ASTM E3017-15
(Practice)Standard Practice for Examining Magnetic Card Readers
Standard Practice for Examining Magnetic Card Readers
SIGNIFICANCE AND USE
4.1 As a skimming device is not typically deemed contraband in of itself, it is the responsibility of the examiner to determine if the device contains unauthorized account information. The purpose of this practice is to describe best practices for seizing, acquiring, and analyzing the data contained within magnetic card readers.
4.2 Limitations—Skimmers present unique examination challenges due to:
4.2.1 Rapid changes in technology,
4.2.2 Difficulty of device disassembly,
4.2.3 Lack of standards in use of the technology,
4.2.4 Use of alternate/repurposed components,
4.2.5 Use of encryption,
4.2.6 Multiple data encoding/modulation formats,
4.2.7 Prevention of chip identification by obfuscation of the device,
4.2.8 Availability of training and documentation,
4.2.9 Lack of chip information/documentation,
4.2.10 Lack of adapters available for chip reading,
4.2.11 Lack of software’s ability to support reading chip data, and
4.2.12 Lack of commercial software available to analyze encrypted data extracted from skimmers.
SCOPE
1.1 Magnetic card readers, when used for illegal purposes, are commonly referred to as skimmers. This practice provides information on seizing, acquiring, and analyzing skimming devices capable of acquiring and storing personally identifiable information (PII) in an unauthorized manner.
1.2 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.
General Information
Relations
Standards Content (Sample)
NOTICE: This standard has either been superseded and replaced by a new version or withdrawn.
Contact ASTM International (www.astm.org) for the latest information
Designation: E3017 − 15
Standard Practice for
1
Examining Magnetic Card Readers
This standard is issued under the fixed designation E3017; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision.Anumber in parentheses indicates the year of last reapproval.A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
1. Scope 3. Terminology
1.1 Magnetic card readers, when used for illegal purposes, 3.1 Definitions of Terms Specific to This Standard:
are commonly referred to as skimmers. This practice provides 3.1.1 parasitic skimmer, n—a type of device manufactured
information on seizing, acquiring, and analyzing skimming for the capture of account data from magnetically encoded
devicescapableofacquiringandstoringpersonallyidentifiable cardsthatoperatesin-linewiththeoriginalATM,gaspump,or
information (PII) in an unauthorized manner. other card reading device.
1.2 This standard does not purport to address all of the 3.1.2 start sentinel, n—a 5-bit binary sequence, or equiva-
safety concerns, if any, associated with its use. It is the lent ASCII character, used to signify the beginning of track
responsibility of the user of this standard to establish appro- data. (See ISO/IEC 7813).
priate safety, health, and environmental practices and deter-
3.1.3 skimmer, n—a magnetic card reader, specifically when
mine the applicability of regulatory limitations prior to use.
used for an illegal purpose.
1.3 This international standard was developed in accor-
3.1.4 skimming, n—using a skimmer to acquire PII in an
dance with internationally recognized principles on standard-
unauthorized manner.
ization established in the Decision on Principles for the
3.1.5 swipe, v—to manually pass a magnetically encoded
Development of International Standards, Guides and Recom-
card through a card reader device to transfer information from
mendations issued by the World Trade Organization Technical
the card.
Barriers to Trade (TBT) Committee.
3.2 Acronyms:
2. Referenced Documents
3.2.1 ADPCM, n—adaptive pulse code modulation
2
2.1 ASTM Standards: 3.2.2 AES, n—advanced encryption standard
E2763Practice for Computer Forensics
3.2.3 ASCII, n—American standard code for information
E2916Terminology for Digital and Multimedia Evidence
interchange
Examination
3.2.4 BFSK, n—binary frequency-shift keying
3
2.2 ISO Standards:
3.2.5 CVV, n—card verification value
ISO/IEC7812IdentificationCards—IdentificationofIssuers
3.2.6 CVV2, n—card verification value 2
ISO/IEC 7813 Information Technology—Identification
3.2.7 EEPROM, n—electrically erasable programmable
Cards—Financial Transaction Cards
4 read only memory
2.3 SWGDE Standards:
3.2.8 IIN, n—issuer identification number
SWGDE Best Practicesfor Computer Forensics
SWGDE Recommendationsfor Validation Testing
3.2.9 PAN, n—primary account number
3.2.10 PCM, n—pulse code modulation
3.2.11 PII, n—personally identifiable information
1
This practice is under the jurisdiction of ASTM Committee E30 on Forensic
3.2.12 PIN, n—personal identification number
Sciences and is the direct responsibility of Subcommittee E30.12 on Digital and
Multimedia Evidence.
3.2.13 USB, n—universal serial bus
Current edition approved May 1, 2015. Published June 2015. DOI: 10.1520/
3.2.14 XOR, n—exclusive or
E3017-15.
2
For referenced ASTM standards, visit the ASTM website, www.astm.org, or
3.2.15 ZIF, adj—zero insertion force
contact ASTM Customer Service at service@astm.org. For Annual Book of ASTM
Standards volume information, refer to the standard’s Document Summary page on
3.2.16 BIN, n—bank identification number
the ASTM website.
3
Available from National Institute of Standards and Technology (NIST), 100
4. Significance and Use
Bureau Dr., Stop 1070, Gaithersburg, MD 20899-1070, http://www.nist.gov.
4
4.1 As a skimming device is not typically deemed contra-
Available from the Scientific Working Group on Digital Evidence (SWDGE),
https://www.swgde.org. band in of itself, it is the responsibility of the examiner to
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States
1
---------------------- Page: 1 ----------------------
E3017 − 15
determine if the device contains unauthorized account infor-
mation. The purpose of this practice is to describe best
practices for seizing, acquiring, and analyzing the data con-
tained within magnetic card readers.
4.2 Limitations—Skimmers present unique examination
challenges due to:
4.2.1 Rapid changes in technology,
4.2.2 Difficulty of device disassembly,
4.2.3 Lack of standards in use of the technology,
4.2.4 Use of alternate/repurposed components,
FIG. 2 Example of an Altered Hand-Held Skimmer
4.2.5 Use of encryption,
4.2.6 Multiple data encoding/modulation formats
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.