Keep card data safe and customers happy

FBI raid on the office of PAX Technology.

PAX Technology is a Chinese manufacturer of credit card payment terminals. On October 26, 2021, the US Federal Bureau of Investigation and Department of Homeland Security raided their Jacksonville, Florida offices. The Krebs On Security blog has a great write up about the raid and the potential security issues that have been identified on the devices. It should be noted at this point, that PAX has not been found guilty of any wrongdoing. However, payment processing terminals have been the source of a number of security breaches, and so many are concerned about their payment terminals. Krebs reports that there is evidence that the PAX payment terminals appear to be sending data that is inconsistent with the data that would be neccessary to securely process a card transaction.

What should I do if I have a PAX terminal?

You should contact your payment services provider and see if they can issue you a replacement terminal.

Of course, if you're running a ThriftCart, we'd encourage you to check out our software and our payment processing partners, Worldpay Integrated Payments by FIS and CardConnect by First Data. The integrations that we have with those two providers use terminals manufactured by Verifone (a US-based company) and Ingenico (a French company). Click here to schedule an appointment to talk with us so we can talk about secure payment processing

How do I know if I have a PAX terminal?

PAX Terminals are typically clearly marked with their branding. Their logo is two interlinking italicized circles, followed by the word PAX. Some PAX model numbers are the A30, A35, A50, A60, A77, A80, A910, A920, A920Pro, A930, Aries6, Aries8, IM30, M30, E500, E600 Mini, E700, E800, D135, and D230.

The bottom line.

At this point, no wrongdoing has been proven and it is still permissible (as of October 27, 2021) to use PAX terminals to process card transactions. However, there are indications from law enforcement that PAX is under investigation, and there are anonymous sources stating that they have found evidence of PAX terminals transmitting data in a manner inconsistent with standard practices. Additionally, as the public hears more about this case, members of the public may become reluctant to insert their payment cards into PAX terminals. Therefore, it might be advisable to request an alternative terminal from your card processing company. (Or if you are a thrift or reuse store, please consider ThriftCart and our integrated card processing partners as an alternative.)