Advertisement: @fraud_world &

The new generation of EMV skimming device


New member
I’ll start by explaining at a high level how an EMV transaction is process. The reason I explain this is so you know how we can extract the data. I am simplifying it so that I don’t lose everyone with technical details, for those of you who would like to go more technical, let me know and if enough people ask for it I’ll write something.

Overview of a transaction
The transaction starts after the user of the POS has enter the amount and gives the POS to the cardholder that insert his card into it. The sequence goes as follow:

Power up
The POS will power the chip card (Important because we will use this power for our device, no battery needed)

Answer To Reset - ATR
The Card responds with ATR which is a number telling the POS what kind of card has been inserted

As you may know each POS supports predefine cards that some of you refer as BIN. In MSR transaction the BIN was use to know where to forward the transaction, with EMV each card supports one or more “application” or software. Each of these applications has an Application ID or AID, if you look on an EMV receipt you will see which AID on the card was used to process the transaction something like “A0000000041010” which is the Mastercard AID. So POS looks at AID available on the cards and selects the one that is compatible.

Application Records
The POS will then read records of data associated with the AID selected, the data contain in these records contain (but not limited to) the Cardholder verification methods (CVM or EMV tag 8E) this tells the POS what method of cardholder verification should be use.

Some other data read is the Track 2 equivalent data (EMV Tag 57) this represent half of what we are extracting.

Pin Validation
I am skipping some steps in transaction that are irrelevant for explaining the device.
On most POS device the PIN is Verified by the card itself, on ATM and unattended devices (kiosk, gas pump) the PIN is Verified online. IMPORTANT the device only works on standard POS.
So at this point the POS will issue a Verify command to the card with the PIN, (second and last part of information that we extract), the card will respond and continue the transaction if the PIN is valid.

The rest of the transaction is irrelevant to us, we have all what we need.

How it works
The device is built on a flexible PCB of 100 µm thickness, it is inserted the first time in the POS with your card on a regular transaction. When you remove your card the PCB will stay in place because of an adhesive. So from now on whenever you insert a card in the POS our circuit is between the card and the reader, this means that all communication between POS and card are going thru it.
We just listen on the communication for the TAG 57 (track 2) and pin validation (PIN) and keep those values. Since we had to keep the circuit VERY small we can only store 75 to 90 combination of track/PIN. To extract the data, we use Bluetooth with an Android app. You just have to be in Bluetooth range when a card is inserted in the POS (because of power) to receive all the data and go back whenever you need more…
Top Bottom