Welcome to the world of apparel carding. Today, we’re taking aim at Shein.com, the fast-fashion behemoth that’s flooded the market with cheap clothes and even cheaper security.
Shein isn’t just another fashion e-commerce site. These Chinese legends ship to over 150 countries and have a wider product range than many marketplaces. We’re talking clothing, lingerie, accessories, home goods — you name it, they’ve got it. And you know what? Their security isn’t half bad.
Shein may be an easier target, but that doesn’t mean you can do this carding half-heartedly. We’re going to dive deep into their security system, exploit their weaknesses, and walk away with more clothes than we can wear.
So grab your cards, fire up your proxies, and let’s turn this fast-fashion empire into our girlfriends’ personal closets (if they have one).
Why Shein?
Let’s talk about why Shein has become a prime target for carders. This Chinese fast-fashion giant isn’t just pumping out cheap clothes — they’ve inadvertently created the perfect site for our work.
Now let’s talk security. Shein has actually invested in a decent fraud prevention system. The Chinese aren’t complete idiots. They have a basic device fingerprinting system, some IP checks, and they’ll occasionally use 3D Secure if something smells fishy.
But here’s where things get good – and where we can make our money. Shein’s main bottleneck is their absolutely massive order volume. We’re talking millions of transactions every day, all over the world. This tidal wave of orders forces them to make critical compromises.
To handle this insane volume, Shein has to process orders quickly. They can’t afford to check every single transaction like smaller sites do. So they’ve tuned their fraud detection system to be more forgiving. They’re playing a numbers game: willing to let some fraudulent orders through to keep their overall operation running smoothly.
This creates a sweet spot for us. If we play smart – use fresh cards, change proxies, and don’t get too greedy – we can slip our orders in among the legitimate ones. Your fraudulent purchases disappear into the stream, becoming virtually invisible. The system might flag some of them for sure. But with this volume of transactions, a good percentage will still get through. It’s a numbers game, and the odds are in our favor.
Intelligence and Security Overview
Let’s dive into Shein’s HTTP requests. Fire up our trusty Burp Suite (we ditched Caido – that thing was getting too slow), and start digging. The IP logs show a few instances of identification, but none of them are pingable from the outside. At first glance, this might mean that all fraud prevention measures are being performed in-house, which makes sense given Shein’s huge order volume. But don’t get too excited. If you’ve been following our previous guides, you know that HTTP logs only tell half the story. Using Google, we did a little research into popular fraud protection systems and their customer lists. And here it is: Riskified proudly proclaims itself to be Shein’s fraud protection provider. This is a game changer. Riskified isn’t some silly fraud detection — these bastards are good. They use machine learning and data from multiple merchants to identify patterns. Your typical tricks may not work here. But remember, Shein’s volume is still our friend. Riskified may be smart, but it’s like trying to spot one counterfeit bill in a giant vault of cash. The sheer volume of transactions means some will slip through. Because they also use Adyen, 3D Secure pops up occasionally, but it's not all the time. They use it selectively, probably based on some risk assessment that Adyen itself uses. Also, and this is important: the fraud systems used by SHEIN vary from country to country. Look at this, I tried browsing their US site and they use FORTER.
So you basically have to pick your own poison. If you’re having trouble with Riskified detecting you, try moving to another Shein location and checking out what kind of fraud system they’re using. You never know, you might stumble upon a branch that hasn’t implemented the AI system yet.
Secret Method
Since Shein doesn’t verify email addresses when you sign up, we can use an old, golden trick I taught you all eons ago: the cardholder email trick.
Here’s the deal: You use the cardholder’s real email address to make the purchase. This clever move gives us a double whammy. First, it lowers our fraud score if the cardholder has a history on Adyen sites, helping us dodge that pesky 3DS request. Second, it adds a layer of legitimacy to our order in the eyes of Riskified, practically guaranteeing that our order will be shipped.
But don’t be sloppy. As soon as your order confirmation arrives, change the account email address to your own. And for heaven's sake, fill the cardholder's inbox with spam. The last thing we need is for them to stumble across your lingerie orders.
Requirements and Process
To successfully hit Shein, you'll need:
Process:
Triggered boxes (BIN doesn't matter if you are lowering your scam score, I just included them here since you guys keep asking for BIN):
545958, 517805
Warnings
While Shein can be a huge source of income, there are some issues to be aware of:
Conclusion
Shein represents a unique opportunity in the carding world. Its sheer volume and diverse product range make it an attractive target, but don’t underestimate its security measures. Success here requires a delicate balance of patience, strategy, and adaptability.
Remember, we’re playing a numbers game. Not every attempt will be successful, but with the right approach, enough will slip through to make it worthwhile. Vary your operations, don’t be greedy, and always be prepared to adapt your tactics.
The problem is that too many carders get hung up on the BIN when targeting Shein. This is a rookie mistake. As I’ve pointed out in most of my guides, getting hung up on the BIN is a surefire way to limit your success. The real approach is to understand the anti-fraud system and payment system behind the store. Master this, and you’ll find that any BIN can work wonders – as long as the card is clean and has a decent balance.
As always, this guide is just a starting point. The e-commerce scam landscape is constantly evolving, and your methods should evolve too. Stay informed, be careful, and you might just turn Shein into your personal cash cow.
Now go make those Chinese fast-fashion moguls regret their lax security. Just don’t come crying to me when you’re drowning in cheap polyester. Happy hunting.
Shein isn’t just another fashion e-commerce site. These Chinese legends ship to over 150 countries and have a wider product range than many marketplaces. We’re talking clothing, lingerie, accessories, home goods — you name it, they’ve got it. And you know what? Their security isn’t half bad.
Shein may be an easier target, but that doesn’t mean you can do this carding half-heartedly. We’re going to dive deep into their security system, exploit their weaknesses, and walk away with more clothes than we can wear.
So grab your cards, fire up your proxies, and let’s turn this fast-fashion empire into our girlfriends’ personal closets (if they have one).
Why Shein?
Let’s talk about why Shein has become a prime target for carders. This Chinese fast-fashion giant isn’t just pumping out cheap clothes — they’ve inadvertently created the perfect site for our work.
- Look at their price points. Most Shein items are under $50. This sweet spot allows you to pick up cards multiple times without triggering any high-value buy flags. You can make a significant profit on volume without attracting too much attention.
- The market for these items is huge. From Instagram “boutiques” to flea market sellers, there’s no shortage of people looking to buy Shein items at a premium. Fast resale means quick profits and less risk of chargebacks catching up with you.
Now let’s talk security. Shein has actually invested in a decent fraud prevention system. The Chinese aren’t complete idiots. They have a basic device fingerprinting system, some IP checks, and they’ll occasionally use 3D Secure if something smells fishy.
But here’s where things get good – and where we can make our money. Shein’s main bottleneck is their absolutely massive order volume. We’re talking millions of transactions every day, all over the world. This tidal wave of orders forces them to make critical compromises.
To handle this insane volume, Shein has to process orders quickly. They can’t afford to check every single transaction like smaller sites do. So they’ve tuned their fraud detection system to be more forgiving. They’re playing a numbers game: willing to let some fraudulent orders through to keep their overall operation running smoothly.
This creates a sweet spot for us. If we play smart – use fresh cards, change proxies, and don’t get too greedy – we can slip our orders in among the legitimate ones. Your fraudulent purchases disappear into the stream, becoming virtually invisible. The system might flag some of them for sure. But with this volume of transactions, a good percentage will still get through. It’s a numbers game, and the odds are in our favor.
Intelligence and Security Overview
Let’s dive into Shein’s HTTP requests. Fire up our trusty Burp Suite (we ditched Caido – that thing was getting too slow), and start digging. The IP logs show a few instances of identification, but none of them are pingable from the outside. At first glance, this might mean that all fraud prevention measures are being performed in-house, which makes sense given Shein’s huge order volume. But don’t get too excited. If you’ve been following our previous guides, you know that HTTP logs only tell half the story. Using Google, we did a little research into popular fraud protection systems and their customer lists. And here it is: Riskified proudly proclaims itself to be Shein’s fraud protection provider. This is a game changer. Riskified isn’t some silly fraud detection — these bastards are good. They use machine learning and data from multiple merchants to identify patterns. Your typical tricks may not work here. But remember, Shein’s volume is still our friend. Riskified may be smart, but it’s like trying to spot one counterfeit bill in a giant vault of cash. The sheer volume of transactions means some will slip through. Because they also use Adyen, 3D Secure pops up occasionally, but it's not all the time. They use it selectively, probably based on some risk assessment that Adyen itself uses. Also, and this is important: the fraud systems used by SHEIN vary from country to country. Look at this, I tried browsing their US site and they use FORTER.
So you basically have to pick your own poison. If you’re having trouble with Riskified detecting you, try moving to another Shein location and checking out what kind of fraud system they’re using. You never know, you might stumble upon a branch that hasn’t implemented the AI system yet.
Secret Method
Since Shein doesn’t verify email addresses when you sign up, we can use an old, golden trick I taught you all eons ago: the cardholder email trick.
Here’s the deal: You use the cardholder’s real email address to make the purchase. This clever move gives us a double whammy. First, it lowers our fraud score if the cardholder has a history on Adyen sites, helping us dodge that pesky 3DS request. Second, it adds a layer of legitimacy to our order in the eyes of Riskified, practically guaranteeing that our order will be shipped.
But don’t be sloppy. As soon as your order confirmation arrives, change the account email address to your own. And for heaven's sake, fill the cardholder's inbox with spam. The last thing we need is for them to stumble across your lingerie orders.
Requirements and Process
To successfully hit Shein, you'll need:
- Non-VBV cards are not blacklisted by Adyen. Given the occasional 3DS pop-ups from Adyen, this is crucial.
- Pure residential proxies that match your map country.
- Reliable anti-detection browser setting to bypass Riskified fingerprints.
- An outdated Shein account (data obtained from logs) or a highly trusted email address for registration.
- The actual email address of the card owner (for our workaround).
Process:
- Set up your environment (proxy, anti-detect browser).
- If you are using an older account, sign in. Otherwise, create a new account using a trusted email address.
- Browse the site naturally. Add and remove items from your cart.
- Put together a basket of various items, trying to keep the total under $200 for your first few attempts.
- Proceed to checkout. Use the cardholder's email address. We can do this because Shein does not verify email addresses when you sign up, which gives us an important advantage.
- Please enter your shipping details carefully. Take your time, no copying or pasting.
- Place your order.
- Please change the email address in your account immediately after confirming your order.
- If successful, please wait at least 24 hours before attempting to place another order.
Triggered boxes (BIN doesn't matter if you are lowering your scam score, I just included them here since you guys keep asking for BIN):
545958, 517805
Warnings
While Shein can be a huge source of income, there are some issues to be aware of:
- Order Limits: Shein has daily and weekly order limits. Go over them and you're asking for trouble.
- Account Bans: They ban suspicious accounts quickly, as decided by Riskified. Do not reuse burned accounts or IP addresses.
- Delayed Cancellations: Sometimes orders are cancelled a few days after they are placed. Don't count your chickens until your package has shipped.
- Shipping Delays: Shein's is known for slow shipping. This increases the window for chargebacks before you can turn the item over.
Conclusion
Shein represents a unique opportunity in the carding world. Its sheer volume and diverse product range make it an attractive target, but don’t underestimate its security measures. Success here requires a delicate balance of patience, strategy, and adaptability.
Remember, we’re playing a numbers game. Not every attempt will be successful, but with the right approach, enough will slip through to make it worthwhile. Vary your operations, don’t be greedy, and always be prepared to adapt your tactics.
The problem is that too many carders get hung up on the BIN when targeting Shein. This is a rookie mistake. As I’ve pointed out in most of my guides, getting hung up on the BIN is a surefire way to limit your success. The real approach is to understand the anti-fraud system and payment system behind the store. Master this, and you’ll find that any BIN can work wonders – as long as the card is clean and has a decent balance.
As always, this guide is just a starting point. The e-commerce scam landscape is constantly evolving, and your methods should evolve too. Stay informed, be careful, and you might just turn Shein into your personal cash cow.
Now go make those Chinese fast-fashion moguls regret their lax security. Just don’t come crying to me when you’re drowning in cheap polyester. Happy hunting.