No PIN cashout of EMV/CHIP stolen cards with .APK and ACR39U reader tunneled to POS terminal
As you know, there is a very large network around the world of people who steal purses, bags, etc. (the so-called pickpocketers). These people get a large number of cards every day, but when the victim has not written the PIN on a piece of paper in the wallet, the card is almost unusable. Yes they can go to the supermarket and shop with NFC transaction at low values 10-100euro, but generally not worth it. And usually those cards get thrown away.
But now there are guys who do cashout with good amounts on these stolen cards without needing a PIN.
For this purpose, 4 things are needed:
1. Smart phone Xiаomi Redmi Note 11
2. Smart card reader ACR39U
3. Custom android .APK
4. POS terminal in 3th world country
The people who invented this way of cashout provide the thieves a smartphone Xiaomi Redmi Note 11 (they say, this is the only phone that works) with a pre-installed application called "ChatHost" and a connected card reader ACR39U. The thief takes the phone with him and goes out to steal. When the thief has a card from a victim in it, he immediately calls to the people who gave him the smart phone and they tell him when to put the card in and out of the card reader while the "ChatHost" app is running. What I know is that this custom application plays the role of a tunnel connection with physical POS terminals that are based in Indonesia. The cashout method is working and somehow does not require confirmation of the transaction with a PIN, even for large amounts of 3000-4000euro. Yes a lot of the cards don't work because of AVS, but a lot of the cards work. Quite good money is made this way, because the network of thieves in Europe is extremely large. These guys work with thieves from Spain, Italy, England, France and other European countries.
There are also other people who offer a similar method, again without requiring a PIN, but there transactions are made using the phone's built-in NFC reader and the “NFCGate” app. But the transaction limits are quite less than the other method. I'm guessing because the other method uses a card reader that makes the transaction go through the card's EMV.
Does anyone have any idea how exactly these methods work and how to implement them?
Images links of everything:
Xiаomi Redmi Note 11 - https://dump.li/image/get/06d6f3b15c28c7ef.jpeg
Smart card reader ACR39U - https://dump.li/image/get/ee8b9cf1ef60ccd3.jpeg
ChatHost .APK - https://dump.li/image/get/e1ace90f0df5e24d.jpeg
ChatHost launch - https://dump.li/image/get/e75c3b6be070ce84.jpeg
ChatHost with connected reader - https://dump.li/image/get/530e61394afb4355.jpeg
