FBI raids HQ of Chinese company that may have hacked credit cards

Business & Technology

Matthew Silberman
PAX Technology is one of the largest global providers of point-of-sale terminals — the payment machines that read millions of credit cards every day. Now, it’s under scrutiny for what it does with that data:

  • The company’s card readers may be carrying malware and used to launch cyberattacks, according to Chris Krebs, a reputable cybersecurity journalist who discovered the 2013 Target hack affecting 40 million credit cards.
  • PAX has nearly twice as many machines as competitors, with around 60 million devices deployed worldwide compared to Verifone’s 36 million and Ingenico’s 35 million.
  • The U.S. represents only about 10% of PAX’s revenue; its biggest foreign market is Latin America, and it makes most of its money in China, according to a recent filing.

Why it matters: Point-of-sale breaches are nothing new, but it’s bad news when the company you trust with your credit card data is accused of…hacking credit card data.

  • The FBI and Homeland Security raided PAX’s U.S. office in Florida after a major U.S. payments processor noticed suspicious data sent from PAX devices, Krebs reported.
  • It’s unclear if that payments processor was FIS, one of the largest in the world, which just announced it is replacing PAX devices in its network over security concerns.
  • PAX’s shares dropped 43.3% and suspended trading in Hong Kong after the news came out.

Key question: With millions of Americans about to swipe their cards during the holiday shopping season, are PAX terminals a cause for concern? Will we see a widespread rip-and-replace effort à la Huawei?

Matthew Silberman is Contributor, SupChina A.M.

