Chinese POS terminal provider PAX Technology is at the centre of a security scare that has seen the FBI raid its Florida offices and payments processor Worldpay replace its devices.
Earlier this week, the FBI raided a Jacksonville PAX Technology warehouse, executing a court-authorised search as part of an investigation.
According to security blogger Brian Krebs, the raid is linked to concerns that PAX’s devices may have been involved in cyberattacks on firms in the US and EU.
Citing sources, Krebs says that the FBI began an investigation after an unnamed US payments processor raised questions about unusual network packets originating from PAX’s terminals. The terminals appear to have been used as a “malware dropper” and as “command-and-control” centres for carrying out attacks.
Bloomberg has since reported that FIS-owned Worldpay has begun replacing PAX terminals with devices from Verifone and Ingenico after PAX failed to give satisfactory answers “regarding its POS devices connecting to websites not listed in their supplied documentation”.
A FIS spokesperson told Bloomberg that there is no evidence that data running through PAX devices has been compromised but it is replacing the terminals, which are used by fewer than five per cent of its clients.
Meanwhile, PAX has issued a statement saying that it is “not aware of any illegal conduct by it or its employees,” and that it takes “security very seriously”.