POS Vendor Uses Same Short, Numeric Password Non-Stop Since 1990

mask.of.sanity writes: Fraud fighters David Byrne and Charles Henderson say one of the world's largest Point of Sale systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password. Fraudsters would need physical access to the PoS in question to exploit it by opening a panel using a paperclip. But such physical PoS attacks are not uncommon and are child's play for malicious staff. Criminals won't pause before popping and unlocking. The enraged pair badged the unnamed PoS vendor by its other acronym labelling it 'Piece of S***t.

Re:useless story

[Hartree]

It's VeriFone. Anyone who's been a credit card terminal tech could tell you that. Hypercom has a well known default password as well. Any competent fraudster trying to reprogram the pad would know it as well.

They have to put in something at the factory, so they put in a default. It's supposed to be changed when the system is programmed and set up.

I used to have the default password for VeriFone's 101 pin pads in muscle memory due to having set up so many of them. (Yes, part of the setup was changing the default to something else.)