PAX is truly dedicated to protecting data safety and security. This expanded program is intended to give security researchers terms and conditions for conducting vulnerability discovery activities directed at the publicly accessible related department at PAX, including any product, system, or asset belonging to discovered vulnerabilities. We're committed to ensuring the safety and security of our systems, products, services, and customers. If questions arise, please take no action until that action is discussed with the VDP lead at PAX.
Submitting a Report
Please provide a detailed summary of the vulnerability, including type of issue, product, version, and configuration of software containing the bug. You shall be aware that you cannot compromise the privacy or safety of our customers and the operation of our services. Such activity will be treated as illegal. We support acts taken in good faith to discover and report vulnerabilities and commit to working with you to understand, confirm, and appropriately solve the vulnerability.
If you would like to disclose a vulnerability to PAX, send a report to VulnerabilityDisclosure@paxsz.com with the word [VULNERABILITY] in the subject line. It is also important that the email contains the following information:
Online Remote Key Injection (RKI) allows merchants serviced by acquiring banks & payment service providers to automatically, quickly and securely perform key injection directly at the point-of-sale.
PAX offers an industry certified, secure Remote Key Injection (RKI) service for the deployment of PIN keys and SRED data, such as point-to-point encryption (P2PE), to point of sale (POS) terminal hardware.
Dramatic cost reductions are achieved when keys are injected remotely. Savings on shipping & admin costs as terminals no longer move to and from a Key Injection Facility (KIF). And forget about the complexities of setting up your own secure room, what with really high costs of buying & maintaining expensive server equipment, employing specialized people, and performing mandatory re-certifications.
The PAX RKI service is more cost-effective, faster and a highly secure alternative to traditional Local Key Injection which physically takes place in a certified secure room.
Inject terminals instantly, in any country, with the PAX RKI Managed Service!
If you do not have your own in-house POS software developers, or are not already engaging with an existing PAX payment system integrator or channel partner, we can offer you application development as a paid service to help you with faster time-to-market.
You will need to send us a document detailing the set of specifications the software should be written against, along with the details of the host interface protocol to be connected to.
PAX offers a standard 1-year warranty on all products. Even though our terminals are reputed to have the lowest failure rates in the industry, we do offer extended warranty rates if required.
Our high-tech repair centres are located in Milan (for the EMEA region), in Florida (for North America) and in Hong Kong (for Asia). In-warranty, out-of-warranty and refurbishment repair services are offered.