Older Point-of-Sale Terminals Have Vulnerabilities Against Hackers

Advertiser Disclosure

Last updated on February 20th, 2024

Point-of-sale vulnerabilities can affect millions of terminals for merchants and customers. This threat of attack potentially places consumers at risk of data theft and credit card fraud. This claim is the assessment of cybersecurity experts at the recent Black Hat EU security conference. Here is what you need to know:

Cybersecurity Experts Highlight Mobile Payment Threats

Speaking at the recent Black Hat Europe security conference, cybersecurity researchers Timur Yunosov and Aleksei Stennikov highlighted a growing threat by data thieves to mobile payment devices. The experts identified point-of-sale payment terminals as the biggest threat – especially those made by Verifone and Ingenico.

Older Point-of-Sale Terminals in Danger of Hacking

The main issue with point-of-sale (POS) devices is their reliance on default passwords. These passwords provide physical access to information via a “service menu.” Service menus provide basic functions that are vulnerable to malware. Thus, this weakness makes them easy targets for hackers. POS terminals encrypt credit card data. However, that encryption occurs on the same terminal that is already potentially compromised with malware.

According to both experts, a hacker would only need five-to-ten minutes alone with a POS terminal to infect it with malware – potentially harming all customers using that device. Fortunately, many of these issues no longer pose a threat and are already fixed.

Only Legacy Point-of-Sale Vulnerabilities Impacted

A Verifone spokesperson was quick to note that a security patch already exists for the issue. In addition, many of the concerns relate to legacy devices. “The security firm has validated that our latest patches and software updates, which are available to all customers, remedy these vulnerabilities. Customers are currently in different phases of implementing these patches or software updates,” the spokesperson said in a statement to Forbes.

Ingenico, for its part, also stated the vulnerabilities are known – and no fraud has occurred to date. A spokesperson told Forbes that, “Different vulnerabilities impacting Ingenico POS Telium 2 terminal solutions have been identified. Proper security measures have been developed immediately to include suitable corrections after the vulnerabilities have been identified.” They continued, “Ingenico has not been made aware of any fraudulent access to payments data resulting from these vulnerabilities, already fully corrected.”

Featured photo by Sarah Pflug / Burst

Editorial Disclosure – The opinions expressed on BestCards.com's reviews, articles, and all other content on or relating to the website are solely those of the content’s author(s). These opinions do not reflect those of any card issuer or financial institution, and editorial content on our site has not been reviewed or approved by these entities unless noted otherwise. Further, BestCards.com lists credit card offers that are frequently updated with information believed to be accurate to the best of our team's knowledge. However, please review the information provided directly by the credit card issuer or related financial institution for full details.

About: Cory Santos
Cory Santos

Cory is the senior credit card editor at BestCards, specializing in everything credit card-related. He’s worked extensively with credit cards and other personal finance topics, including nearly five years at BestCards. Cory’s extensive knowledge is an essential part of the BestCards experience, helping readers to live their best financial lives with up-to-date insights and comprehensive coverage of all facets of the credit card space, including market trends, rewards guides, credit advice, and comprehensive credit card reviews.

Advertiser Disclosure

BestCards is an independent, Florida-based credit card comparison platform. Many of the card offers that appear on this site are from companies from which BestCards receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). BestCards does not include all card companies or all card offers available in the marketplace.