn cùng lớp đói đang ngồi trong nhóm này và nghe nói rằng có một cửa hàng, rằng có một thùng rác đi ngang qua, họ bắt đầu chen chúc vào cùng một thùng rác, trong đó có rất nhiều trong các cửa hàng - không ai từng sử dụng trước đó - nhưng sau đó - mọi thứ bắt đầu xảy ra, bạn phải đánh bại
Và có những nỗ lực như vậy để lái xe vào, và điều này không gì hơn là mua sắm trong một cửa hàng - thay vì mua 2 lần mỗi giờ như thường lệ - 40 lần qua cửa hàng, và mọi thứ có vẻ ổn - tất sạch, thư tốt - mọi thứ đều như mong đợi - và thậm chí lệnh bắt giữ cũng bị treo - và sau đó là tiếng nổ
Và đơn hàng đã bị hủy sau 12 giờ.
Và điều gì đã xảy ra - sau cùng, mọi thứ đều sạch sẽ - bạn không thể tìm ra lỗi. Đúng, về mặt tinh khiết thì không có câu hỏi nào, nhưng đối với chống gian lận thì đây là một sự bất thường - và hệ thống đã báo hiệu cho chủ cửa hàng rằng có điều gì đó không ổn. Chủ cửa hàng đã đến vào buổi sáng và hủy tất cả các đơn hàng có vẻ đáng ngờ đối với hệ thống.
View attachment 35275
Bạn, sau khi nhận được sự tôn trọng của các bạn cùng lớp vì đã điều chỉnh chương trình tặng quà, ngày hôm sau quyết định làm một gói khác, hành động theo “chương trình hoạt động” bạn phát hiện ra một sự suy giảm ngay lập tức, vì hệ thống đã học được, chủ sở hữu đã điều chỉnh nó và cửa hàng lớn hơn không hoạt động theo chương trình này. Nhưng những gì nó không tặng chỉ dành cho bạn và những khách hàng bình thường để tiếp tục mua sắm ở đó.
Hãy quay lại hệ thống chống gian lận của chúng ta.
View attachment 35276
Điền dữ liệu bạn có, email, IP và mọi thứ khác, bạn không cần phải điền vào tất cả các trường - bạn chỉ không có một số thông tin - hãy điền những gì bạn có và nhận kết quả cho biết ổ đĩa của bạn có thành công hay không tất nhiên không đảm bảo 100%, nhưng khi đã thành thạo công cụ này, bạn sẽ hiểu hệ thống đánh giá của mình hoạt động như thế nào và với các kỹ năng phù hợp - bằng cách thích ứng với chúng, bạn có thể vượt qua mọi hệ thống chống gian lận.
Tôi xin lưu ý bạn đến ví dụ về hệ thống chống gian lận SEON - hệ thống này lớn, hoạt động với nhiều dịch vụ và cửa hàng, và nếu bạn có danh tính (thư, điện thoại, hệ thống, IP) bị lộ trong một trong những dịch vụ này, thì bạn có thể đoán rằng với cùng thông tin giới thiệu đó, bạn sẽ có sự thay đổi trong bất kỳ dịch vụ hoặc cửa hàng nào khác đang sử dụng hệ thống chống gian lận hiện tại.
Đây là vấn đề liên quan đến chính xác một hệ thống. Nhưng các thông số để đánh giá tính cách rất giống nhau từ hệ thống này sang hệ thống khác. Nếu email của bạn không có đăng ký và được hiển thị là vùng mới, thì nó sẽ như thế này trong tất cả các hệ thống chống gian lận, mặc dù các hệ thống có cơ sở dữ liệu khác nhau và hồ sơ về danh tính của bạn sẽ nằm trong một hệ thống; khi bạn nhập nó vào một cửa hàng, nó được phục vụ trong một hệ thống chống gian lận khác, nó sẽ kéo lên hầu hết các thông số và dữ liệu được lưu trữ về tính cách của bạn trong SEO.
Các hệ thống AF đang ngày càng phát triển và hoàn thiện, và để thành công trong lĩnh vực của mình, chúng ta phải liên tục theo dõi những thay đổi này và thích ứng với chúng.
Đó là tất cả những gì bạn cần biết về hệ thống chống gian lận. Thực hành là điều làm nên sự hoàn hảo của mọi người. Nếu bạn có bất kỳ câu hỏi hoặc thắc mắc nào, hãy luôn liên hệ với tôi theo địa chỉ telegram @jo8ji.
sayixo9824
Carding Novice
- Joined
- 05.12.24
- Messages
- 1
- Reaction score
- 0
- Points
- 1
thxIn this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
View attachment 35275
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
View attachment 35276
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect. If you have any questions or queries always feel free to contact me at telegram @jo8ji.
stashgod559
Carding Novice
- Joined
- 18.11.24
- Messages
- 22
- Reaction score
- 1
- Points
- 3
Definitely need more of your sauce. DM pleaseIn this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
View attachment 35275
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
View attachment 35276
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect. If you have any questions or queries always feel free to contact me at telegram @jo8ji.
thxzIn this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
View attachment 35275
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
View attachment 35276
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect. If you have any questions or queries always feel free to contact me at telegram @jo8ji.
carder2025
Active Carder
- Joined
- 03.01.25
- Messages
- 52
- Reaction score
- 1
- Points
- 8
thxIn this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
View attachment 35275
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
View attachment 35276
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect. If you have any questions or queries always feel free to contact me at telegram @jo8ji.
Painkiller600
Carding Novice
- Joined
- 13.12.24
- Messages
- 1
- Reaction score
- 0
- Points
- 1
Is there anyway you can check for if your details will pass through the antifraud system before you use it on sites?
In this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it
*** Hidden text: cannot be quoted. ***
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
View attachment 35271
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
View attachment 35272
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
View attachment 35273
we see a bunch of parameters that can be sorted by fraud points or importance for the system
View attachment 35274
we see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
View attachment 35275
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
View attachment 35276
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect. If you have any questions or queries always feel free to contact me at telegram @jo8ji.
Share: