4.1 As a skimming device is not typically deemed contraband in of itself, it is the responsibility of the examiner to determine if the device contains unauthorized account information. The purpose of this practice is to describe best practices for seizing, acquiring, and analyzing the data contained within magnetic card readers.
4.2 Limitations—Skimmers present unique examination challenges due to:
4.2.1 Rapid changes in technology,
4.2.2 Difficulty of device disassembly,
4.2.3 Lack of standards in use of the technology,
4.2.4 Use of alternate/repurposed components,
4.2.5 Use of encryption,
4.2.6 Multiple data encoding/modulation formats,
4.2.7 Prevention of chip identification by obfuscation of the device,
4.2.8 Availability of training and documentation,
4.2.9 Lack of chip information/documentation,
4.2.10 Lack of adapters available for chip reading,
4.2.11 Lack of software’s ability to support reading chip data, and
4.2.12 Lack of commercial software available to analyze encrypted data extracted from skimmers.
Область применения1.1 Magnetic card readers, when used for illegal purposes, are commonly referred to as skimmers. This practice provides information on seizing, acquiring, and analyzing skimming devices capable of acquiring and storing personally identifiable information (PII) in an unauthorized manner.
1.2 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.