MONTREAL — Moneris, one of Canada’s largest payments companies, says it is sticking with a key hardware vendor amid reports that the supplier’s systems may have been used to launch cyberattacks in the U.S. and EU.

Moneris investigated potential security concerns around point-of-sale terminals produced for the company by Pax Technology, a division of Pax Global, a Shenzhen, China-based manufacturer of payments hardware and software, but concluded that Moneris’s devices weren’t affected, Moneris spokesperson Scott Tabachnick told The Logic.

“While we regularly review and investigate devices used by Moneris for potential security issues, we have since carried out a detailed investigation of the Pax device—both internally and in conjunction with Pax,” Tabachnick said. “Based on our investigation, we believe the device continues to meet all payment card industry security standards, and is not affected by any of the reported issues.”

Toronto-based Moneris, a joint venture between BMO and RBC, is Canada’s largest payments company by transactions processed, powering roughly one in three transactions in the country, according to the company. Pax Technology produces the hardware for its Moneris Go terminal, a point-of-sale device launched in September 2020.

Moneris began looking into potential security issues with its Pax-made devices after a report from cybersecurity-news site KrebsOnSecurity that U.S. officials had raided Pax’s Jacksonville office on Oct. 26 in connection with a federal investigation, Tabachnick said. 

KrebsOnSecurity also reported that the FBI and MI5, the U.K.’s domestic counterintelligence agency, were looking into whether the company’s systems had been involved in attacks on organizations in the U.S. and EU. 

Two major financial institutions in the U.S. and U.K. had begun pulling Pax terminals from their networks over security concerns, according to KrebsOnSecurity. Bloomberg later reported that Worldpay, the online payment-processing unit of FIS, had dropped Pax. 

A senior Pax executive in Florida who oversaw security also resigned after the raids from law enforcement, Bloomberg reported.

In a statement on Oct. 29, Cheung Shi Yeung, company secretary for Pax Global Technology, said the firm’s devices meet industry standards on cybersecurity.

“As far as the board is aware based on due enquiries, as of the date of this announcement, there have neither been any reported cyberattack incidents nor cyberattack complaints, including any breach of security protocols, against Pax products and services anywhere in the world,” Cheung said.

In a statement to The Logic, the RCMP said it hadn’t received any reports of cyberattacks in Canada linked to Pax Technology, though it said it couldn’t speak for other Canadian law-enforcement agencies. It would offer no further information, citing a policy of not commenting on investigations conducted by other countries.

Moneris sells a variety of point-of-sale and payments processing products, including software for e-commerce providers and terminals for credit- and debit-card transactions.

The Moneris Go point-of-sale device is its first smart terminal, with features such as 4G connectivity and third-party app integration.

Update: The RCMP responded to The Logic‘s request for comment after this story’s publication. It has been updated to include their response.