Questioned Document: Card Skimming, Cloning, EMV and IT Act 66C/66D
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
26 May 2026
About this mock
This mock tests advanced knowledge of payment card fraud forensics, covering physical skimming attack anatomy (ATM card-slot skimmer, overlay keypad, pinhole camera), ISO/IEC 7811 magnetic stripe track structure (Track 1 IATA alpha-numeric at 210 bpi, Track 2 ABA numeric at 75 bpi, Track 3 read-write), magnetic stripe cloning via MSR writer, EMV chip security (dynamic ARQC, ARPC, Static Data Authentication vs Dynamic Data Authentication), shimming attacks and their limits, NFC/RFID contactless skimming at 13.56 MHz (ISO/IEC 14443), tokenization (Visa Token Service, Mastercard MDES), BIN range fraud analysis, CVV1 3DES computation, Luhn algorithm validation, and the Indian legal framework (IT Act 2000 Sections 43, 66, 66C, 66D; BNS 2023 Sections 318 and 336; BSA 2023 Section 63; Anvar P.V. v. Basheer 2014; Arjun Panditrao 2020).
The mock is designed for forensic science aspirants preparing for UGC-NET Paper II Unit IX, NFSU MSc entrance, and CFSL technical examinations. Questions test precise differentiation between Track 1 and Track 2 encoding parameters, ARQC vs ARPC roles, IT Act Section 66C (identity theft) vs 66D (cheating by personation), BNS Section 318 (cheating) vs 336 (forgery), and the mandatory Section 65B(4) certificate requirement affirmed in Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473 and clarified in Arjun Panditrao Khotkar (2020) 7 SCC 1. Indian regulatory context includes RBI Master Direction on Digital Payment Security Controls (2021), NPCI Negative Card List framework, and EMV chip liability shift. CFSL Hyderabad GSM skimmer casework and BLE-enabled skimmer forensics are also addressed.
Topics covered:
- ISO/IEC 7811 magnetic stripe track encoding (Tracks 1, 2, and 3)
- EMV chip security: ARQC, ARPC, and Dynamic Data Authentication
- Skimming, shimming, and NFC contactless skimming attacks
- Magnetic stripe cloning using MSR writers and coercivity classes
- Payment tokenization (Visa Token Service, Mastercard MDES)
- IT Act 2000 Sections 43, 66C, and 66D; BNS 2023 Sections 318 and 336
- Electronic evidence admissibility: BSA 2023 Section 63, Anvar P.V. v. Basheer (2014)
- RBI DPSC 2021, NPCI fraud frameworks, and EMV liability shift
Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 4 questions
Information Technology Act, 2000 (as amended by IT Amendment Act 2008)
Section 66C: Punishment for Identity Theft -- imprisonment up to 3 years and fine up to Rs. 1 lakh
Open source - cited in 4 questions
EMVCo -- EMV Integrated Circuit Card Specifications for Payment Systems, Book 2: Security and Key Management
Section 4: Card Security Requirements -- Tamper-Responsive Secure Element, Physical Attack Resistance
- cited in 3 questions
Casey, Eoghan -- Digital Evidence and Computer Crime, 3rd Edition, Academic Press
Chapter 14: Mobile Device Forensics -- IMEI, IMSI, and SIM Card Evidence in Financial Fraud Investigations
- cited in 2 questions
RBI -- Master Direction on Digital Payment Security Controls, 2021
Section 7: ATM Security Requirements -- EMV Chip Mandate, Fallback Transaction Blocking for Chip-Capable Cards
Open source - cited in 2 questions
Bharatiya Nyaya Sanhita (BNS) 2023
Section 318: Cheating and Dishonestly Inducing Delivery of Property (replaces IPC 1860 Section 420)
Open source - cited in 2 questions
ISO/IEC 7813:2006 -- Financial Transaction Cards
Section 5.4: Service Code -- Three-digit field definitions, international vs domestic, chip and PIN requirements
- cited in 2 questions
ISO/IEC 7812-1:2017 -- Identification of Issuers: Numbering System
Section 5.3: Luhn Check Digit Algorithm -- Computation and Validation of PAN
- cited in 1 question
ISO/IEC 14443-1:2016 -- Identification Cards: Contactless Integrated Circuit Cards -- Proximity Cards
Section 6: Physical Characteristics -- Operating frequency 13.56 MHz, coupling distance specifications
- cited in 1 question
EMVCo -- EMV Integrated Circuit Card Specifications for Payment Systems, Book 2
Chapter 6: Security Architecture, Dynamic Data Authentication and Shimming Attack Residual Risk
- cited in 1 question
EMVCo -- Payment Tokenisation Specification: Technical Framework, Version 2.0
Section 3: Token Security Properties -- Domain Restriction, Transaction Limitation, and Vault Architecture
- cited in 1 question
ISO/IEC 7811-2:2018 -- Identification Cards: Recording Technique, Part 2: Magnetic Stripe Low Coercivity
Section 5.3: Track 2 Encoding -- 75 bpi bit density, 5-bit character set, ABA format
- cited in 1 question
ISO/IEC 7811-6:2018 -- Identification Cards: Recording Technique, Part 6: Magnetic Stripe
Section 5: Track Definitions -- Track 1 (IATA) encoding at 210 bpi, alpha-numeric character set
- cited in 1 question
ISO/IEC 7811-1:2018 -- Identification Cards: Recording Technique, Part 1: Embossing
Section 6: Magnetic Stripe Coercivity Specifications -- Hi-Co 4000 Oe and Lo-Co 300 Oe classes
- cited in 1 question
NPCI -- Dispute Management System and Fraud Risk Management Framework
Section: Negative Card List (NCL) -- Distribution, Update Frequency, and Terminal-Level Blocking
- cited in 1 question
ISO/IEC 4909:2006 -- Financial Transaction Cards: Magnetic Stripe Data Content for Track 3
Section 4: Track 3 Read-Write Specification -- 210 bpi, 5-bit character set, stored-value update
- cited in 1 question
Anvar P.V. v. P.K. Basheer and Others (2014) 10 SCC 473
Judgment: Mandatory nature of Section 65B(4) IEA 1872 certificate for electronic record admissibility
- cited in 1 question
Bharatiya Sakshya Adhiniyam (BSA) 2023
Section 63: Admissibility of Electronic Records (replaces Indian Evidence Act 1872 Section 65B)
Open source - cited in 1 question
RBI -- Circular on Customer Protection -- Limiting Liability of Customers in Unauthorised Electronic Banking Transactions, 2017
Section 6: Liability Framework -- Zero Liability for Customer, Acquirer Liability under EMV Chip Liability Shift
Open source
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Questioned Document: Card Skimming, Cloning, EMV and IT Act 66C/66D mock cover?+
This mock tests advanced knowledge of payment card fraud forensics, covering physical skimming attack anatomy (ATM card-slot skimmer, overlay keypad, pinhole camera), ISO/IEC 7811 magnetic stripe track structure (Track 1 IATA alpha-numeric at 210 bpi, Track 2 ABA numeric at 75 bpi, Track 3 read-write), magnetic stripe cloning via MSR writer, EMV chip security (dynamic ARQC, ARPC, Static Data Authentication vs Dynamic Data Authentication), shimming attacks and their limits, NFC/RFID contactless s
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: hard. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Questioned Document, NET. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.