 
Join Date: Aug 2013
Posts: 567
 |
Exploiting Track2 Info
The following article explains practically how vulnerable banks are in the operation of ATM cards. ATM cards (Credit cards) usually has a magnetic stripe that contains the raw data called tracks for its operation.
The physical layout of the cards is standard. The LOGICAL makeup varies from institution to institution. There are some generally followed layouts, but not mandatory. There are actually up to three tracks on a card. Track 1 was designed for airline use. It contains your name and usually your account number. This is the track that is used when the ATM greets you by name. There are some glitches in how things are ordered so occasionally you do get "Greetings Bill Smith Dr." but such is life. This track is also used with the new airline auto check in (PSA, American, etc) Track 3 is the "OFF-LINE" ATM track. It contains security information as your daily limit, limit left, last access, account number, and expiration date. (And usually anything I describe in track 2). The ATM itself could have the ability to rewrite this track to update information. Track 2 is the main operational track for online use. The first thing on track to is the PRIMARY ACCOUNT NUMBER (PAN). This is pretty standard for all cards, though no guarantee. Example of Track1 B4888603170607238^Head/Potato^050510100000000001203191805191000000 Example of Track2 4888603170607238=05051011203191805191 Usually only track1 and track2 are needed to exploit the ATM card. Let us examine track1. Take the Credit Card account number from Track 2 in this example it is:4888603170607238 and add the letter "B" in the front of the number like this B4888603170607238 then add the cardholder name YOU want to show on the card B4888603170607238^Head/Potato^(Last name first/First Name)next add the expiry date and service code (expiry date is YYMM in this case 0505,and in this case the 3 digit service code is 101 so add 0505101 , B4888603170607238^Head/Potato^0505101 No add 10 zero's after service code: B4888603170607238^Head/Potato^05051010000000000 Next add the remaining numbers from Track2 (after the service code) B4888603170607238^Head/Potato^050510100000000001203191805191 and then add six zero's (6) zero's B4888603170607238^Head/Potato^050510100000000001203191805191000000 this is your Track 1 Track 1:B4888603170607238^Head/Potato^050510100000000001203191805191000000 REMEMEBER THIS IS ONLY FOR VISA AND MASTER CARD(16digits) , AMEX HAS 14 DIGITS, this doesn't work for Amex FORMAT FOR TRACK2 CC NUMBER: YYMM (SERVICE CODE)(PVV)/(CVV) Here is the Fleet's credit track2 dump: 4305500092327108=040110110000426 we see card number, an expiration date, 1011 - service code, 0000 is the place for pvn (but it is absent!), and at least 426 is the cvv (do not mix with cvv2) Now let's take a look on MBNA's track2 dump: 4264294318344118=04021010000044500000 here we see the same - no pvn's and other verification information -just a cvv. As clearly shown above it is possible to generate track1 from track2 using the method shown above. However track2 gen software automates the process. The major process of getting the track2 info is through skimming. Fraudulent POS (Point of sale) merchants can use handheld devices called skimmers to read off and download the tracks data from your credit card if you are not careful. This is the main method of obtaining the original tracks from the credit card. However this article will focus on the exploitation of ATM cards using credit card info such as Credit card number, cvv2, Exp date and PIN and then using algorithms commonly called ALGOS to generate the track2. These credit cards infos are normally . There are a lot of reviewed [censored] who sells these infos in some carding forums. Now it is interesting to note that there are a lot of talks about track2 generation possibility. How much is it real? However in my own candid opinion, it is very possible to generate track2. The simple truth is this. Generation process of debit (and some credit) dumps from the credit card number, expiration date and cvv2 code becomes possible because of the banks’ weak, "nonsaturated" structure and the banks failure to actually carry out proper validation of the track2 info. It might interest you to know that about 10% of banks are vulnerable. This vulnerability called pvv loophole have been fixed for the major banks But still sometimes the idiocy and negligence shown by employees of many American (and not only) banks quite often continues to surprise all: about 10% of issued cards still vulnerable, even for the moment. During the last 2 years I have come to discover so many banks which are still vulnerable to this attack. This forms the basis of this article. Armed with the right tool, you can actually encode cards using cc number, cvv2, Exp date, PIN and the algos. Now what is the nature of the algos you might ask? I will give you a sample. 518445**********=YYMM10100000000779 529107**********=YYMM10100000000CVV These are track2 info. The RHS is the card number. YYMM is the exp date ( year/month) and the CVV is the card verification value. The first 6 digits of the card number is called the BIN . You only neeed to know if the BIN is casahble or vunerable to use the Algo. Below is the screenshot of the Algo list I have compiled and tested to work 100% ( About 800) . Because some banks fail to actually validate the full track2 info, it is possible to use track2 generators softwares to attack the BINS. You simply enter the credit card number, cvv2, exp date and you get the generated track2. Remember this only works for weak BINS or cashable BINS. To test if the track2 you have generated is working before practically going to the ATM with the PIN to cash out, it is important you check the track2 using online checker. This will save cost for your embossed cards and it will be safer for you. I can offer you this service at a modest price of $3 for one track2 info. If you get 00 approval code and you have the right PIN , you will have about 97% success. Below are the screenshots for the track2 generators. |
|
|
  
Join Date: Nov 2014
Posts: 1
 |
where th picture
Below is the screenshot of the Algo list I have compiled and tested to work 100% ( About 800) .?? |
|
|
|
Join Date: Mar 2015
Posts: 27
Contact: Icq 672874240
 |
Hi, I don't see the screenshot of your list. Do u sell track 2 generator? Let's chat on ICQ
|
|
|
|
|
Join Date: Oct 2015
Posts: 1
Contact: mustafakaya@gmx
|
I've been a member of the site. track 2 How do I see how I shop information
|
|
|
|
 
Join Date: Nov 2013
Posts: 150
|
you can generate
|
|
|
|
|
Join Date: Jan 2016
Posts: 7
|
Where is screenshot?
|
|
|
|
|
Join Date: Nov 2013
Posts: 150
|
thanks
|
|
|
|
|
Join Date: Apr 2016
Posts: 7
|
working
|
|
|
|
 
Join Date: May 2016
Posts: 64
|
Nice explication brother,can you also explain us about the EMV Chip?
|
|
|
|
|
Join Date: Aug 2018
Location: I Domicile upon the Land in the USA
Posts: 6
Contact: 744167426
|
Hello,
Cartographer, Allow. I was wondering if the information has been updated with new Key information or exploits? Also there are generators for Track 2, CVV or PIN of Credit, Debit or Gift Cards? -Thanks |
|
|
|
 |
«
Previous Thread
|
Next Thread
»
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Exploiting Credit Card Track2 Info | Cartographer | Tutorials | 0 | 08-31-2013 05:01 PM |
| Who is helping people or what is considered a private info | Cartographer | Tutorials | 0 | 08-31-2013 04:42 PM |