The Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released an update on the FBI raid on PAX USA headquarters in Jacksonville, FL:
At present, OCCIP does not believe that the use of PAX Technology devices poses unique risks to network security. PAX Technology maintains remote access to their point-of-sale devices, which is common within the retail payments industry as providers typically use this access to perform device maintenance. OCCIP is not aware of any attempt by PAX Technology to use their devices for disruptive or destructive purposes
The original story broken by Action News Jacksonville (who shares a parking lot with Pax) like with many news articles of today’s new world, caused a significant amount of speculation and fear mongering in the industry with some companies like FIS and PaySafe either removing Pax units from the field or halting the deployment of Pax devices. It’s pretty easy to argue that non-payments professionals would never have known about this had Action News not shared this parking lot with this company. A quick google of “pax fbi” doesn’t show much since the initial release.
Like so many other scares, this one seems to have been all bark and no bite as confirmed by the milquetoast announcement quietly published by OCCI, an investigative branch of the Treasury Department. Full text of the release can be found here.
While technically the investigation is ongoing, very little was seized from their Jacksonville operations facility and not a peep has been heard from the authorities since the raid. Safe to say, without the lust of the 24-hour news cycle to promote ad sales, it wasn’t worth pursuing the investigation fully without finding at least a smoking gun or two.
Pax is looking like a decent investment play as they’ve struggled to regain the market hit the day news was released about the raid.
As with everything on this site, it is my opinion and laced with a healthy dose of my personal viewpoints.