Telegram Extrap/Binning Fraud Communities

Insight into Binning and Extraps: Understanding Telegram's Extrap/Binning Fraud Communities

The world of online fraud is constantly evolving, and Telegram Extrap/Binning Fraud Communities are one of the latest trends in illegal activities on instant messaging platforms. This type of fraud involves exploiting vulnerabilities in the "extraps" (short for "extract and reprogram") of bank cards in order to generate new cards that can be used to authorize transactions.

CCN cards, also known as "credit card numbers" cards, are a type of fraudulent credit card that are created with incorrect or random CVC (Card Verification Code) information. These types of cards are typically used in online transactions where the physical card is not present, as the CVC is not required for the transaction to go through. Criminals create these CCN cards by obtaining valid credit card numbers using 'extraps' and tools such as namso-gen to generate possible bank cards formatted in the luhn algorithm.

Fraudsters mass produce these cards, in a format known as an 'extrap' which looks somewhat like: 444444444444xxxx 01/25. They then use these cards to try to authorize them using checkers that are widely available through Telegram. This automation of the checking process is done through gateways such as Stripe or Braintree.

It's important to note that it's still possible for CCN cards to authorize with payment gateways despite the CVC being incorrect or not present. This is still widely exploited and is called a 'Multifunctional' Bin. These bins are most commonly used to target Netflix, Canva and Spotify for free trials.

Fighting this Fraud

This type of fraud will always exist and has existed since the early days of IRC fraud chats, such as the seized chknet/carding.network. To combat this, Banks must always require 3D Secure - even on £0 auth purchases - such as India who has it mandated by law for all banks to comply with.

Be more like HSBC! - Don't give bad-actors clues, when responding on a payment gateway. If a payment is not authorized simply return 'Your card is declined' and return if possible a notification to the user with a more specific reason. Do not include responses such as 'Your card's security code is incorrect' or 'Your card has expired'. - These are actively exploited.

Generate in a way which trips up generators - such as Barclays which usually ends with a x00x format, or similar.

Telegram is legal to download - and actively enables criminals to build entire networks and services, which results in large financial loss for banks and people! Telegram's moderation needs to be criticized by governments.

Stay safe online by staying informed about Telegram's Extrap/Binning Scams, and taking the necessary precautions to protect yourself from becoming a victim of fraud. Follow Telegram security tips to ensure that you stay safe online and avoid the Extrap/Binning Scams.