Credit Card Fraud in the Late 90's 1.0. By Massood Circa December, 1997 Section I. Introduction and Preliminaries A. Goal and Purpose B. Who This Document Is Meant For C. Introduction Section II. Credit Card Basics A. Number Explanations B. How Verification (i.e. Verifone) and Payment Dispute Work C. Credit Card Fraud Law Section III. The Basic Scam Explained A. Ten Commandments of Credit Card Fraud Conduct B. Pre-Planning C. Fake State IDs D. What You Should Buy E. Attaining the Credit Card Numbers F. How the Scam Works G. Selling the Stolen Item H. American Express and Discover I. Basic Summary Section IV. How Credit Fraud Investigations Work A. What Initiates an Investigation? B. Caller ID and AMA C. The Association of Credit Card Fraud Investigators Section V. Advanced Tactics A. Anonymous Recalling Service B. Anonymous Remailing Service C. The Benefits of Disguise D. The Friendly Taxi Cab Driver E. Moving Up the ID Ladder F. Voice Modification Technology G. Internet Commerce Ordering H. Money Laundering Basics and Why You Should Know I. How to Frame Someone With Credit Card Fraud J. Concealing Your Location K. Have Your Own "Workshop" L. Voice Mail Boxes Section VI. Ways to Fight Credit Card Fraud A. How to Catch an Inside Credit Card Stealer B. How Your Business Can Fight Credit Card Fraud Section VII. Bibliography, Shoutouts, and How to Reach Me Section I. Introduction and Preliminaries A. Credit Card Fraud Goal "To attain money that is laundered and clean so one can use it to buy legitiment things that are owned in your name." Purpose - This document will attempt to outline a strategy, and the tactics needed to implement that strategy, in order to attain money through credit card fraud. B. Who This Document Is Meant For? This document is intended for those who own a car and have freedom of movement without anyone noticing (i.e. your parents). Do not try any of these tactics until you are out on your own in your own place. If you are underage and have a curfew, these tactics will not work for you. Also, this technique is hardcore and requires many months of planning and setup. This technique is not meant to be a quick way to earn a three hundred dollars so you can go buy the latest modem. Patience will reward you with enough money to start your own business or live comfortably off of your stock and bond investments. Warning: this technique will not get you rich. The longer you card the higher chance you will get busted. Card to a certain goal and use that money to get into a legit business in order to make money properly. Also this document is meant for those who want to get an idea of how credit card fraud is committed and how to stop it. A later section in this document I give some ideas on how businesses can fight credit fraud in their own sales. C. Introduction As some of you might already know, credit card fraud has been going on for quite a while so the people who investigate the crime are quite good by now as are some of the foremost proponents who have continued to commit the crime without being caught. The only thing new in the credit card fraud equation is internet commerce. Orders now can be done over ip without having to reveal your phone number (hopefully you always called from a payphone) or the signature of your voice pattern. Calling from a payphone in your home town always revealed your location if you did not op divert (even with op divert the AMA, automatic message accounting, will record the number dialed, duration, and originating number) or call an anonymous recaller service. This document will show you a way to card professionally with minimal risk. It will show you a new way to do it. I have searched all over the Internet to see if someone else had written about my idea but nobody seemed to have done it. Without further ado, I present some basics to carding and then present my idea. Section II. Credit Card Basics A. Number Explanations There are four major credit cards: Visa, Mastercard, American Express, and Discover. American Express has 15 digits in the card and the first digit always starts with a 3 and almost always the first two digits are a 37. Discover Card has 16 digits and always starts with a 6. Every Discover card I have seen starts with 60. Mastercard has 16 digits and always starts with a 5. Visa has 16 digits and always starts with a 4. Some Visa cards only have 13 digits (i.e.: 5023 000 617 789). Cards on Visa like this one: 5024 0000 6184 3847 are preferred cards which usually means they have a higher credit. B. How Verification (i.e. Verifone) and Payment Dispute Work When you get a card holders information, you sometimes would like to find out if the card has been maxed out or not. You want to verify it. You can verify it by calling up an authorization system (usually 800 number) and giving them a merchant number, card number, name on the card, expiration date, and amount to be spent. Some places now just require you to send the number, expiration date, and amount to be spent. No name. They will tell you if the card has enough credit to cover the purchase. Getting a merchant number and dial up is pretty easy. One tactic one can use is to walk into a store (like Blockbluster) where teenagers work. Buy something (buying helps since you are "paying" for their time) and then ask them how the Verifone machine works. They will blather on essentially saying how clueless they are and then you ask them what the numbers are written on the machine. Most of the time the merchant number and 800 number will be written on the machine for each card type (Mastercard, Visa, etc.). Tell them your the new store your working in does not have a clue how the machine works and if you can write down the numbers so as to call them up and ask for some clues. Usually they will help and allow you to write it all down. Presto! Your in business. Thank them for their help and walk away, bumping into a wall or something to prove to them how stupid and clueless you are. Remember, the higher the purchase is for the card, the more background checks will be made to validate the authenticity. Some card places will call the number you give them and verify that you did indeed make the purchase. There are ways to defeat this as will be explained later (VMB). For now, try to keep all purchases on the stolen credit card below $500. Do not put any more on a single card. Also, remember that expensive items will sometimes require the courier to take a signature before handing over the item. In this scheme, it is easy to defeat this since most of the time you will be impersonating the victim and will have proper ID to prove you are who you say you are. Other times, another person will sign for you (hotel manager). Also, 800 number callins will record the number you called from. Here we have an excerpt from a training manual. It gives an insight into the verification process. "Train operators to listen to tone of voice. Note anything suspicious. Keep a file of bad debtors, phony names and addresses, bogus companies, and bad credit card account numbers. If the address given is a P.O. Box in a large city, check into the order more carefully--especially it it's from a new customer. Carefully check any orders with unusually high dollar amounts or involving out- of-the-ordinary situations, including rush orders. Both American Express and Optima cards have a four-digit, nonembossed CID number printed on the front end of the card. It appears on the right border of American Express, and the left border of Optima. Ask customers who place orders with these cards for the CID number. Visa card customers will have a nonembossed number appearing above the first four digits on their card. Ask them for that number, and verify that it matches the first four digits of the card's account number." C. Credit Card Fraud Law This excerpt was taken from a website and has had all the facts confirmed. I think the author best explains it so will just quote it here. - Start Quote - "The greatest pleasant surprise was that it is a federal law that protects us, as consumers, from liability as a result of credit card fraud. In fact, you aren't liable for more than $50! I looked up for myself: Title 15, Chapter 41, Subchapter I, Part B, Section 1643 of the U.S. Code states that "...a cardholder shall be liable for the unauthorized use of a credit card only if the liability is not in excess of $50." Not bad, huh? Why then, all this fuss about credit card fraud? Well, my research revealed some more interesting results: if someone steals your credit card and runs up a big bill, it's the merchant that the goods were purchased from that is the true victim - the merchant flat-out loses the goods, without repayment or reparation. United States v. Blackmon, 839 F.2d 900 (2d Cir. 1988): The defendants used fake credit cards only for the purpose of identification. The Court holds that this does not constitute credit card fraud under 18 U.S.C. §1029(a)(3). In order to violate this section, there must be an intent to defraud a credit card holder or a credit card company. Merely using the credit cards as false identification is not sufficient. United States v. Russell, 908 F.2d 405 (8th Cir. 1990): The defendant possessed stolen credit cards on numerous occasions, but at no time did he possess fifteen or more. The federal offense, 18 U.S.C. §1029(a)(3) punishes the possession of fifteen or more stolen credit cards. This requires that the defendant possess all the credit cards at the same time, and the Government may not aggregate its proof in this regard." - End Quote - Interesting eh? The parts that are not explained well I learned from some books I bought over the internet. Basically, if a person has their card used to make all kinds of purchases, it requires them a tremendous amount of work to get the charges taken off. Sometimes the credit card company will give the card holder a bad credit report and even after the card holder gets the charge taken off the card, they then have to fight with the credit agencies in order to get a "no payment" taken off their credit report. In other words, the card holder will try and find out who did the stealing with a vengeance. So the cardholder only is liable for $50, but the bad credit report makes them go insane and most of them will go take the "insta-investigator" course from Sally Struthers and come huntin down your ass so if you make a mistake they will most likely get you. Or even worse would be you carded someone who is rich and they hire a professional investigator to hunt you down just out of spite. With this technique the investigator will not have much to go on but if you make one mistake then bam! So pick your targets well and do not make any mistakes. Also, even though the card holder and the card company will not have to pay, the merchent will. The merchant will be stuck with giving you the goods with no payment. So they will come after you. In the whole scheme of things, everytime you rip off someone four people are affected. The card company complains to the card holder to pay the bill. The card holder complains, pays the $50 required by law, cancels the card, and goes on to fight the credit company. The card issuing bank gets calls from the card holder but does not really bother too much with it since they are not out of any money. Then you have the merchant. They get calls from the card holder with them asking for all kinds of info about the transaction. So with any ripoff you do, two people will come after you: the merchant and the card holder. So beware and know your enemies. Section III. The Basic Scam Explained A. The 10 Credit Commandments (in order of importance with 1 being the most) 10. Use caution in using a CC # from someone with an address of "route 6, box 8" since the person is most likely a farmer who rarely uses his CC and will know exactly how and where you stole the information (especially bad if you're doing the info recovery through a insider job). 9. Best way to get Credit card info is from the inside. 8. Join the Association of Credit Card Fraud Investigators (fake name under the P. O. box where the magazine is sent). 7. Always work on your FIP (Full Identification Packet) skills. until FIP is not a fake but actually the real documents. 6. Have as many Full Identification Packets (FIP) as possible. 5. Use a FIP only once per drop. 4. Drop off zone should always be a hotel. 3. Only use a drop off zone once. 2. "Lose your face, Lose your name" - Mighty Mighty Bosstones - Always work on your disguise skills so that when you go to the drop off zone you will look like anyone you want to be as long as its not yourself. 1. Trust no one. NOTE : IS stands for Individual Scam. It refers to a single instance of ordering merchandise from a single company, having it shipped to a drop site, you picking it up, and then selling it to a buyer. I make this distinction for clarity's sake since in the advanced section of this document I will refer to a "mulitiple IS scheme" where you have many IS happening at once. B. Pre-Planning Pre-planning means getting your shit together. It means knowing how to answer EVERY situation that may come up. Many important things must be decided now that will affect the efficiency of your IS. One is to choose your victim. I do not suggest using cards from Visa and Mastercard. If possible, use American Express or Discover. Later on I explain why. If you see a company credit card with visa or mastercard do not try it. The merchants will not allow the shipping and billing addresses to be different so the excuse of "I want to send this stuff to one of my employees out in the field" will not work. If you have American Express or Discover it mostly will. Go over in your mind everything that will happen before you begin the IS. Have all the info you need ready and easily accessible when you make the call (hotel address, number, zip code, your alias, alias address, number, etc). Practice talking to the operator over and over to get used to ordering. Drive by the hotel and decide where you will park, or, if using a taxi cab (described later), find out the cab company you will call and the pick-up site. Have everything prepared, even what to do if you drive up in the cab and see a cop car sitting in the parking lot. Have in mind what you would tell the cabbie. Let nothing surprise you or catch you off guard. C. Fake State IDs In order to satisfy the hotel manager, the delivery person, and the retail buyer of your identity, you have to get a fake state ID. Most hotels will allow you to rent a room with just showing a state ID with your picture on it and a date of birth (most do not even ask for ID, if you look old enough). Fedex and UPS will not even deliver the package to your hotel room; they mostly ask the hotel manager if the person the package is being sent to has a room there. If so, the delivery person drops it off and the hotel attendent calls you at your room. Sometimes the delivery person may wait for you to show up in order to sign for the package. Rarely will the delivery person ask to see some kind of ID. But if the person does, you will be prepared. Once you check out of the hotel (always check out like a normal person since you do not want to arouse suspicion), then go to the shop that you have preselected as your sell point and flash your ID and haggle hard for a good price. Most dealers will sense your fraudulent if you just agree to the first price that comes up. Before you go in imagine your best friend spent a lot of money on this hardware and you're selling it in order to get money to pay for your best friend's upcoming and unexpected surgery. After your hard haggle, sell the item, pocket the cash, and walk out. Where to get a fake state ID? Fortunately, the anarchy of the web provides a great means. Check out http://www.icenter.net/~idcards/index.htm - for great state ID cards. http://www.photoidcards.com/- for state and world ID cards. They can even have ultraviolet markings and holograms placed on the card for more authenticity. It is also legal to have and its legal for them to sell to you. Some of the IDs are only about $50 while others are more expensive. It also costs more to add ultraviolet markings hotography and the hologram. In order to get the ID, go to Kinko's or some place like that and get a small photograph taken of you (say the photo is for your passport, they will not care, usually costs $11 for two pictures). Get a money order and send that and the picture to the ID place and get an ID card sent back to you (at your p.o. box). ***NOTE*** Post offices will accept a state ID card as proof of ID. So it would be wise to open a new p.o. box under a fake name (an ID that you DO NOT use for an IS). Also if you are not 21 then your state ID can make you 21 so you can get a hotel room. Remember, it is important to make sure the fake ID you have is the same name as the card you are hoping to use. You might want to get some cards and verify them first to make sure they have some credit. Then send off for the fake ID's (or make your own if you have the equipment) and then "become" that person. If the delivery boy asks for Id, you have it. D. What should you buy It is tempting to buy computer systems and then sell them in order to get a lot of cash (buy a new system for $2000 and then sell it for around $900). But, with further thought, you will realize that buying computer commodities is usually better since they are A. smaller and more easily transported as opposed to a heavy monitor and cpu; B. harder to trace since the items will most likely be put into a new system (by the store owner who bought your items) and sold to another person. Most places would find it difficult to track where every memory module or cpu goes when the investigator comes around; C. more buck per pound. The new latest chip may cost around $600 and weigh a few pounds whereas a new computer system (around $2000, remember the purchase has to fit within the limit of the actual credit card account) that can fit on a typical credit card account will weigh around 60 pounds and take up a lot of space in your trunk. General rule is to have the smallest buck per pound ratio you can get. Also, a recent idea of mine is to buy regular stuff. Why do all carders seem to always card for computer stuff? Why not card for a nice $400 ring? It is much easier to conceal and to pawn. Why not buy a silver bar with a card? There are so many things you can card for now over the phone. Any home shopping channel would be a prime candidate as I gather they just realize that fraud is a part of their business and they just accept it. Though I would be especially careful with them since they may have many fraud investigators working for them. But do not limit yourself to just computer stuff. Buy small, expensive items and sell them in one day. Then your set. Remember, most credit card bills go out at the late middle or end of the month. I would suggest the best time to buy the items would be around the 8th of the month to the 18th. Only do IS's two weekends in a row and then stop for a month until the next month. Any more would be pushing it too much. You might give them a pattern to look for and then BAM! your caught. Remember the most embarrassing thing that could ever happen to you is getting arrested. Also, when buying the items, have all the info ready on a piece of paper. Some places ask for things while others do not. Some may ask for driver's license number or the issuing bank or a "number on the back." They might ask for the bank or interbank number (Mastercard). They might ask for social security number. In most of these cases you should be ready to give up the deal. If the merchant is this thorough then you might get caught. ALWAYS ALWAYS ALWAYS ask what they will need to make the purchase. Be very adamant (act like your an idiot) about knowing what everything they will need to know before you hand over ANY information about yourself. If they require a shitload of info then say you do not want to give all that out for privacy reasons (hell, tell them your John Perry Barlow and you will write bad lyrics about them). Only give over the info when you know its a good deal. If you screw up, then your whole IS is compromised and you have to pick a new hotel, new card, etc. So make sure. Its also important to have many companies ready to call since some may be out of stock, can not do next day delivery, don't deliver to Guam (do Guamites hack?), etc. So make sure you got enough places to call so your time spent out in the boonies with the lone payphone in the heat won't be wasted time and gas. Things the merchant should agree to before handing over the info: 1. Next day delivery? 2. Different billing and shipping address? 3. Item in stock? 4. Need only the basic info for a transaction (address, number, name)? I tend to think that the merchant has no idea if the billing address is the same as the shipping address. I have thought about just saying the hotel address is my home address. Try that out and see what happens. That way you can use Visa and Mastercard cards (they require the two to be the same whereas Discover and American Express usually do not). E. Attaining the Credit Card Numbers Many people think this part is the hardest. It is actually the least hardest out of all the hard things in doing hardcore credit card fraud. An ideal job would to be in charge of a computer system for a company that process all credit card purchases through a computer that dials a modem into a verification company and batches out the cards. Then you can just copy the authorization file and store it on disk and have all the numbers, expiration dates, addresses, and numbers for all the purchases. Even if you can only get the name, card number, and expiration date you can usually look up the name and get a good idea of who it is (assuming its a local name). Inside jobs are the best ways of getting card numbers. You can work as a clerk at a mall job and, when you take out the trash (as you would since your a loser clerk), you can put all the carbons in a box outside the dumpster and drive around later to pick them up. You can even work as a mall clerk as a second job and keep your current one. Other ways are through dumpster diving for carbons. The best way though is to be in a company where you have access to the file that has the card information and the customer info. Most places that sell over the internet take all that info down on the computer. If you become a sysadmin for that place then you are set. Remember, if you have no skills in the computer then you can not get a job for any of these companies. I am assuming you know something about computers, that's why your reading phrack right? So use those skills to get a job in some company that does internet commerce and hack into that file and get the info. Many places have databases where they track where their customers are calling from or which IP addresses they are routing in from and then store in a database the card info and the card holder info on a geographic map. So brush up on that SQL and get the info. The opportunities for someone computer skilled in getting an inside route to the card info are endless. If you cant get an inside track on card info then you should not be reading this file anymore. Put it away and come back later when you have some skills. F. How the Scam Works Attain the credit card numbers plus relevent information about the credit card holder. Information you should have before attempting to proceed: 1. Credit card number. 2. Expiration date. 3. Card type 4. Card holder's name 5. Card holder's address and home phone and/or business phone. Generally, the more information you know about the card holder the better you will be prepared to answer any questions the order-taker might make. The basic scam has a new twist which I have devised on my own. The drop off site is the most important place in this crime since it is the place all investigators go to begin the investigation into your whereabouts and its the only place in the whole scheme in which you actually have to physically reveal yourself to people who may be interviewed by the investigator. Most people advise to find an abandoned or vacant house or to have a friend accept the items for you. The friend idea is not wise as explained in my 10 commandments. New idea: Use a hotel or motel room for your drop off. The hotel room has many advantages and a few inconveniences. One advantage is that your drop off site can be mobile. You can drive to far off cities and have the drop off site be at a hotel there. You do not have to run around some strange town looking for a vacant house. Second advantage is singularity. With hotels you can use a drop off site one time and one time only and then move on to another site. Remember, it is wise to use a drop off site only once since the investigator will not have a chance to stake out the place on your second trip waiting for you to waltz up and get arrested while trying to grab the goods. One inconvenience is that sometimes you have to drive a long ways to get to a hotel that is far enough away from your current residence. Plus you have to find time to check out of the hotel before noon of the next day. That usually means you have to do it before work. What can be done is to order the stuff on a Friday and then go on your day off Saturday and pick it up. Or, if for some reason you can not do this, you can go to the hotel on your lunch break and pick up the item and check out. G. Selling the stolen item Once you have the item, with the receipt, then proceed to a store that buys computer items or a pawn shop to sell jewelry and shit. Make the sale. Most places will not ask for ID but if they do, hand them your state ID. It is usually better to drive up in a taxi cab since then you can tell them (if they ask) that you are a hater of all cars since they kill (traffic fatalities) and pollute the air (smog) and that you only use cars when you have to but usually you drive your Huffy. Remember, pawn shops accept state ID's. As long as they see an ID, their asses are covered so they don't give a damn about your ID. Take the money, go to the bank, and deposit it. Then go home and relax. H. American Express and Discover American Express is useful since they allow you to send a package to another address other than your billing address. Visa and Mastercard will usually not allow the shipping and billing address to be different. Even if you have a company Visa card they will not allow you to send the merchandise to an "employee" in some hotel. The merchants will usually make you resend it from your workplace. So, if possible, use American Express since you know you will not have a problem. Discover card is the same way too but some merchants do not know this. Sometimes they will let you sometimes they won't. Remember, always make sure they will allow different shipping and billing addresses before you give them that precious card number and ID info!! I. Basic Summary In order to clarify all this, here is a summary of the sequence of events in an IS. 1. Get a couple of fake ID's sent to you from those companies I listed above (make sure they correspond to the names of the card holders that you have verified still have credit). 2. Get five or six cards with card number, expiration date, card name, card address, card home number. 3. Pick five or six merchants and the item or items you want to purchase from each of them. 4. Pick a couple of places you know you can sell the stuff once you get it. 5. Wait till a day where you can order the stuff and pick it up the next day (either on your day off or on your lunch break. 6. Twenty minutes before you order the goods, call a verification place (have three or four handy in case one is busy or down), and verify the card has still has good credit left (usually check for a dollar or so). 7. Sometime after noon, call the first merchant and see if they will do what you want. Give them the necessary info and hang up. 8. Drive to the hotel and check in under the alias name with the fake id in your wallet. Remove all other forms of ID from your personage. 9. Go beat your meat to the latest pr0n sent to your mail box till the next day. 10. Check voice mail or your hotel messages periodically. 11. Go to the hotel with however amount of stealth you want, and pick up the stuff. 12. Check out of the hotel. 13. Drive to the sell point and sell the stuff. 14. Go to the bank and deposit it as soon as possible. 15. Hire hooker to have sex with you since you are a stud and too geeky to get it free. Section IV. How Credit Fraud Investigations Work A. What Initiates An Investigation? Mostly an investigation is instigated, as I have stated before in Credit Card Law, by merchants or consumers. The two parties can either pursue the investigation themselves or pay a professional to do it. Always assume they will investigate and always assume they will hire the best. That way, anything else will be a breeze to you. Obviously the more money a merchant or person has lost, the more likely they will go to extremes to get you. So if you maintain $1000 or less average ripoff rate per card holder and merchant, you minimize the chance that packs of people will come hounding after you for outsmarting them. This excerpt was taken from a website. It is interesting to note how banks do fraud detection with computers. "Detection of consumer credit card fraud is one of the most prevalent and successful applications of neural net technology in retail banking today. The banks with the largest credit card businesses, and thus the highest losses due to consumer fraud, have been the pioneers of the technology. Even using the most advanced techniques on card transaction data, consumer credit card fraud is very difficult to detect with any certainty; even the best neural net models cannot provide more than about 1 in 3 to 1 in 4 certainty of actual versus suspected fraud. For the largest card issuers, optimal selection rates for consumer fraud investigation using neural net detection technology range from about 0.1% to about 3.0% of the total transaction base, yielding fraud detection rates of about 20% to 30% at false positive rates of about 85% to 95%. A bank card issuer with 1 million transactions per day can generate maximum net daily fraud prevention savings of up to $300,000 using neural net detection. Nearly all banks that use neural net technology for credit card fraud detection use vendor-supplied packages and tools; leading vendors are HNC Inc. and Nestor Corporation for complete packages, and NeuralWare Inc. for programming tools. Well over 50 million bank card accounts are screened and scored today for suspected fraud using neural net technology." This quote was taken from http://www.towergroup.com/NONCUST/NOTES/V2/HIGH/v2_017.htm Great stuff on cc fraud prevention. Mostly, as I have explained previously, the fraud investigation is done by the merchant or the card holder. Some places have a full time fraud investigator who just goes around trying to bust people. Many of these investigators check phone logs of the merchants call auditing system, interview the person who handled the order, review any tapes of the voice of the person who ordered the stuff, interview the hotel clerk who signed for the stuff, etc. So be careful. B. Caller ID and AMA Caller ID is not to be worried about since you will always be calling from a payphone. It does not really matter if they trace it (unless your stupid enough to call from the same three or four payphones in the same area). AMA information is almost the same. It does not matter that AMA can track you even if you op divert since your still calling from a payphone. I would suggest calling from a different, random payphone everytime you do an IS. Its hard to break away from habit and to break away from convenience to drive a long ways across town to make a call, but its worth it compared to all the "inconvenience" you will receive from Bubba and his horny gang in the state pen's showers. C. The Association of Credit Fraud Investigators A good place to keep up on whats happening in credit fraud investigation is to use a fake P O box (remember, use a fake state ID to open up a PO box under an alias and get into this organization) and join the Association of Credit Card Fraud Investigators. It always pay to know how the enemy will come bust you! Section V. Advanced Tactics A. Anonymous Recalling Service I have heard of some companies that will allow you to dial into their pbx for a fee and call out on another line thus concealing your location. The caller ID and ANI (Automatic Number Identification) info passed along to the victim company will be that of the anonymous recaller service. Clearly a service such as this one would be a haven for carders and other criminals. I would tend to think that a company that offers this kind of service would be visited by the authorities frequently in order to trace back a call. I have not yet found a company that offers these services but I have formulated what would be some basic tenents that a company like this would have to do in order for it to be usable by the carder. They are: 1. The company would allow you to buy a block of time that can be used on a per minute basis (i.e. use a money order and purchase a 60 minute block of usage for $60). 2. The company would allow you to pay with money order or cash so as to not have to give a real name. 3. The company does not retain any logs of incoming ANI information so the authorities can peruse at their discretion later. Of course you would call from a payphone so no one could really trace you back but the ANI information from a payphone is announced to the victim company and investigators later on can know the exact place you made the call. With an anonymous recalling service the investigators would not know where you called from. The only thing they would know was the location of the cardholder's address (the person who owned the card number that you used to steal the merchandise) and they would know the place where it was sent to. I know of no way presently to conceal the cardholder's address but I have an idea on how to conceal and confuse the location of the drop-site. B. Anonymous Remailing Service An anonymous remailing service would be a place that would receive packages from abroad and reship them to your drop-site. I have heard of places like this but have never seen a place that actually does it. Of course you could ask someone in a certain town to reship it to you for a fee and start a relationship with this person. But most likely this person would get suspicious and call the authorities and they would come to your drop-site and arrest you. So that would be a bad idea. This idea violates the most sacred commandment: commandment one. You may argue "The person does not know of my identity so in essence I am not trusting this person." But, alas, the person knows where you will be when the delivery is made to your drop-site and can tell the authorities beforehand. Also, it is highly irregular to have packages reshipped to somewhere else so suspicion would already be raised and thus, you would be increasing your chance of capture. If I ever find an anonymous remailing service I would hope they have certain characteristics: 1. The company would allow you to buy a certain number of "pounds" that can be shipped. For instance, a person might pay $60 dollars for a total of 30 pounds to be shipped anywhere in the United States. 2. The company would allow you to call in and tell them to flag a package that is addressed to "Mark Templar," for instance, and have it sent to another address with maybe even another name on the package. 3. The company would not keep any records of the address of the redirected package. The only thing they would have on hand is your account name and password (in order to identify yourself C. The Benefits of Disguise "Lose your face lose your name." - Mighty Mighty Bosstones Obviously, the less accurate the hotel clerks description of you the better off you are if the feds come a knockin. Try to decrease your exposure as much as possible. Color your hair for a month of IS's, put on a mustache, grow a goatee (you know you always wanted to do that), wear a different style of clothes, cross dress, etc. If the feds are looking for a woman in spandex and your a guy in a tshirt and jeans with pizza stains all over you, they will not have much of a case. Be imaginative. D. The Friendly Taxi Cab Driver If you desire, you can go to your drop site in a taxi cab and have the cabbie wait a while until you get your goods, check out of the hotel, and leave. This way no one can see the car you drive and record a driver's license number. You could have the cabbie pick you up at an apartment complex or something about a mile away. Have them take you to the spot and take you back. No one sees your car or anything. The taxi cab cost will add a little to the overhead but its worth the decreased exposure. E. Moving Up the ID Ladder Once you get some money you can spend it on getting your own laminator and camara with matching software. This way you do not have to send off money to get a new ID card. You might even be able to recreate a driver's license. This equipment can cost some bucks. I would suggest putting the equipment at a storage place with a battery inside in case the place does not have power available. If you pay for the storage (usually in 6 month or even higher increments) then you do not have any incriminating evidence on your own property. As you get more skilled at this technique, you can begin to think about forging fake birth certificates and social security cards and getting the Department of Motor Vehicles to allow you to take the driving test and get a real driver's license. I could write a whole article about birth certificate fraud but it goes beyond the scope of this article. Suffice it to say it can be done for those who know. F. Voice Modification Technology Many places sell voice changers; some are better than others. Some devices do a really good job at making you sound like anyone you want to be. Others can only do four or five voices. Investing in these devices can be useful since some call- in places record the voices of those who call in for later use. If you are captured and the feds try to bring this evidence up against you, you would be able to get out of a conviction since your voice is not the same. I would also suggest storing this device in the storage room also. G. Internet Commerce Ordering Internet ordering requires different skills. I do not suggest internet ordering since find calling it in over the phone more anonymous. I suppose if you used a sniffer on the same segment as your connection and spoofed the order form you could get the anonymity but that requires techniques and it also requires you to break the law (spoofing and sniffing). Its a basic rule that the less laws you break, the safer you are. Also some of you may have the smart idea of using an anonymous web browsing service like anonymous.com or this navy.mil site I have used. Both sites will reveal in a second their logs to any authorities. All it takes would be for the investigator to look at the merchant's logs to see the ip you came in off of (which might by anonymizer.com, for instance), then go to anonymizer.com and look at their logs, then go to the owners of the dial-up service you use, look at their logs, and they may eventually have to look up the logs at the local telco. Even if you call into a stolen dialup account the owner of the account will demand to see the telco logs (because he or she is professing innocence) and the logs will point to your house. The only way this may work is if your using a laptop with acoustic coupler at a pay phone. Then you would not care if they traced the call back. But that requires some bucks (the A/C, laptop, etc.) and is not really worth it. But it does offer the computer elite among us a chance to show some skill so I guess it is okay. So either way, spoofing or dialing in on a stolen account (or an account you opened up with a money order to the ISP under a false name) requires you to break an additional law in order to commit credit card fraud. As I have said before, the less laws you break the better. So I generally frown upon these ideas as being too extravagant without any real tangible advantage over plain old voice call-ins. Maybe I am wrong. Would like to hear some opinions. H. Money Laundering Basics and Why You Should Know Now that you have all this money what to do with it? I would suggest depositing it into a bank for savings. As had been said before, the longer you card the more chances you will get caught. Put the money in the bank and then pull it out when you are ready to open your own business, invest in stocks, or whatever. The money will look clean to the IRS as long as you do not have too much money deposited into it all at once (say $10,000). Put in a little every week and if the IRS comes a knocking you can claim it is money you saved from not buying porn magazines or something. I would suggest depositing around $200 to $500 a week. Banks are not required to report to the regulators deposits this low so you are safe. I. How to Frame Someone With Credit Card Fraud This part is really easy. You are now fully aware of all the pitfalls that can befall you as you card away. Make some mistakes this time but point the trail to an enemy. If your a phreaking god then make the ani info point to your enemy's house. Or, break into his pedestal that services his house, call him up, and keep him on the phone long enough to find out which pair of wires is his number using your inductor. Then use your lineman's phone to dial up the merchant and start the transaction. Or you can call up some phone sex place and talk for hours (though most hang you up after 15 minutes and make you call back). Use this technique to frame an enemy. Do the scam but have the mailing address be your enemy's house. The more you have delivered there the more likely the fraud detection software will go off and the more likely your enemy will get busted. One sure fire way to set it off is to order lots of items with around 6 different credit card numbers and have it all ship to the victim's location. Do all the orders in one hour. More than not, the feds will show up at his door and bust him. Remember, you can do this to anyone (federal officials, movie stars, etc.). J. Concealing Your Location One way to avoid revealing your location would be to fly or drive to another state and then make the order from there. The idea is to leave on a Friday afternoon and arrive that night at a hotel room where you check in and pay for it with cash. You then go to a nearby payphone and order your goods and ask for next day shipment. When you go to the hotel and to the computer shop do one of two things in order to conceal your car: 1. Park a block away and walk there. 2. Park a half mile away and take a taxi. You do not want the hotel manager and/or the computer shop owner to jot down your license number and vehicle description (plus your physical description) if they become suspicious and want to check out where you purchased the item. Remember you will have the receipt of the item so they would know where you bought it at. K. Have your own "workshop" This part is important. If the feds come and bust you, they will search your house. You are screwed if you have incriminating evidence lying all over the place. Especially if you get your own laminator, software, camara, etc, then you can not just run a script on your computer and deep wipe it all from your house! So you need to get a storage place to hold all your tools. I would suggest using a fake state ID to get a storage site that offers electricity. If you can't find that, get a battery to power the items. Drive there without being followed and do your work and then leave. Once you are done with the IS, go back, store everything, and go back home. That way if you ever get busted, no one will know where all the stuff is. All the card numbers, devices, etc. are all in a locked storage room under a different name using an alias you have never used with any individual scam (IS). L. Voice Mail Boxes Most merchants will ask for a number in case the order goes bad and they need to call you up. If you give them a fake number and they call then the call will not go through. Sometimes the merchant will call the number to see if the number is real. The worry is that if you do not know if the merchant has called the number than you do not know if they have tried to verify the purchase. For instance, if a merchant tries to call the number and they get a Burgerking, then they might call the card issuing bank and ask for more verification of this sale. The bank will either call the card holder or give the correct number to the merchant and they will call the card holder. Then they will figure out your trying to scam them (remember the two people ripped off in each IS is the merchant and the card holder) and they will call the police and have them pick up your dumb ass at the hotel the next day. So to make sure this has a low likelihood of happening, get a voice mail box. Sometimes you can get away with giving them your hotel number but that means you have to admit your calling from a hotel and keeps you from trying to pass off the hotel address as being the actual address that you live at (remember the merchant has no way of knowing if the address you give them is actually the billing address unless they go to extraordinary lengths to find out). Its better to get a voice mail box and check for messages. You can normally order the VMB through the phone and send a money order to the place. Some places will actually open up the box for you for a week in exchange for your promise to send the payment. You can then make the voice mail recording message to act like its a home answering machine. Make sure the VMB is direct inward dialing. It would not look good to have the merchant go through the "Atlas Voice Mail Company" menus in order to get to you. So invest in a VMB so you can have the peace of mind of knowing if the merchant is trying to set you up or not. Change the VMB you use often. Section VI. Ways to Fight Credit Card Fraud A. How to Catch an Inside Credit Card Stealer If you are in the business of wanting to catch someone who you suspect is getting credit card info from your company and is using it to buy things, I have some suggestions. One thing you can do is get the FBI or local authorities in on it. Talk to them and suggest what can be done. What can be done is to first scan the entire computer system for any cron jobs or resident programs. These things may be copying the credit info file offsite to some remote IP address. If so, lookup the IP address and go from there. Another tactic is to plant a card into the credit file and wait. Get a card from the police that has only a $1000 dollar limit or, at the most, a $2000 dollar limit. Put the card into the credit file and wait. If you are lucky, the moment that card is used you will know that most of your suspicions will be true. From that point, call the card company and ask about the transaction and then talk to the company that was called and look into their call auditing system and see if you got any caller ID data or ANI number. Then, if you have not found out a number, get the police to call the local telco and get the logs and find out where the call was made from. Now you may find out the call is from a phone booth. If the call was from a house or something then you're set. Bust whoever lives there and hope they are the employee your suspecting or, if not, that the person will give you evidence against the employee you suspect. Remember, you know that the person is giving out credit info since your company is the only place the plant card has been "used." If the call was from a phone booth, compare the location of the phone booth to the suspected employee's residence. If the call came from a phone booth then you do not have much evidence to go on. What I would suggest next to do is hire a consultant (or do it yourself if you have the skills) and place all kinds of tripwires and watchdog programs on the credit info file to notice any change in its status. Hopefully, your expert or your expertise will have more skills than the suspected employee and you will catch the employee copying the file and bust him or her. B. How Your Business Can Fight Credit Card Fraud If you are a merchant and find out that many of your transactions are fraudulent, then I suggest to hire a professional credit fraud investigator. They have many techniques to stopping future fraud and some techniques in catching who did it in the past. Remember, the key to stopping credit card fraud is using the same way any house tries to stop a burgler. You know you can never make your house full-proof from a burglary but you want to have enough defenses so as to deter someone from attempting a break-in. You want them to move on to someone else easier. Likewise, a good professional will train your employees well enough that they are able to detect when a fraudulent credit card is being used. The professional can also get your computer system set up so that no employee in their right mind would attempt to copy that credit file. Eventually, word would get out to the criminal carders out there that your company is not to be messed with and, like a house with an alarm, dog, and security patrols periodically, the prospective carder will just move on to another company with less anti-carding skills. If you are having specific or chronic problems with credit card fraud abuse in your company, give me a email at the address I provide below and I will try and help you out. Section VI. Bibliography, Shoutouts, and How to Reach Me It is best to be prepared and take precautions in order to avoid contact. Always find out as much about your enemy as possible. I have looked ceaselessly for good books on credit card fraud investigations and the only book I could find on the web was a book by Burt Rapp which is now out of print and unavailable. I will attempt to find some resources in the future. A great source for the beginner is altavista.com. Type in "credit card fraud" and read on from there. Only about the first 60 sites are decent. As you will find, as I found out, most of it is old. Hence the need for my update. One decent book I found which is tangentally connected to CC fraud is "The Laundrymen" by Jeffrey Robinson. If you are successful enough to need to launder your ill-gotten gains then this book is worth the read. I got a lot of info from ordering some books from this site. http://pimall.com/nais/ They rock my werld. The final awesome source is to join the Association of Credit Card Fraud Investigators. Know thy enemy. Shoutouts: These people have influenced my development into what I am today. I thank them. Ace from EFNET #2600, Nirva, and Halflife. Tons of respect for you all. How to get a hold of me: n.s.a@usa.net Final Note: Credit card fraud is lonely business. NEVER succumb to the temptation of telling others in RL (real life) or on IRC about your CC skills. NEVER have a friend, even your best friend, help you out with this because if that person screws up and gets busted you will most likely be implicated since the D.A. will let "Best Friend Johnny" squeal on you instead of spending a year with "bubba." ALWAYS do this alone and ALWAYS maintain as low of a profile as possible. AND NEVER EVER use the equipment you buy in your own residency. I will attempt to update this article if anything changes or I happen upon any other revelations in knowledge and technique. Look at the version number at the top to see which one you're reading.