You would think they could catch cias that aren't supposed to exist, or private cart headers with same header multiple games. Yet no one has been banned for either that am I aware of. Here's what I believe to be the why. What trips the nintendo piracy banhammer is simultaneous login with matching headers. that's the only thing it checks for, as near as I can tell, based on the fact that CIA and same cart header multiple carts has not triggered any bans. This simple check is also pretty fast. CIAs use your consoles headers, which will never match any other headers logged in at the same time. so it doesn't trip the matching header check. .3ds use a private header from a cart. if you actually dumped your own cart, and go online with it, as long as you still have the cart and DON'T LET ANYONE ELSE USE IT, you won't trip the simultaneous login check. Grabbing a true private header, and using it for multiple games=safe, If you don't let anyone else touch the carts you got them from. Don't let your little brother play it. and DEFINITELY don't sell it to gamestop. Once they DO catch a simultaneous usage of cart headers, that particular header/game combination can easily be flagged, which enables them to catch the others using it too. If it doesn't show up elsewhere, then they can ignore it. if they see it showing up all over the place, BANHAMMER TIME, and they KNOW the ban is deserved. More checks are possible in theory, and these checks would catch a lot of pirates. But they aren't done. there are a few reasons why. 1) Nintendo doesn't want to do false positives. When they ban you for piracy, they need to be SURE. 2) checking for console header plus cia that's not supposed to exist would require more logging then they currently do, or cross referencing with databases during login, which would slow performance. If the system did know it was a console header, then a simple check of title id vs the eshop database (pretty small) would catch it. but if the piracy banner system doesn't know which type of header it is, there's no way it can tell, and dit wodl just ave to log it for later analysis, using disk space 3) checking for shared private headers without simultaneous login would absolutely require logging. if they were doing that, they would already be banning, and private headers would not be safe if shared between different games. People have done this without issue. 4) if it were possible to tell the difference between digital copies and non digital copies that are supposed to interoperate, that would be a potential privacy issue. the digial copy and the cart have to operate the same for purposes of online play.