Advertiser Disclosure Editorial Disclosure

Older Point-of-Sale Terminals Have Vulnerabilities Against Hackers

Last updated on January 14th, 2021

Point-of-sale vulnerabilities can affect millions of terminals for merchants and customers. This threat of attack potentially places consumers at risk of data theft and credit card fraud. This claim is the assessment of cybersecurity experts at the recent Black Hat EU security conference. Here is what you need to know:

Cybersecurity Experts Highlight Mobile Payment Threats

Speaking at the recent Black Hat Europe security conference, cybersecurity researchers Timur Yunosov and Aleksei Stennikov highlighted a growing threat by data thieves to mobile payment devices. The experts identified point-of-sale payment terminals as the biggest threat – especially those made by Verifone and Ingenico.

Older Point-of-Sale Terminals in Danger of Hacking

The main issue with point-of-sale (POS) devices is their reliance on default passwords. These passwords provide physical access to information via a “service menu.” Service menus provide basic functions that are vulnerable to malware. Thus, this weakness makes them easy targets for hackers. POS terminals encrypt credit card data. However, that encryption occurs on the same terminal that is already potentially compromised with malware.

According to both experts, a hacker would only need five-to-ten minutes alone with a POS terminal to infect it with malware – potentially harming all customers using that device. Fortunately, many of these issues no longer pose a threat and are already fixed.

Only Legacy Point-of-Sale Vulnerabilities Impacted

A Verifone spokesperson was quick to note that a security patch already exists for the issue. In addition, many of the concerns relate to legacy devices. “The security firm has validated that our latest patches and software updates, which are available to all customers, remedy these vulnerabilities. Customers are currently in different phases of implementing these patches or software updates,” the spokesperson said in a statement to Forbes.

Ingenico, for its part, also stated the vulnerabilities are known – and no fraud has occurred to date. A spokesperson told Forbes that, “Different vulnerabilities impacting Ingenico POS Telium 2 terminal solutions have been identified. Proper security measures have been developed immediately to include suitable corrections after the vulnerabilities have been identified.” They continued, “Ingenico has not been made aware of any fraudulent access to payments data resulting from these vulnerabilities, already fully corrected.”

Related Article: Ten Ways to Stay Protected Against Credit Card Fraud

Featured photo by Sarah Pflug / Burst
About: Cory
Cory Santos

Cory is's "Jack of all trades" and resident credit expert, covering all facets of the credit card space. In addition to credit cards, Cory finds that jogging, cats, and memes are essential parts of a balanced day.