Odds of stealing money using EMVFoundry
EMVFoundryEMVFoundry is for educational purposes. The fuck-wits say it's a scam... so, companies that sell test-cards (b2ps.com) and test software, costing tens of thousands. So why are they not labelled "a scam?" What the scammers really want, is get rich fast. Think why they sell dumps for... instead of cashing in on their track 2 data themselves...?
Getting a track 2 dump.
Zero percent chance if you are getting a track 2 from the 'NET.
Missing EMV data needed to write to card:
- Card's MDK (108-bit key) 32 digits
- PSE (Replacement Card Number) (00 to 255)
- Member Since (required for Amex, EuroPay) (YYMMDD)
- If the card is NFC or not (Track 2 extra requirement) (Number between 0 to 10)
- Name (EMV don't allow blank names) (usually "Valued Customer")
- ATC (Application Transaction Counter) If you use card for a transaction, you need to update the IST's ATC to match same or higher number than in actual card.
- Offline ATC (Application Transaction Counter)
- Currency code of the card.
- Country code of the card.
Cloning your own card or physically available card.
Zero percent chance, if you are cloning a physical card
Missing EMV data needed to write to card:
- Card's MDK (108-bit key) 32 digits
- Be careful. If you use card for a transaction, you need to update the IST's ATC to match same or higher number than in your card.
Trying to use a publicly available IST.
Zero percent chance, if you are using an IST with different BINN.
- Card's MDK (108-bit key) 32 digits
- PSE (Replacement Card Number) (00 to 255)
- Name (EMV don't allow blank names) (usually "Valued Customer")
- Member Since (required for Amex, EuroPay) (YYMMDD)
- If the card is NFC or not (Track 2 extra requirement) (Number between 0 to 10)
- ATC (Application Transaction Counter) If you use card for a transaction, you need to update the IST's ATC to match same or higher number than in actual card.
- SDA values are obsolete. You need to get correct values for this.
Using a bank card marked "testing" or you discover the MDK for a card
100%
- MDK is given by payment issuer or by card company for use under testing conditions.
- ARQC is correct via known MDK for that card BINN.
Why are chances nearly zero?
- MDK is the most important value. Each BINN or BINN/type has it's own unique MDK key. So if you get a different MDK for a different type of card, it won't work.
So let's say for example, you have a MDK of "0123456789ABCDEFFEDCBA9876543210". There is nearly no chance of getting it approved because the ARQC generated is WRONG.
Example scenario
Let's say you have an IST, it's always missing the MDK because this value can't be read off the card.
What is the MDK for this 16-byte value?
- Each card has it's own MDK. it's very effective deterrent against credit card fraud. Since it was implemented, besides SDA, DDA, CDA, fDDA, when the ATM or POS goes on-line and check, it does an ARQC (based on MDK) and returns backs transaction authorized or not authorized.
- So let's say you have a new shiny credit card. You try to clone it, put in another credit-card number and... transaction not approved. You then act like a fucking idiot and claim, EMVFoundry is a scam, because you entered a wrong MDK or can't be bothered to find the MDK for your own card. The bank won't give it to you (for obvious reasons), and when you go to the ATM or pay via card, they won't set their terminal to debug mode to show you the ATC, CVM, etc...
- So, as you can see, licensing EMVFoundry to steal money, really isn't a good idea. The odds are no better if you use X2, since you hard-code the ARQC values (LOL).
- Try to get test-cards or testing MDKs. Those have MDKs pre-authorized for certain usages... such as, for testing ATM or POS terminals., however, those BINNs has very, very few other credit-card numbers associated for that MDK BINNs.
- Credit card fraud has reduced to 0.02% and in nearly all cases, very few ATMs or POS terminals use SDA, DDA, CDA (etc.) or off-line transaction.
- If you're not able to get the MDK for a credit card, or for a track2 or for your own credit card, the chances are 0% (zero percent).
Read our expose about X2
EMVFoundry (Archives)
https://telegra.ph/EMVFoundry-2003-08-15
EMVFoundry (Latest)
https://telegra.ph/EMVFoundry-2005-Release-Notes-09-04