1、Designation:E301715Standard Practice forExamining Magnetic Card Readers1This standard is issued under the fixed designation E3017;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last revision.A number in parentheses indic
2、ates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 Magnetic card readers,when used for illegal purposes,are commonly referred to as skimmers.This practice providesinformation on seizing,acquiring,and analyzing skimmin
3、gdevices capable of acquiring and storing personally identifiableinformation(PII)in an unauthorized manner.1.2 This standard does not purport to address all of thesafety concerns,if any,associated with its use.It is theresponsibility of the user of this standard to establish appro-priate safety and
4、health practices and determine the applica-bility of regulatory limitations prior to use.2.Referenced Documents2.1 ASTM Standards:2E2763 Practice for Computer ForensicsE2916 Terminology for Digital and Multimedia EvidenceExamination2.2 ISO Standards:3ISO/IEC 7812 Identification CardsIdentification o
5、f IssuersISO/IEC 7813 Information TechnologyIdentificationCardsFinancial Transaction Cards2.3 SWGDE Standards:4SWGDE Best Practices for Computer ForensicsSWGDE Recommendations for Validation Testing3.Terminology3.1 Definitions of Terms Specific to This Standard:3.1.1 parasitic skimmer,na type of dev
6、ice manufacturedfor the capture of account data from magnetically encodedcards that operates in-line with the originalATM,gas pump,orother card reading device.3.1.2 start sentinel,na 5-bit binary sequence,or equiva-lent ASCII character,used to signify the beginning of trackdata.(See ISO/IEC 7813).3.
7、1.3 skimmer,na magnetic card reader,specifically whenused for an illegal purpose.3.1.4 skimming,nusing a skimmer to acquire PII in anunauthorized manner.3.1.5 swipe,vto manually pass a magnetically encodedcard through a card reader device to transfer information fromthe card.3.2 Acronyms:3.2.1 ADPCM
8、,nadaptive pulse code modulation3.2.2 AES,nadvanced encryption standard3.2.3 ASCII,nAmerican standard code for informationinterchange3.2.4 BFSK,nbinary frequency-shift keying3.2.5 CVV,ncard verification value3.2.6 CVV2,ncard verification value 23.2.7 EEPROM,nelectrically erasable programmableread on
9、ly memory3.2.8 IIN,nissuer identification number3.2.9 PAN,nprimary account number3.2.10 PCM,npulse code modulation3.2.11 PII,npersonally identifiable information3.2.12 PIN,npersonal identification number3.2.13 USB,nuniversal serial bus3.2.14 XOR,nexclusive or3.2.15 ZIF,adjzero insertion force3.2.16
10、BIN,nbank identification number4.Significance and Use4.1 As a skimming device is not typically deemed contra-band in of itself,it is the responsibility of the examiner todetermine if the device contains unauthorized account infor-mation.The purpose of this practice is to describe bestpractices for s
11、eizing,acquiring,and analyzing the data con-tained within magnetic card readers.4.2 LimitationsSkimmers present unique examinationchallenges due to:1This practice is under the jurisdiction of ASTM Committee E30 on ForensicSciences and is the direct responsibility of Subcommittee E30.12 on Digital an
12、dMultimedia Evidence.Current edition approved May 1,2015.Published June 2015.DOI:10.1520/E3017-15.2For referenced ASTM standards,visit the ASTM website,www.astm.org,orcontact ASTM Customer Service at serviceastm.org.For Annual Book of ASTMStandards volume information,refer to the standards Document
13、Summary page onthe ASTM website.3Available from National Institute of Standards and Technology(NIST),100Bureau Dr.,Stop 1070,Gaithersburg,MD 20899-1070,http:/www.nist.gov.4Available from the Scientific Working Group on Digital Evidence(SWDGE),https:/www.swgde.org.Copyright ASTM International,100 Bar
14、r Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959.United States1 4.2.1 Rapid changes in technology,4.2.2 Difficulty of device disassembly,4.2.3 Lack of standards in use of the technology,4.2.4 Use of alternate/repurposed components,4.2.5 Use of encryption,4.2.6 Multiple data encoding/modula
15、tion formats,4.2.7 Prevention of chip identification by obfuscation of thedevice,4.2.8 Availability of training and documentation,4.2.9 Lack of chip information/documentation,4.2.10 Lack of adapters available for chip reading,4.2.11 Lack of softwares ability to support reading chipdata,and4.2.12 Lac
16、k of commercial software available to analyzeencrypted data extracted from skimmers.5.Technical Background5.1 Asskimmersareoftenuniqueindesignandimplementation,examination processes vary depending uponthe category or type of device,or both.5.2 In general,skimmers may be broken down into thefollowing three categories:5.2.1 Hand-held,5.2.2 Altered hand-held,and5.2.3 Custom.5.3 The processes used in examinations vary greatly de-pending on the device itself and the manner in which the storedinformat