Saturday, 15 Jun 2024

This Code Can Hack Nearly Every Credit Card Machine in the Country


In today’s digital age, cybersecurity is of utmost importance. Unfortunately, a shocking discovery has been made in the world of credit card machines. According to researchers at cybersecurity firm Trustwave, a staggering 90% of credit card readers currently use the same default password. This default code, which has been in place since 1990, is easily accessible through a quick Google search. Hackers can exploit this vulnerability to gain complete control of a store’s credit card readers, putting customers’ payment data at risk. This alarming revelation highlights the pressing need for enhanced security measures in the retail industry.

Verifone card reader from 1999
A Verifone card reader from 1999.

The Problem of Default Passwords

The issue lies in the chain of responsibility for credit card machines. Device manufacturers sell machines to distributors, who then sell them to retailers. Unfortunately, no one in this process takes the initiative to update the default password. As Trustwave executive Charles Henderson explains, “No one is changing the password when they set this up for the first time; everybody thinks the security of their point-of-sale is someone else’s responsibility.” This lack of accountability makes it exceedingly easy for criminals to exploit this vulnerability.

Tham Khảo Thêm:  How to Fix "Verification Required" for Apps Downloads on iPhone and iPad

The Potential Consequences

With administrative access to credit card readers, hackers can infect the machines with malware designed to steal customers’ payment data. This has far-reaching implications, as demonstrated by the infamous hacks at Target and Home Depot. Retailers must recognize the gravity of this issue and take immediate action to ensure the security of their point-of-sale systems.

The Role of Machine Manufacturers

While the majority of affected machines are made by Verifone, Trustwave asserts that other major terminal makers face similar vulnerabilities. Verifone, for its part, states that a default password alone cannot infect their terminals with malware. However, the company advises retailers to change the default password as a precautionary measure. Furthermore, new Verifone devices now come with passwords that expire, adding an extra layer of security.

Retailers’ Responsibility

Ultimately, the responsibility for securing credit card machines lies with retailers and their vendors. Retailers must prioritize the security of their point-of-sale systems, just as they prioritize other aspects of their business. Machine resellers, too, should play an active role in helping retailers secure their machines. Trustwave emphasizes that retailers often prioritize aesthetics over security, which is a dangerous oversight.

Frequently Asked Questions

  • Q: How widespread is the use of default passwords in credit card machines?
    A: According to Trustwave, approximately 90% of credit card readers currently employ the same default password.

  • Q: Can hackers gain complete control of credit card readers using this default password?
    A: Yes, hackers can exploit this vulnerability to gain administrative access to credit card readers, potentially allowing them to steal customers’ payment data.

  • Q: Which credit card machine manufacturers are affected by this issue?
    A: While Verifone is predominantly affected, Trustwave suggests that all major terminal makers face a similar vulnerability.

  • Q: What should retailers and machine resellers do to address this issue?
    A: Retailers should change the default password on their credit card machines to enhance security. Machine resellers should actively assist retailers in this process to ensure the safety of their point-of-sale systems.

Tham Khảo Thêm:  Unlock OnlyFans for Free: Top 5 OnlyFans Viewers and Safety Concerns


The use of default passwords in credit card machines poses a significant threat to the security of customer payment data. Retailers must recognize the importance of securing their point-of-sale systems and take immediate action. By changing default passwords and implementing robust security measures, retailers can protect themselves and their customers from potential hacking incidents. It is crucial for the retail industry to prioritize cybersecurity to maintain customer trust and safeguard sensitive information. For more information on cybersecurity and industry trends, visit Eireview.