Small Market Share - Best Innovation Group > Media > Blog

Please Wait a Moment
X

Blog

01Nov

The PAX Terminal Controversy- Small Market Share, Big Headache?

While attending Money 20/20 last week I received a text from a colleague asking if I’d heard rumors about PAX terminals being pulled by a payment processor. At first I thought it might have been a typo, but soon enough I began hearing corroboration in the conference hallways. But the story got even juicier- the FBI had raided PAX’s Jacksonville warehouse.

PAX Global Technology is hardly a household name- it ranks a distant third to Ingenico and Verifone in the point-of-sale (POS) card terminal market, with its greatest presence by far in Latin America. Nonetheless, it generated over $65 million in US market revenue in 2020, focusing primarily on serving smaller merchants seeking low-cost hardware alternatives.

POS terminals are a longstanding security target. Arguably the two highest-profile data breaches in memory, Target’s and Heartland’s, were perpetrated by infiltrating these simple machines stationed alongside every checkout register. By definition, they require an open connection to the outside world.

According to Krebs on Security, payment processors grew concerned when they noticed the data packets being transmitted from PAX terminals were significantly larger than that required for card transactions, and were also connecting to websites not listed in PAX’s documentation. This is a warning flag that the transmission may be implanting malware and/or extracting impermissible data.

Here’s where the plot thickens. PAX is a Chinese company, publicly traded on the Hong Kong Stock Exchange. Its management has already insinuated that recent actions against it are politically and racially motivated. However, multiple partners report that PAX has yet to offer sound explanations for the transmission discrepancies.

FIS Worldpay has confirmed it is in the process of replacing all PAX terminals deployed at a small minority of its clients. According to Krebs, at least one UK-based processor is doing the same.

But here’s the kicker- Krebs further speculates that absent prodding and hand-holding from their processors, most small merchants are unlikely to take proactive steps to address this vulnerability in the short term. For one thing, they’ll be reluctant to risk disruption during the busy holiday season. Further, given the global chip shortage replacement terminals could prove hard to come by- particularly for mom and pop merchants lacking clout.

It’s no wonder POS terminals are seen as a soft underbelly for bad actors. It’s not yet known how (or if) this apparent breach will impact the front line, but as usual any issues will likely be felt in card issuers’ contact centers and fraud departments. This is probably a good time to turn the threat monitor up another notch.      

We’ll be discussing this evolving story in greater detail at our weekly CU Digital Town Hall on Wednesday afternoon, November 3. Visit https://www.cutownhall.com/ to request an invitation to join us (if you’re reading this after November 3, a replay link should be posted to the site).

 

About the Author

Related

Finovate Fall- Best of Show, Key Themes, and Cool Ideas

Finovate Fall- Best of Show, Key Themes, and Cool Ideas

The always intriguing Finovate conference followed the rest of society into the digital sphere last ...

Read More >
All Eyes on 2022- BIG’s Predictions for a Complicated World

All Eyes on 2022- BIG’s Predictions for a Complicated World

Everyone has their opinions on where the credit union and technology worlds are headed; we at BIG ha...

Read More >
CU-2’s Credit Union Data Analytics Provider Guide 2019

CU-2’s Credit Union Data Analytics Provider Guide 2019

Credit Unions are at a unique crossroads. We are behind on a handful of key trends. We must balance ...

Read More >

How To Use Data Analysis To Better Serve Your Members

Modern members are no longer willing to wait for their credit union to provide them with what they n...

Read More >

Why CU Member Education Is A Gateway To Member Retention

Stats from the Credit Union National Association (CUNA) show a high percentage of members don’t ful...

Read More >

Creating Digital Ambassadors: Why CU Employees Need To Be Digital Wallet Experts

First impressions count, no matter how much you want to believe otherwise. This is true regardless w...

Read More >

About Us

Best Innovation Group, Inc is a technology innovation and development company catering to the financial industry. We invite you to join the hundreds of financial institutions that have already worked with our team of experts in designing technology solutions to fit their growing needs.

Contact Us

Toll Free:
877.244.4964
Office:
813.377.4963
Fax:
813.425.2390

To Subscribe To Our Mailer