Sorry, but this doesn't sound as true or there is huge mistakes done in choosing supply chain for such sensitive matter.
How come company keep ordering devices from some unverified sources from China, and after hitting a wall keep doing same?
How do you accept shipment of such devices without randomly opening and inspecting sample(yes losing all data, but electronic inspection can be done).
How you didn't investigate that with Visa/Mastercard? Whoever does that, he will lose his payment terminal certification after such incident, because they will track them down by IC serials very quickly.
What if vendor changed power supply board or even components type on it, and your momentum or weight test will make false positive?
Unless... your employer or you buy single devices, on demand, from some shady aliexpress seller. But then, it is plain suicide.
While it may sound sensational this was more of an operational issue, really. We were told by Visa and Mastercard that it is not even a question if we are going to be targeted. If you work in payment card industry you are constantly being attacked and the only way is to make it part of the process to deal with those things. Our network was hacked but what was important was tight, almost mathematical processes around protecting very specific material like credit card data and PINs.
For example, PINs are only ever being in unencrypted form inside of Hardware Security Modules and only for the purpose of being encrypted with Visa/Mastercard exchange keys. The process was designed so that nobody has enough access to ever get enough cryptographic material to be able to decrypt anything, at least two or three people would have to collude to do anything.
It also happens that we put all our resources in investment in software for the platform locking ourselves in. It would be rash decision to change the platform and it would probably kill our company. Also we (correctly) gambled that it would be dealt with quickly.
Look, there are enough supply chain problems with counterfeits already, you don’t want to start thinking about malicious implants. Just google for it, it’s massive
