1.1 磁卡读卡器用于非法目的时，通常被称为撇读器。本实践提供了有关抓取、获取和分析能够以未经授权的方式获取和存储个人识别信息（PII）的略读设备的信息。 1.2 本标准并非旨在解决与其使用相关的所有安全问题（如有）。本标准的用户有责任在使用前制定适当的安全和健康实践，并确定监管限制的适用性。 ====意义和用途====== 4.1 由于浏览设备本身通常不被视为违禁品，因此审查员有责任确定该设备是否包含未经授权的账户信息。 本实践旨在描述抓取、获取和分析磁卡读卡器中包含的数据的最佳实践。 4.2 限制- 由于以下原因，撇油机带来了独特的考试挑战: 4.2.1 技术的快速变化， 4.2.2 设备拆卸困难， 4.2.3 技术使用缺乏标准， 4.2.4 使用替代/重新调整用途的组件， 4.2.5 使用加密， 4.2.6 多种数据编码/调制格式， 4.2.7 通过混淆设备防止芯片识别， 4.2.8 培训和文件的可用性， 4.2.9 缺乏芯片信息/文件， 4.2.10 缺乏可用于芯片读取的适配器， 4.2.11 缺乏软件支持读取芯片数据的能力，以及 4.2.12 缺乏可用于分析从撇沫器中提取的加密数据的商业软件。

1.1 Magnetic card readers, when used for illegal purposes, are commonly referred to as skimmers. This practice provides information on seizing, acquiring, and analyzing skimming devices capable of acquiring and storing personally identifiable information (PII) in an unauthorized manner. 1.2 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use. ====== Significance And Use ====== 4.1 As a skimming device is not typically deemed contraband in of itself, it is the responsibility of the examiner to determine if the device contains unauthorized account information. The purpose of this practice is to describe best practices for seizing, acquiring, and analyzing the data contained within magnetic card readers. 4.2 Limitations— Skimmers present unique examination challenges due to: 4.2.1 Rapid changes in technology, 4.2.2 Difficulty of device disassembly, 4.2.3 Lack of standards in use of the technology, 4.2.4 Use of alternate/repurposed components, 4.2.5 Use of encryption, 4.2.6 Multiple data encoding/modulation formats, 4.2.7 Prevention of chip identification by obfuscation of the device, 4.2.8 Availability of training and documentation, 4.2.9 Lack of chip information/documentation, 4.2.10 Lack of adapters available for chip reading, 4.2.11 Lack of software’s ability to support reading chip data, and 4.2.12 Lack of commercial software available to analyze encrypted data extracted from skimmers.