Major credit card machine company used the same password for two decades

A new report reveals that a major credit card point of sale device manufacturer used the same password in all of their terminals since the 1990s.

Researchers David Byrne and Charles Henderson, who compiled the report which was published at the RSA Conference in San Francisco, would not disclose the name of the vender but did release the password: 166816.

According to the duo, that password is still in use on 90 percent of the terminals they see from that vendor, largely due to the fact that customers think that the password is device specific.

After the news broke, several news outlets reported that an internet search revealed that the password is a default on several Verifone models. The company, who has 27 million devices in operation in 150 countries, confirmed through a statement that all of their devices use the same default password, but said that password was Z66831. 

Verifone explained that the password is used to configure specific device settings and is readily available online with instructions on programing the device. They claimed that payment information or other personal information could not be captured through knowledge of the password.

"It is not possible to enter malware just by knowing passwords," Verifone said in the statement.

Verifone went on to say that it strongly encourages their customers to change the default passwords. Newer devices come with an expired password, which requires users to change it as part of the setup process.

If you are in need of new payment processor software for your business, be sure to contact us today. Take a look at the rest of our website to learn more about the high-quality products that we carry.

Scroll to Top