Thousands Of PIN Pads Shut Down, But It’s Not A Breach

An East Coast supermarket chain opened for business on Dec. 8, only to find all of its payment terminals unresponsive — and it wasn’t alone. Last week, several thousand Hypercom payment card terminals at retailers across the country suddenly stopped working because of the expiration of a cryptographic certificate used in the devices, according to Krebs on Security.

The devices used a security certificate created in 2004 that had a 10-year expiry date, according to Equinox Payments in Scottsdale, Ariz., the company that now owns the Hypercom brand. The shutdown of the devices — the screens went completely blank — was triggered by power-cycling or rebooting the devices, which some retailers do daily.

“The security mechanism was triggered by the rollover of the date and not by any attack on or breach of the terminal,” said Stuart Taylor, VP of payment solutions at Equinox.

It’s not clear why the company didn’t warn merchants of the impending shutdown. But Hypercom was acquired by another major payment-terminal vendor, Verifone, in 2011, which spun off various parts as Spire Payments and Equinox. That may have made tracking older models less top-of-mind for the company.

One retailer whose terminals shut down said its technicians spent three days trying to restore the devices. “I use two different generations of their terminals and have spent the last three days trying to understand completely why I had zero impact,” a source at the retailer told blogger Brian Krebs. “Mass extinction of my POS devices at the manufacturer level was never on my list of scenarios that would wreck my day at retail. It is now.”


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

Click to comment