We hope you are all doing well and staying healthy. Today at Cashout-Money we have decided to post this comprehensive guide 2022 to set up your machine AKA Laptop/PC for carding success, we have realized that so many of you are doing this all wrong including those we have gained some carding experience along the way because they have developed bad habits along the way.

Building up the right foundation as you start carding is not only advised but it’s crucial for your success and freedom as you go along climbing the carding ladder.

So regarding our carding hustles, we are talking about loans whether they are SBA or Private we hit both, Credit cards to cash via merch terminals using shell businesses, yes some people do a chargeback but that’s a very small fraction of people due to the process that we involve while charging their card and cashout, its all down to experience we also engage in EMV cloning throughout the US and EU, the list goes on and on…

The point is we play big and engage in top-tier carding yes it’s all carding but you, however, will start from the bottom just like anyone else, like we did more than a decade ago.

The bottom of carding that we are talking about is carding physical goods, $20 here $50 there sometimes up to $250 if you have gained some experience along the way or let’s say the most you can boast as a pro carder would be $500 as a single transaction. 

To get to that level where you can card up to $500 in a single transaction you will need to work full-time on your carding craft, there is no two way about it, you cant leave half a foot in the door while leaving the other half out, anyone that says otherwise is just lying to you, pure and simple.

We are always upfront with our students while teaching them carding as part of our masterclass you can also get that here when they see us carding shops buying physical goods and gift cards they think they can just replicate the exact same process right after their class is over, well… we explain to them in order to get to that level they will need to practice and develop good habits from the very get-go, you will not get our level of success without putting in the same or similar work that we did to get to where we currently are.

In this article, we promised to give you a foolproof way to set up your machine for your carding success and it will go along smoothly as you will climb your carding ladder.

Your carding machine should only be used for carding purposes, so that means you must never log in with real profiles like G-mail, Hotmail, Youtube, Yahoo, Facebook, Instagram, Twitter, Linked-In, and whatnot. 

It is strongly advisable to have an extra laptop or computer for the carding scene, personal data should be backed up separately from illegal data. Different PC, different hard drives, etc.

This is advisable not only because of the police but also if you are infected by someone, these days it’s not just the cybercrime police but so many other threat actors that are trying to screw you over.

So in case, you let something slip and this threat actor got access to your machine now he wants to screw you over he can only get access to your carding data, but not your Photos, Address, Facebook, Hotmail, Gmail, Yahoo, Youtube, Instagram, Linked-In logins and so on.

Because carding data is the least of your worries in case someone gets access to your machine,  they will not be able to blackmail you based on carding data as that does not link to your identity in any way.


After you have installed an operating system of your choice, it is essential to encrypt your entire machine.

Encryption is the life insurance of every criminal. It makes it much more difficult for the authorities to investigate you, even during the search of your premises whether it be your home or office, when they do eventually get your machine it makes it impossible to crack it unless you get done because of encrypting your drive with a something know to have a backdoor (usually its closed source encryption products such as BitLocker).

Our recommended password length for your encryption is 30 characters, you can say that the longer it is, the more difficult it will be for authorities to brute-force your encryption.

Veracrypt has proven itself and this should still be secure, it is advisable to use it you can do so by clicking or copy/pasting the link below:

Since you want to lock your system, an installation on your operating system is necessary. You can find instructions for full encryption below:


This is a must-have. The basic requirement to start safety is having a premium VPN membership with one of the known VPN providers who won’t hand your data out to the authorities because they simply don’t keep their users logs.

If you are someone who is not easily frustrated over the speed then you can go with “perfect privacy VPN” because it comes with 4 hops, yes you heard that right but if you are someone who is not patient with then you can read the post about best VPN above and make up your mind. 

Most people however swear by Perfect Privacy (PP since 2008) because this provider does not log according to their own statements, which is supported by the fact that there are no known cases of a bus at PP that can be attributed to the failure of the VPN provider.

Another interesting fact is that Perfect Privacy servers run on RAM disks and not via hard disks. Overall, Perfect Privacy also convinces with its always open communication with customers in the website Internal Forum.

You can find PP’s website here:

We at CashoutMoney use Perfect Privacy VPN because of their 4 hops infrastructure but they are not cheap compare to others.

Once you have done that, you have to test if the DNS leak protection of Perfect Privacy works. You can do this directly on the Perfect Privacy page or here


We only recommend firefox, the next step is to install the Firefox browser.


It is usually useful to download directly from the manufacturer’s site by following the link above.

After you have installed Firefox, go to the search line above and enter “about:config” and below we will explain to you the changes you will be making in your browser to make it rock solid perfect for carding.


With the help of the Geolocation API, the geographical position of the surfer can be determined relatively precisely. Depending on the existing hardware in the computer, the WiFis in the vicinity can be used or GPS hardware can be used to determine the location.

In the worst-case scenario, the location can only be determined by the IP address. The API is used with Javascript. Current Firefox versions ask before access to the Geolocation API is allowed.

Nevertheless, we have a better feeling if you disable it completely. For this you have to set the following variable under “about:config”:The Code:

geo.enabled false
geo.wifi.uri (empty string) 1

This setting is important if you hide your IP address with anonymization services or VPNs.


WebGL provides a Javascript API for rendering 3D objects. It can be used for fingerprinting the performance of graphics hardware and OpenGL implementation, such as the Perfect Pixel study:

Fingerprinting Canvas in HTML5 shows Fingerprinting via WebGL can be prevented with the following settings:The Code:

webgl.disable-extensions true 
webgl.min_capability_mode true
webgl.disable-fail-if-major-performance-caveat true

 In addition, WebGL is an (unnecessary) security risk because it allows attacks on the operating system.

By reloading fonts, bugs in the font rendering libraries can be exploited. This was the case for Linux (CVE-2010-3855), Windows (ms11-087), or OpenBSD (CVE-2013-6462).

The WebGL shader engines also have occasional bugs, such as MFSA 2016-53, so we at CashoutMoney recommend you disabling WebGL completely to reduce the risk:The Code:

webgl.disabled = true

WebRTC is a technology that enables direct telephony and video chats between surfers in the browser.

Currently, there are few useful applications for this technology, and we would prefer a specialized program like Jitsi. If you really want to try it out, you can watch Palava. tv or browser meeting instead.

With WebRTC you can find out the local IP address of the computer in the LAN and the public IP address. Even VPN connections can be tricked with it. Furthermore, the presence of a camera and microphone can be used as a feature in the browser fingerprint.

In Firefox, WebRTC can be deactivated under “about:config”:The Code:

media.peerconnection.enabled = false 
loop.enabled = false
loop.facebook.enabled = false


The highly accurate timing APIs can be misused by web applications to analyze resource loading or user behavior (Timing Attacks on Web Privacy, PDF). If you use your browser to read websites and not primarily for games, you should disable the APIs:The Code:

dom.enable_resource_timing = false
dom.enable_user_timing = false
dom.enable_performance = false


With clipboard events, Firefox informs a web page that the surfer has copied a section to the clipboard or pasted the clipboard contents into a form field.

The events oncopy, oncut and onpaste are triggered to which the web page could react. You can deactivate these events under “about:config”:The Code:

dom.event.clipboardevents.enabled = false


Firefox starts loading web pages in some situations when the mouse pointer is over a link, before you actually click.

This should speed up the loading of web pages by a few milliseconds. If you want to avoid connections with unwanted web servers, you can disable this feature under “about:config”:The Code:

network.http.speculative-parallel-limit = 0

DEACTIVATE WEB-IDE recommends for Firefox 38.0 to disable the WebIDE under “about:config” for security reasons:The Code:

devtools.webide.enabled = false
devtools.webide.autoinstallADBHelper = false
devtools.webide.autoinstallFxdtAdapters = false

You wouldn’t like it if someone could remotely deactivate or disable anything on my computer. Under “about:config” you can disable this feature:The Code:

extensions.blocklist.enabled = false


​Since Firefox 4.0, the browser contacts the AMO server of Mozilla daily and sends an exact list of installed add-ons and the time Firefox needs to start. In response, the server sends status updates for the installed add-ons.

This feature is independent of the update check for add-ons, it is just an additional data collection from Mozilla. Under “about:config” you can disable this function:The Code:

extensions.getAddons.cache.enabled = false


Beacons allow a browser to send data collected via Javascript to the web server for analysis when leaving/closing a website.

We can’t think of a useful application outside of “analysis of the surfing behavior” (aka tracking). Under “about:config” you can disable this feature:The Code:

beacon.enabled = false


Starting with Firefox, it is no longer sufficient to disable the use of Google’s Safebrowsing database in the settings dialog.

Additionally, you have to disable the download of the database under “about:config” if you don’t want to connect to Google and we recommend that you don’t!The Code:

browser.safebrowsing.enabled false (until Firefox 49) 
browser.safebrowsing.phishing.enabled false (from Firefox 50) 
browser.safebrowsing.malware.enabled false 
browser.safebrowsing.blockedURIs.enabled false 
browser.safebrowsing.downloads.enabled false 
browser.safebrowsing.downloads.remote.enabled false 
browser.safebrowsing.updateURL (empty string) 
browser.safebrowsing.appRepURL (empty string, up to FF 45) 
browser.safebrowsing.downloads.remote.url (empty string, from FF 46)

Against phishing attacks no technical measures protect completely but primarily the own behavior and against malware, regular updates of the system protect better than virus scanners and URL lists.


The health report is sent to Mozilla, you can deactivate it under “about:config”:The Code:

datareporting.healthreport.service.enabled = false 
datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false


Firefox Mozilla introduced the heartbeat user rating system. The user should rate Firefox and is occasionally invited to participate in the community. Mozilla itself has recognized that this feature could be annoying, and it is!

Under “about:config” you can disable the feature by setting the following URL to an empty string:The Code:

browser.selfsupport.url = ""


Firefox detects the portal pages of Wi-Fi hotspots and opens them in a new tab (Release Notes).

For Wi-Fi Hotspot portal detection, Firefox contacts the following web page every time it is launched check that here:

Under “about:config” you can get Firefox to stop this behavior by disabling portal detection (you will hardly miss it):The Code:

network.captive-portal-service.enabled = false


Microsoft Family Safety is a local man-in-the-middle proxy in Windows 10 that can control access rights to web pages and is therefore by definition a censorship tool.

Starting with Firefox 52, the use of Microsoft Family Safety is enabled by default. With the following option you can disable the use of Microsoft Family Safety under “about:config”:The Code:

security.family_safety.mode = 0


The hardware ID can be read by programs under certain circumstances, in the worst case it can be used in comparison against you.

Therefore it is recommended to change it as well. For this there is this tool:

The tool is self-explanatory and very easy to use. You start the program, generate a new hardware ID, and press the “Change HWID-Button”.

After the reboot, the new hardware ID should be set.

To see whether the changes have become active do the following:

Go to Start in Windows and type “regedit” and confirm as admin.

A window will open. Now you have to follow the following path to get the correct file:The Path:

Computer - Hkey_Local_Machine - System - CurrentControlset - Control - ID Config DB - Hardware Profiles - 0001

There you will find a file called “HW Profile Guide”. On the right side, there is a value. Change the last 4 digits of the value


Yeah, we admit it may sound paranoid. But, if you study and understand how RATs work like we understand, you will surely understand why.

If someone infects you, they may have complete access to your computer once it’s connected to the Internet it’s simple as that.

This may include access to microphones and cameras. If this is the case, the attacker can theoretically take pictures of you at any time, but he can also activate your microphone.

This is also possible via your smartphone. As long as you don’t need the microphone, we recommend deactivating it in the device manager.

With the camera, we take one more radical step. Not only do we deactivate it, but we also uninstall the drivers for it. Additionally, we have taped our laptop cameras.

In the device manager, go to “Image Processing or Imaging Device” and uninstall your camera.


It is a key combination that you can use to crash your PC and thus re-encrypt your PC. If for some reason the police should access your data, you can protect it from the state.

Those who use a stationary PC can use it in case of an uninvited spontaneous visit to the Blue-Man-Group (police) simply switch off immediately via multiple sockets with a switch so that it will re-encrypt the system again.

For those who use a notebook, however, working without a battery is highly recommended so that you can just pull out the adapter to switch off immediately before the task force can take control of your Laptop to keep it “open and alive” for data extraction.

If you don’t want to take out the battery, after all, it is possible on Windows systems to trigger a blue screen of death at the touch of a key, which immediately crashes the system, thus arming the encryption back on.

To do this, you only have to enter the following registry key with a currently patched computer and enter a DWORD value by going to the registry path below:The Path:


Enter a new key as DWORD “CrashOnCtrlScroll” (without quotation marks).

Enter the value “1” to the newly created key and restart the computer (without quotation marks),

After the restart you only have to press the following key combination in case of emergency:

Keep the right “Ctrl” key pressed and press the “Scroll” key twice.

If you don’t know where the key on the keyboard is, just google for it.

Don’t panic when you see a Bluescreen of Death for the first time, it’s for your own


Virtual machines are required to run the carding tools without running them on your host system.

If you want to become a professional carder, you can’t do without a VM.

Install VM Workstation or VirtualBox (free) Which variant you choose is up to you since the VM does not differ noticeably in its appearance.


For the VB, it’s best to use Windows 8 or 10. To install the VB, you need a .iso image of the selected OS that you can find below:

You can create your first virtual machine instance by following our screenshots below, its easy to get started.  

– Create a VM:

– Select Configuration:

– Determine ISO file location, where Windows is located:

– Determine Version:

– Name VM:

– Allocate Disk Space:

– Adjust VM:

– Working memory, allocate RAM:

And finally, start the VM and let the operating system be installed like a normal installation.

VMware has the EasyInstaller function for Windows and Ubuntu, so that they install themselves more or less independently on your VM.

Congrats! You are now ready to start carding let’s go and conquer the world of carding!


Leave a Reply

Your email address will not be published.