Page 18 - GS211102
P. 18
Views
The very point of salery point of sale collaborations were well underway before COVID-19
The ve
inspired us to use our platform to help neighbors, merchants
and each other survive a global business shutdown. In
our payments ecosystem, when a member gets hurt, we
are all impacted. We have stood together against supply
chain challenges and natural and economic disasters. Why
stop now, when one of our leading manufacturers is under
attack? Few facts are available regarding accusations
against PAX Technology, only that some machines may
have been compromised.
Give PAX a chance Avoid mob mentality
vulnerability in a credit card terminal. At the 2020 Black
By Dale S. Laszig This is not the first time someone has publicized a
DSL Direct LLC Hat EU conference, Verifone and Ingenico were cited for
vulnerabilities in select legacy models, which both firms
hen payment data is compromised, it is promptly rebutted. If we allow merchants to succumb to a
rarely a personal heist. Bad guys crack mob mentality and aggressively swap out PAX equipment
a safe filled with millions of credentials, for other brands, it would be a wasted effort for them
W which they market, exploit and ravage. and for us. It would be far more prudent to let PAX, a
Occasionally, fraudsters will trip an alarm, setting off longstanding and proven technology partner, provide
advanced fraud detection systems that warn users of their guidance and oversight to help our merchants protect
bad intent. Other times, they go undetected for months, their existing infrastructure.
robbing data and credentials with impunity until a retailer
or financial institution makes an announcement from a We owe it to ourselves and to our customers to get
script we can recite from memory. more information before we act, or we could expose our
customers to another attack against a different hardware
Digital commerce is a spawning ground for competing platform. I learned this the hard way when my mobile
technologies, good and bad. Good tech strives to keep phone was hacked, and I ran to another mobile carrier,
us connected, protected, engaged and transacting. Bad only to be promptly hacked again before my new service
tech lurks behind familiar brand symbols, spraying and order was processed.
preying unceasingly, trying to rob us of our identities and Stand strong
money. Good and bad tech are playing an impersonal,
high stakes game. My recent experience as a victim in a large class of
impacted consumers was not all terrible. It showed me
Suspend judgment there are systems in place to help those affected navigate
Why do forensic investigations take months to complete? remediation, patch vulnerabilities and stay safe. It showed
Maybe it’s because bad actors are stealthy and have me what matters is not whether an individual or company
learned how to cover their tracks. It takes time to sift gets attacked; bad things happen to good people and are
through the minutiae of a compromised database, and no cause for shame. What matters is how the individual or
no two attacks are completely alike; each is tailored to company responds to the crisis. And from what I can see,
specific characteristics of a network, database and security PAX is doing everything right.
infrastructure.
Companies like PAX, with global reach and strong
Like all technology, there can be more to a POS system capitalization, will always be compelling targets for
than meets the eye. The worst thing we can do as a malicious parties. However, few facts are available about
payments community is generalize or rush to judgement. two recent high-profile incidents at PAX Technology.
The best thing we can do is stand together against all The first attack, reported by The Green Sheet on Sept.
types of attacks. Why give bad actors a chance to divide 10, 2021, involved a third-party developer citing a code
and conquer? vulnerability in the company’s S920 and D210 devices,
which PAX had previously addressed and patched. The
Embrace collaboration second attack, which The Green Sheet reported on Oct. 28,
2021, involved an FBI raid of the company’s Jacksonville,
The payments journey has become more collaborative in Fla., headquarters, ostensibly due to security concerns.
recent years; individual brands have learned that no one
company can be all things to all people. We've knocked Remain objective
down proprietary technology silos in favor of open-source
systems and APIs. We've shared ideas, technologies and In an Oct. 29, 2021 blog post, "PAX Technology
inspiration to advance payment card security, cross- announcement and resumption of trading," PAX
border commerce and global app marketplaces. These maintained that subsequent to the FBI raid, the company
18
