Carding Bites: The Concept of NONVBV If there is one thing that permeates the entire carding industry its the existence of NONVBV bins. You can see it everywhere - forums, Telegram channels Discord servers, darknet markets - NONVBV this NONVBV that. But even with it being the most talked-about topic in carding circles, incorrect information still spreads like herpes. We'll clear up the confusion with this writeup.
3DS 2.0
3D Secure 2.0 is the evolved form of the original "Verified by Visa" and "Mastercard SecureCode" bullshit that used to throw up those annoying password pages during checkout. The previous 3DS 1.0 was a clunky piece of garbage that relied on static passwords or security questions.
3DS 2.0 changed the fucking game entirely. Instead of just asking for a password this new system collects over 100 data points about your transaction - device fingerprints, geolocation purchase history, browsing patterns - and runs it through risk assessment algorithms to determine if youre legit or not.
The crown jewel of this system is what they call "frictionless authentication." When a card issuer receives a 3DS 2.0 authentication request they analyze all these data points in real-time. If everything looks normal, they'll approve the transaction without bothering the cardholder for verification. No SMS code no app notification, no nothing - the payment just goes through.
This is why your standard carding techniques from 2018 are now as useful as a dick-flavored lollipop. The game has shifted from bypassing passwords to manipulating risk assessment systems or finding cards that sidestep the entire process altogether.NONVBV BINS
NONVBV bins are the bread and butter in the carding world. These arent some special cards - they're just regular credit cards from issuers that either have fucked up 3DS implementations or dont use the protocol at all.
AutoVBV Cards
AutoVBV cards are technically enrolled in 3DS but they have a critical flaw: they automatically authenticate the transaction without requiring cardholder input. The issuing bank has implemented 3DS, but their system is configured to greenlight transactions through the "frictionless" path almost 100% of the time.
When you use these for transactions the merchant's system thinks the card went through proper 3DS verification. In reality, the banks Access Control Server just rubber-stamped that shit without any real security check.
NONVBV Cards
True NONVBV cards come from banks that don't participate in 3DS at all. These dinosaurs havent implemented the security protocol so when a merchant tries to initiate a 3DS verification, the transaction just proceeds with basic card details (number expiry, CVV). Some strict merchants do not support them at all.
Which To USE
While both types let you bypass authentication challenges AutoVBV cards have distinct advantages:
- Liability Protection: Transactions that complete 3DS authentication (even automatically) shift the fraud liability from the merchant to the card issuer. This means merchants are more likely to accept these transactions.
- Higher Success Rate: Many merchants require 3DS for high-value purchases. AutoVBV cards satisfy this requirement technically, while pure NONVBV cards might get rejected with messages like "issuer not participating."
- Clean Paper Trail: An AutoVBV transaction looks legitimate in the merchant's records - it shows as "3DS authenticated" rather than "3DS attempted/failed" which raises fewer red flags.
- Wider Acceptance: Some payment processors automatically reject cards that dont support 3DS in certain regions (especially in Europe under SCA/PSD2). AutoVBV cards fly under this radar.
Checkers
Finding NONVBV bins isn't as simple as looking up a list online. Banks constantly update their security protocols, and bins that worked last month might be fully protected today. This is where checkers come in.
You have two options for verifying NONVBV bins:
Merchant API Checkers
Advanced carders build their own checkers using merchant APIs. These tools generate test cards from a specific BIN range and attempt transactions through payment gateways that implement 3DS. By analyzing the authentication response they can determine if the bin triggers 3DS challenges or not.
Setting up your own checker requires technical knowledge and access to payment processing APIs - Ill cover this in a future guide. The advantage is you get real-time, reliable data without relying on third parties.
Telegram Checkers
For beginners Telegram checkers like SAB and Raven are more accessible. These services let you input a BIN, and they'll run a quick test to see if cards from that range are likely to bypass 3DS.
Heres how these checkers typically work:
- You submit a BIN
- The service generates a valid card number from that BIN
- It attempts a small test transaction using their own Merchant account forcing frictionless
- Based on the authentication response, it tells you if the BIN is NONVBV/AutoVBV
Another problem is that banks often use dynamic risk assessment. A card might skip 3DS for small purchases but require verification for larger amounts or suspicious transactions. Checkers typically test with minimal transactions, so they might flag a BIN as NONVBV when it actually will trigger 3DS for your real carding attempts.
Conclusion
NONVBV bins are dying out fast. Banks everywhere are rolling out 3DS 2.0 with smart risk detection making clean bypasses harder to find by the day.
The pros aren't wasting time hunting unicorn bins anymore - theyre pivoting to social engineering, OTP bots and other techniques that don't rely on magical card numbers. Found a working NONVBV bin? Great, but dont get attached - that shit could be patched tomorrow.
As I've always fucking said its generally not about the bins anyway. Focus on your fingerprint first. Make sure your antidetect setup is solid, your proxies are clean and your browser profile doesn't leak. The best bin in the world wont save you if your digital fingerprint is dirty as fuck.
Security evolves, and you better evolve with it. Keep learning stay flexible, and don't get caught using yesterday's playbook. d0ctrine out.
Attachments
Last edited: