FBI raids HQ of Chinese company that may have hacked credit cards

A story from the The China Project A.M. newsletter. Sign up for free here.

Matthew Silberman Published October 28, 2021

PAX Technology is one of the largest global providers of point-of-sale terminals — the payment machines that read millions of credit cards every day. Now, it’s under scrutiny for what it does with that data:

The company’s card readers may be carrying malware and used to launch cyberattacks, according to Chris Krebs, a reputable cybersecurity journalist who discovered the 2013 Target hack affecting 40 million credit cards.
PAX has nearly twice as many machines as competitors, with around 60 million devices deployed worldwide compared to Verifone’s 36 million and Ingenico’s 35 million.
The U.S. represents only about 10% of PAX’s revenue; its biggest foreign market is Latin America, and it makes most of its money in China, according to a recent filing.

Why it matters: Point-of-sale breaches are nothing new, but it’s bad news when the company you trust with your credit card data is accused of…hacking credit card data.

The FBI and Homeland Security raided PAX’s U.S. office in Florida after a major U.S. payments processor noticed suspicious data sent from PAX devices, Krebs reported.
It’s unclear if that payments processor was FIS, one of the largest in the world, which just announced it is replacing PAX devices in its network over security concerns.
PAX’s shares dropped 43.3% and suspended trading in Hong Kong after the news came out.

Key question: With millions of Americans about to swipe their cards during the holiday shopping season, are PAX terminals a cause for concern? Will we see a widespread rip-and-replace effort à la Huawei?

Matthew Silberman is Contributor, ChinaEdge and Manager, Business and Technology Research at The China Project. Previously, he studied Chinese as a Blakemore Freeman fellow at the International Chinese Language Program in Taiwan. He has also been a speechwriter at the Wilson Center in Washington, D.C., a researcher for Evan Osnos, and an editor at the Korea JoongAng Daily in Seoul, South Korea. Read more

Suggested for you

Business & Technology

Cookie	Description
_gat	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
YSC	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Description
bcookie	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	This cookie is set by LinkedIn and used for routing.
PugT	This cookie is set by pubmatic.com. The purpose of the cookie is to check when the cookies were last updated on the browser in order to limit the number of calls to the server-side cookie store.

Cookie	Description
__gads	This cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_omappvp	The cookie is set to identify new vs returning users. The cookie is used in conjunction with _omappvs cookie to determine whether a user is new or returning.
_omappvs	The cookie is used to in conjunction with the _omappvp cookies. If the cookies are set, the user is a returning user. If neither of the cookies are set, the user is a new user.
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

Cookie	Description
__qca	This cookie is associated with Quantcast and is used for collecting anonymized data to analyze log data from different websites to create reports that enables the website owners and advertisers provide ads for the appropriate audience segments.
_fbp	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
everest_g_v2	The cookie is set under eversttech.net domain. The purpose of the cookie is to map clicks to other events on the client's website.
fr	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
mc	This cookie is associated with Quantserve to track anonymously how a user interact with the website.
personalization_id	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
PUBMDCID	This cookie is set by pubmatic.com. The cookie stores an ID that is used to display ads on the users' browser.
TDCPM	The cookie is set by CloudFare service to store a unique ID to identify a returning users device which then is used for targeted advertising.
TDID	The cookie is set by CloudFare service to store a unique ID to identify a returning users device which then is used for targeted advertising.
test_cookie	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.
uid	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
uuid	To optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
uuidc	This cookie is used to stores information about how the user uses the website such as what pages have been loaded and any other advertisement before visiting the website. This data is used to provide users with relevant ads.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Trending

Trending

FBI raids HQ of Chinese company that may have hacked credit cards

Suggested for you

China’s box office is making a comeback

IPO fever in Beijing with record-high listings in June

How Western companies are dealing with China’s data security laws

Great Wall Motors has made a risky and possibly premature bet on hydrogen cars

COVID can’t seem to touch China’s beer industry

China’s property sector is on shaky grounds but one company says its books are clean

Subscribe

About

Business Services

Advertise

Trending

Extended Navigation

Trending

Suggested for you