Recent events have put a spotlight on a new element of payments security—terminals. For those readers who may not have been following the news, federal law enforcement (FBI) recently raided the Florida offices of PAX Technology, a leading, Chinese-based payment terminal provider. The raid was first reported by Krebs on Security. Based on the information we currently have, both the FBI and MI5 began investigating the firm after a major US payment processor started asking the vendor questions about network packets originating from PAX’s point-of-sale terminals. The vendor, it would appear, did not provide satisfactory answers which only increased suspicion and led the processor to report the situation to authorities.
Based on information in the abovementioned Krebs on Security article, the FBI decided to raid the Florida offices after they received reports that PAX’s terminals may have been used to carry out cyberattacks on organizations in both the United States and European Union. If this turns out to be true, it could potentially mean a security catastrophe for many businesses, as PAX currently has more than 60 million point-of-sale terminals in 120 countries throughout the globe. The report also claims that two major financial providers (one in the U.S. and the other in the E.U.) have already begun pulling PAX terminals from their infrastructure. Meanwhile, PAX Technologies has issued a statement denying any illegal involvement.
You may be wondering how this affects your practice. Well, let's find out.
How to Figure Out If Your Practice’s Terminals Are Affected
When you consider the fact that there are millions of PAX terminals already in circulation, this would probably be a good time to figure out if your practice is using one. The simplest and most direct course of action would be to identify your terminal type and compare it by going to the company’s website and viewing their online list of PAX terminals. Keep in mind that, just because you have a PAX terminal, it does not 100 percent mean it is loaded with malware. However, it is definitely a possibility, and it will be up to you whether or not you are willing to take that risk.
What To Do if Your Terminals Are Affected
If you discover that your practice is, in fact, using PAX terminals, you might want to disconnect them from your systems for now (just to be on the safe side). You should then immediately contact your payments vendor to determine what their plans are for providing you with new, non-PAX terminals. If they do not plan to do so, it might be time to consider switching to a new provider for your payments solution.
There is a Lesson to Be Learned
Ask yourself this question—How much do you really know about your payments provider? Did you thoroughly investigate and vet the vendor before you chose them? And by this we mean not just researching their transaction rates and hardware costs. Because if you did not, how can you really know that your payments provider is trustworthy?
While the situation with PAX is indeed a scary one, there is a lesson to be learned here: Choosing a payments vendor, much like choosing an EHR provider, needs to be a decision based on trust. Because when it comes to your practice’s financial security, you can’t afford to have a payments vendor that cannot be trusted.
To learn more about how our secure, fully-integrated Nextech Payments solution can streamline financial operations at your practice, fill out this form and a member of our team will contact you shortly!