The Hidden Risks of Buying Used Payment Terminals

There are few devices as important in a retail environment as a business’s payment terminal. As card payments continue to grow across the US, the ability to accept in-store card payments is a must for any retailer aiming to provide a great customer experience. While it’s worth noting the handheld extension of a POS is an incredibly advanced piece of technology, terminals have become increasingly difficult to acquire, due to supply chain issues. 

When new terminals are purchased, you can expect them to last several years as they securely accept swiped, inserted, or tap payments. Despite that dependability, payment terminals still have a limited shelf life. As manufacturers work with the payment industry to improve standards and features, support for older models ends as new devices are rolled out. 

Issues with global shortages of computer chips have hit the payments industry just as they’ve hit motor vehicles and other technology sectors. Most providers and manufacturers are speculating that new device delivery can be as far away as 18 months after your order is placed. 

Turning to the second-hand market can seem like a quick solution when you’ve been told your terminal is approaching the end of its life. But before you take to eBay or Craigslist, you need to understand the risks and hidden costs that come with your instantly available device. 

What are the Risks of Purchasing Used Terminals? 

The design and functionality for all payment terminals is based on PCI (Payment Card Industry) standards. For any business familiar with PCI, you’ll understand that partners and processors alike consider these rules to be foundational and non-negotiable. Any time you want to use a device to accept payments, that device requires certification to ensure PCI compliance. 

Every brand-new terminal you order will always be fully compliant right out of the box. Whereas with used terminals, no matter what a reseller may promise, compliance is a more complicated story.

Requiring chain of ownership 

Regardless of who produces a terminal, it must be injected with proprietary software that validates transactions. This service is free of charge for all new terminals regardless of how many are ordered, while injecting used terminals will come with a fee per device. Before a used terminal can be injected, organizations that care for terminals require a chain of custody or ownership whenever they add or update software. Validating a terminal’s continual use with a history of service from other reputable providers shows a device poses less risk to cardholders, your business, and their own injection process. This also means they view chain of ownership as more than a series of emails showing who bought what device from which business. 

Several of these companies consider chain of ownership exclusively through the lens of asset acquisition. More plainly, if you haven’t acquired an entire business or location, you don’t have chain of ownership over any terminals. Without this evidence, any company that prepares terminals for use will decline handling the device without recertifying that device’s compliance — at your own cost. 

Reacquiring device certification 

When payment terminal manufacturers such as Verifone or Ingenico produce a new terminal, they will automatically certify the device as compliant. Having maintained quality control over parts and assembly, certification acts as a type of warranty for the device’s use. Even if a device requires repair, working through approved partners can maintain certification. Without direct chain of custody, there are simply too many risks for partners and processors to maintain certification. 

Recertification requires that the terminal be shipped back to the original manufacturer for a full software wipe and physical examination. If there is evidence of tampering or reasons to suspect it, the cost of certification can quickly balloon to include part replacement. In a worst-case scenario, if there’s evidence of illegal tampering, your terminal will most likely be destroyed without refund or credit, sending you back to square one. 

The risks of tampering 

It’s no secret that payment terminals and financial technology are routine targets for fraud. Small programs that copy card data alongside key loggers can be well hidden inside or outside a terminal. The situation is made that much worse by the ability to forge seals and tamper-proof tape designed to protect terminals. For the average retailer, it can be next to impossible to tell the difference between a terminal that has been recently serviced and one with illegal tampering. 

The only time you’ll know for certain if a used device has been tampered with is after you’ve paid the money and taken the time to recertify your payment terminal. 

Terminals have become a minimum requirement for running a retail store. For owners and managers in need of a new terminal, a previously used device can seem appealing, especially in light of supply chain issues and the current chip shortage. The reality of these pre-owned devices is substantial risk and plenty of hidden costs that don’t guarantee you’ll be able to process sales. Payment processors worth their weight understand the complex issues at stake and will work with you to mitigate risk and keep your locations open for business. 

When you find out a terminal has reached the end of its life, reach out to your processor to make sure your device will be supported until your new terminal arrives. Remember, purchasing your terminal from a supplier or processor means no hidden fees or risk that the device won’t work out — even if it takes a little longer to arrive.