For one thing the 1st 6 digits of the card # are called the "BIN #" and based on those 6 digits you can tell what brand, bank, country and type of card it is. A lot of that info does change frequently so not too many databases are going to be 100% accurate, like geo-IP there is plenty of out of date info but you can get within 97% accuracy with a recent database.
One place I always check is here:
https://www.exactbins.com/bin-lookup
Even if you don't know where the card came from the processing company you use usually does and they can tell for example if a US card is being used from Egypt or some situation like that where the likelihood of a travelling masturbator is slight but the likelihood of fraud is high. If you have one affiliate with a large number of geo-IP mismatches like that then most likely you will have some grief with those transactions down the road.
For another thing most proxy IP addresses will be listed in whois as corporate, static IP's and be registered to hosting companies. Many will also be listed as forum and email spam sources.
Most real customers on the other hand will use consumer broadband. Once you are more or less familiar with the countries your joins come from you will know who the broadband providers are and the IP ranges they use. And once you are more familiar with carders you will know the IP ranges of the more common VPN's they use.
One thing that makes it tough to catch is if the carders are using a botnet or some malware or zombified PC's to do their carding, cause that makes it look like the join is coming from a residence. They usually have a good selection of infected PC's and can match the geo IP to the billing address, assuming they have that data.
A good way to bust those guys is to export a list of all your affiliate login IP's and compare it to the IP's you have join activity on. If you get a match, you probably know more than you wanted to know about your (hopefully fired) affiliate. This is particularly true for me since most of my affiliates do not live in countries I accept joins from. So if an IP is used by an affiliate of mine, there should be no join activity on that IP, unless customers are logging into nats to check stats for some reason, which is a pretty ludicrous scenario.
I run my daily join activity against a list of over 13,000 fraud IP's I've compiled and take a look at anything suspicious to see if the list needs to grow.
I also pay close attention to decline codes, some of them will tell you a lot. For example, there are codes for "stolen card" and if you get that decline code on an initial signup attempt it's pretty likely the person signing up does not own the card. Most of us aren't going to report our credit cards stolen and then go try to buy porn with it. Usually the other way around.
There's a lot of other stuff but, as always not a good idea to give too many details in public, no reason to help the carders improve their game.